Better 403

totem/circles/views.py

@@ -1,5 +1,6 @@
 from django.contrib import messages
 from django.contrib.auth.decorators import login_required
+from django.core.exceptions import PermissionDenied
 from django.http import Http404, HttpRequest
 from django.shortcuts import redirect, render
 from django.utils import timezone
@@ -41,7 +42,7 @@ def detail(request, slug):
 
 def _circle_detail(request, user: User, circle: Circle, event):
     if not circle.published and not user.is_staff:
-        raise Http404
+        raise PermissionDenied
 
     attending = False
     joinable = False

totem/pages/views.py

@@ -5,6 +5,7 @@
 from django.contrib.auth import get_user_model
 from django.contrib.auth.decorators import login_required
 from django.core.cache import cache
+from django.core.exceptions import PermissionDenied
 from django.http import Http404
 from django.shortcuts import redirect as django_redirect
 from django.shortcuts import render
@@ -116,7 +117,7 @@ def redirect(request, slug):
 @login_required
 def redirect_qr(request, slug):
     if not request.user.is_staff:
-        raise Http404
+        raise PermissionDenied
     try:
         redirect = Redirect.get_by_slug(slug)
     except Redirect.DoesNotExist:
@@ -140,7 +141,7 @@ def home_redirect(request):
 @login_required
 def webflow_page(request, page=None):
     if not request.user.is_staff:
-        raise Http404
+        raise PermissionDenied
 
     def _get():
         return get_webflow_page(page)

totem/templates/403.html

@@ -5,10 +5,29 @@
 {# djlint:on #}
 {% block content %}
     <div class="pt-10">
-        <h1 class="text-9xl h1 text-center">403</h1>
+        <div class="m-auto">
+            <h1 class="text-9xl h1 text-center m-auto">
+                <svg width="128"
+                     height="128"
+                     class="inline-block m-auto"
+                     viewBox="0 0 24 24"
+                     xmlns="http://www.w3.org/2000/svg">
+                    <path fill="#000000" d="M6 22q-.825 0-1.413-.588T4 20V10q0-.825.588-1.413T6 8h1V6q0-2.075 1.463-3.538T12 1q2.075 0 3.538 1.463T17 6v2h1q.825 0 1.413.588T20 10v10q0 .825-.588 1.413T18 22H6Zm6-5q.825 0 1.413-.588T14 15q0-.825-.588-1.413T12 13q-.825 0-1.413.588T10 15q0 .825.588 1.413T12 17ZM9 8h6V6q0-1.25-.875-2.125T12 3q-1.25 0-2.125.875T9 6v2Z" />
+                </svg>
+            </h1>
+        </div>
         <p class="text-center mt-4 text-xl">You may not have access to this page.</p>
+        {% if not request.user.is_authenticated %}
+            <p class="text-center mt-4">
+                Please <a class="a" href="{% url 'users:login' %}?next={{ request.path }}">log in</a> and try again.
+            </p>
+        {% else %}
+            <p class="text-center mt-4">
+                You can trying using a different account. <a class="a" href="{% url 'users:login' %}?next={{ request.path }}">Log in</a> and try again.
+            </p>
+        {% endif %}
         <p class="text-center mt-4">
-            If you think this is a mistake, please <a class="a" href="mailto:{% settings_value 'EMAIL_SUPPORT_ADDRESS' %}">contact us</a>.
+            If you think this is a mistake, <a class="a" href="{% url "users:feedback" %}">let us know</a>.
         </p>
     </div>
 {% endblock content %}

totem/users/views.py

@@ -26,7 +26,7 @@ def user_detail_view(request, slug):
             events = [e.next_event() for e in user.created_circles.all()[:10] if e.next_event()]
             return render(request, "users/user_detail.html", context={"user": user, "events": events})
     except (User.DoesNotExist, ObjectDoesNotExist):
-        raise Http404
+        pass
     raise Http404
 
 
@@ -39,7 +39,6 @@ class Meta:
 @login_required
 def user_redirect_view(request, *args, **kwargs):
     user = request.user
-    assert user.is_authenticated
     try:
         if user.onboard and user.onboard.onboarded:
             return redirect("users:dashboard")