error messages explaining why permission denied

6deb29e7 · Calum Mackervoy · 1a18bab0 · 6deb29e7
Commit 6deb29e7 authored Jan 08, 2020 by Calum Mackervoy
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 5 deletions

djangoldp_project/permissions.py djangoldp_project/permissions.py +10 -5

No files found.
--- a/djangoldp_project/permissions.py
+++ b/djangoldp_project/permissions.py
 from djangoldp.permissions import LDPPermissions
+from rest_framework.exceptions import PermissionDenied


 # auxiliary function tests user is an admin for specified project
@@ -38,10 +39,10 @@ class ProjectPermissions(LDPPermissions):

        # other members can perform GET only
        if request.method != 'GET':
-            return False
+            raise PermissionDenied(detail='You must be an admin to perform this action')

        if not Member.objects.filter(user=request.user, project=obj).exists():
-            return False
+            raise PermissionDenied(detail='You must be a member of this project to perform this action')

        return super().has_object_permission(request, view, obj)

@@ -61,7 +62,10 @@ class ProjectMemberPermissions(LDPPermissions):
        # only admins can add new members to a project
        if request.method == 'POST':
            obj = Model.resolve_id(request._request.path)
-            return is_user_admin_of_project(request.user, obj.project)
+            if is_user_admin_of_project(request.user, obj.project):
+                return True
+            else:
+                raise PermissionDenied(detail='You must be an admin to perform this action')

        return super().has_permission(request, view)

@@ -76,11 +80,12 @@ class ProjectMemberPermissions(LDPPermissions):
                # I cannot remove myself if I am the last admin
                if obj.pk == request.user.pk:
                    if obj.project.get_admins().count() == 1:
-                        return False
+                        raise PermissionDenied(detail='To leave this project, you must first set up a new administrator'
+                                                      ' through the project panel')

                # I cannot remove another admin
                elif obj.is_admin:
-                    return False
+                    raise PermissionDenied(detail='You cannot remove another admin')

            return True