flows: improve _full template being used for stage_invalid

2020-09-19 02:15:07 +02:00 · 2020-09-19 02:15:07 +02:00 · d30abc64d0
parent 6674d3e017
commit d30abc64d0
3 changed files with 64 additions and 6 deletions
--- a/passbook/flows/templates/flows/denied_shell.html
+++ b/passbook/flows/templates/flows/denied_shell.html
@ -0,0 +1,57 @@
+{% extends 'login/base.html' %}
+
+{% load static %}
+{% load i18n %}
+{% load passbook_utils %}
+
+{% block card_title %}
+{% trans 'Permission denied' %}
+{% endblock %}
+
+{% block title %}
+{% trans 'Permission denied' %}
+{% endblock %}
+
+{% block card %}
+    <form method="POST" class="pf-c-form">
+        {% csrf_token %}
+        {% include 'partials/form.html' %}
+        <div class="pf-c-form__group">
+            <p>
+                <i class="pf-icon pf-icon-error-circle-o"></i>
+                {% trans 'Access denied' %}
+            </p>
+            {% if error %}
+            <hr>
+            <p>
+                {{ error }}
+            </p>
+            {% endif %}
+            {% if policy_result %}
+            <hr>
+            <em>
+                {% trans 'Explanation:' %}
+            </em>
+            <ul class="pf-c-list">
+                {% for source_result in policy_result.source_results %}
+                <li>
+                    {% blocktrans with name=source_result.source_policy.name result=source_result.passing %}
+                    Policy '{{ name }}' returned result '{{ result }}'
+                    {% endblocktrans %}
+                    {% if source_result.messages %}
+                    <ul class="pf-c-list">
+                        {% for message in source_result.messages %}
+                            <li>{{ message }}</li>
+                        {% endfor %}
+                    </ul>
+                    {% endif %}
+                </li>
+                {% endfor %}
+            </ul>
+            {% endif %}
+        </div>
+        {% if 'back' in request.GET %}
+        <a href="{% back %}" class="btn btn-primary btn-block btn-lg">{% trans 'Back' %}</a>
+        {% endif %}
+    </form>
+{% endblock %}
--- a/passbook/flows/views.py
+++ b/passbook/flows/views.py
@ -187,9 +187,11 @@ class FlowExecutorView(View):
        is a superuser."""
        LOGGER.debug("f(exec): Stage invalid", flow_slug=self.flow.slug)
        self.cancel()
-        response = AccessDeniedResponse(self.request)
+        response = AccessDeniedResponse(
+            self.request, template="flows/denied_shell.html"
+        )
        response.error_message = error_message
-        return response
+        return to_stage_response(self.request, response)

    def cancel(self):
        """Cancel current execution and return a redirect"""
--- a/passbook/policies/http.py
+++ b/passbook/policies/http.py
@ -18,10 +18,9 @@ class AccessDeniedResponse(TemplateResponse):
    error_message: Optional[str] = None
    policy_result: Optional[PolicyResult] = None

-    def __init__(self, request: HttpRequest) -> None:
-        # For some reason pyright complains about keyword argument usage here
-        # pyright: reportGeneralTypeIssues=false
-        super().__init__(request=request, template="policies/denied.html")
+    # pyright: reportGeneralTypeIssues=false
+    def __init__(self, request: HttpRequest, template="policies/denied.html") -> None:
+        super().__init__(request, template)
        self.title = _("Access denied")

    def resolve_context(