Show message when user has no permissions

Shows a warning messages to users who try to access restricted page. This bug can be simply fixed in middleware.py: if isinstance(exception, (exceptions.NotAuthorized, exceptions.NotAuthenticated)): if request.user.is_authenticated() and 'next' in request.GET: # a logged-in users gets NotAuthorized exception, # then just redirect to user_home instead of '?next=' But in the case when an user uses different logins(e.g for different projects), and wants to switch fast between them, trying to load an admin-only(or other restricted) page, then Dashboard will redirect them to their home page, and the user will have to sign-out first, then login again and load the desired page. With this fix however, the user will see a message, giving them a choice to login as different user, or to go to their 'home page' if they landed on the restricted page by error, allowing fast-switching between multiple accounts. Also, this will work fine with bookmarked pages. P.S. The html repr of the error message will probably need some improvements... Fixes bug 1053698 Change-Id: Id458af6c7bd90081fc95d339b32a3654878a927d
2012-10-14 12:08:11 +03:00 · 2012-10-14 12:08:11 +03:00 · 3e0f69da75
commit 3e0f69da75
parent 28f9edb2c3
3 changed files with 18 additions and 0 deletions
--- a/horizon/templates/auth/_login.html
+++ b/horizon/templates/auth/_login.html
@ -8,6 +8,15 @@

 {% block modal-body %}
  <fieldset>
+    {% if request.user.is_authenticated and 'next' in request.GET %}
+    <div class="control-group clearfix error">
+      <span class="help-inline"><p>{% trans "You don't have permissions to access:" %}</p>
+        <p><b>{{ request.GET.next }}</b></p>
+        <p>{% trans "Login as different user or go back to" %}
+        <a href="{% url horizon:user_home %}">{% trans "home page" %}</a></p>
+      </span>
+    </div>
+    {% endif %}
    {% if next %}<input type="hidden" name="{{ redirect_field_name }}" value="{{ next }}" />{% endif %}
    {% include "horizon/common/_form_fields.html" %}
  </fieldset>
--- a/horizon/test/tests/base.py
+++ b/horizon/test/tests/base.py
@ -253,6 +253,12 @@ class HorizonTests(BaseHorizonTests):
                               HTTP_X_REQUESTED_WITH='XMLHttpRequest')
        self.assertEqual(resp.status_code, 401)

+        # Test insufficient permissions for logged-in user
+        resp = self.client.get(panel.get_absolute_url(), follow=True)
+        self.assertEqual(resp.status_code, 200)
+        self.assertTemplateUsed(resp, "auth/login.html")
+        self.assertContains(resp, "Login as different user", 1, 200)
+
        # Set roles for admin user
        self.set_permissions(permissions=['test'])

--- a/horizon/test/urls.py
+++ b/horizon/test/urls.py
@ -31,6 +31,9 @@ import horizon

 urlpatterns = patterns('',
    url(r'', include(horizon.urls)),
+    url(r"auth/login/", "django.contrib.auth.views.login",
+        {'template_name': "auth/login.html"},
+        name='login'),
    url(r'auth/', include('django.contrib.auth.urls')),
    url(r'^qunit/$',
        TemplateView.as_view(template_name="horizon/qunit.html"),