diff --git a/djangoldp_project/permissions.py b/djangoldp_project/permissions.py index 42faa306226ef39cea375ae6090257912b7b1559..2ed29609236c0376cb462d01401e5d4d7bbf24a7 100644 --- a/djangoldp_project/permissions.py +++ b/djangoldp_project/permissions.py @@ -1,4 +1,5 @@ from djangoldp.permissions import LDPPermissions +from rest_framework.exceptions import PermissionDenied # auxiliary function tests user is an admin for specified project @@ -38,10 +39,10 @@ class ProjectPermissions(LDPPermissions): # other members can perform GET only if request.method != 'GET': - return False + raise PermissionDenied(detail='You must be an admin to perform this action') if not Member.objects.filter(user=request.user, project=obj).exists(): - return False + raise PermissionDenied(detail='You must be a member of this project to perform this action') return super().has_object_permission(request, view, obj) @@ -61,7 +62,10 @@ class ProjectMemberPermissions(LDPPermissions): # only admins can add new members to a project if request.method == 'POST': obj = Model.resolve_id(request._request.path) - return is_user_admin_of_project(request.user, obj.project) + if is_user_admin_of_project(request.user, obj.project): + return True + else: + raise PermissionDenied(detail='You must be an admin to perform this action') return super().has_permission(request, view) @@ -76,11 +80,12 @@ class ProjectMemberPermissions(LDPPermissions): # I cannot remove myself if I am the last admin if obj.pk == request.user.pk: if obj.project.get_admins().count() == 1: - return False + raise PermissionDenied(detail='To leave this project, you must first set up a new administrator' + ' through the project panel') # I cannot remove another admin elif obj.is_admin: - return False + raise PermissionDenied(detail='You cannot remove another admin') return True