diff --git a/totem/circles/views.py b/totem/circles/views.py index e1451356..ca2dbea2 100644 --- a/totem/circles/views.py +++ b/totem/circles/views.py @@ -1,5 +1,6 @@ from django.contrib import messages from django.contrib.auth.decorators import login_required +from django.core.exceptions import PermissionDenied from django.http import Http404, HttpRequest from django.shortcuts import redirect, render from django.utils import timezone @@ -41,7 +42,7 @@ def detail(request, slug): def _circle_detail(request, user: User, circle: Circle, event): if not circle.published and not user.is_staff: - raise Http404 + raise PermissionDenied attending = False joinable = False diff --git a/totem/pages/views.py b/totem/pages/views.py index b963713b..ee77e740 100644 --- a/totem/pages/views.py +++ b/totem/pages/views.py @@ -5,6 +5,7 @@ from django.contrib.auth import get_user_model from django.contrib.auth.decorators import login_required from django.core.cache import cache +from django.core.exceptions import PermissionDenied from django.http import Http404 from django.shortcuts import redirect as django_redirect from django.shortcuts import render @@ -116,7 +117,7 @@ def redirect(request, slug): @login_required def redirect_qr(request, slug): if not request.user.is_staff: - raise Http404 + raise PermissionDenied try: redirect = Redirect.get_by_slug(slug) except Redirect.DoesNotExist: @@ -140,7 +141,7 @@ def home_redirect(request): @login_required def webflow_page(request, page=None): if not request.user.is_staff: - raise Http404 + raise PermissionDenied def _get(): return get_webflow_page(page) diff --git a/totem/templates/403.html b/totem/templates/403.html index e9d407ac..8a5025c8 100644 --- a/totem/templates/403.html +++ b/totem/templates/403.html @@ -5,10 +5,29 @@ {# djlint:on #} {% block content %}
-

403

+
+

+ + + +

+

You may not have access to this page.

+ {% if not request.user.is_authenticated %} +

+ Please log in and try again. +

+ {% else %} +

+ You can trying using a different account. Log in and try again. +

+ {% endif %}

- If you think this is a mistake, please contact us. + If you think this is a mistake, let us know.

{% endblock content %} diff --git a/totem/users/views.py b/totem/users/views.py index 0296c712..ecb4d883 100644 --- a/totem/users/views.py +++ b/totem/users/views.py @@ -26,7 +26,7 @@ def user_detail_view(request, slug): events = [e.next_event() for e in user.created_circles.all()[:10] if e.next_event()] return render(request, "users/user_detail.html", context={"user": user, "events": events}) except (User.DoesNotExist, ObjectDoesNotExist): - raise Http404 + pass raise Http404 @@ -39,7 +39,6 @@ class Meta: @login_required def user_redirect_view(request, *args, **kwargs): user = request.user - assert user.is_authenticated try: if user.onboard and user.onboard.onboarded: return redirect("users:dashboard")