# HG changeset patch
# User David Douard <david.douard@logilab.fr>
# Date 1354015496 -3600
# Node ID d066ba3bb07d95d60b22b263000134288e898df8
# Parent 1a6000ff208045d4905e14a9db3550a3efc06cfe
[web] add a Forbidden exception
This is similar to the Unauthorized exception, but generates a 403 error
instead of a 401 (Unauthorized)
diff -r 1a6000ff2080 -r d066ba3bb07d _exceptions.py
--- a/_exceptions.py Tue Nov 27 11:38:03 2012 +0100
+++ b/_exceptions.py Tue Nov 27 12:24:56 2012 +0100
@@ -103,6 +103,10 @@
except Exception, ex:
return str(ex)
+class Forbidden(SecurityError):
+ """raised when a user tries to perform a forbidden action
+ """
+
# source exceptions ###########################################################
class EidNotInSource(SourceException):
diff -r 1a6000ff2080 -r d066ba3bb07d i18n/de.po
--- a/i18n/de.po Tue Nov 27 11:38:03 2012 +0100
+++ b/i18n/de.po Tue Nov 27 12:24:56 2012 +0100
@@ -864,6 +864,11 @@
msgid "This WorkflowTransition"
msgstr "Dieser Workflow-Übergang"
+msgid ""
+"This action is forbidden. If you think it should be allowed, please contact "
+"the site administrator."
+msgstr ""
+
msgid "This entity type permissions:"
msgstr "Berechtigungen für diesen Entitätstyp"
diff -r 1a6000ff2080 -r d066ba3bb07d i18n/en.po
--- a/i18n/en.po Tue Nov 27 11:38:03 2012 +0100
+++ b/i18n/en.po Tue Nov 27 12:24:56 2012 +0100
@@ -840,6 +840,11 @@
msgid "This WorkflowTransition"
msgstr "This workflow-transition"
+msgid ""
+"This action is forbidden. If you think it should be allowed, please contact "
+"the site administrator."
+msgstr ""
+
msgid "This entity type permissions:"
msgstr ""
diff -r 1a6000ff2080 -r d066ba3bb07d i18n/es.po
--- a/i18n/es.po Tue Nov 27 11:38:03 2012 +0100
+++ b/i18n/es.po Tue Nov 27 12:24:56 2012 +0100
@@ -865,6 +865,11 @@
msgid "This WorkflowTransition"
msgstr "Esta transición de Workflow"
+msgid ""
+"This action is forbidden. If you think it should be allowed, please contact "
+"the site administrator."
+msgstr ""
+
msgid "This entity type permissions:"
msgstr "Permisos para este tipo de entidad:"
diff -r 1a6000ff2080 -r d066ba3bb07d i18n/fr.po
--- a/i18n/fr.po Tue Nov 27 11:38:03 2012 +0100
+++ b/i18n/fr.po Tue Nov 27 12:24:56 2012 +0100
@@ -865,6 +865,13 @@
msgid "This WorkflowTransition"
msgstr "Cette transition workflow"
+msgid ""
+"This action is forbidden. If you think it should be allowed, please contact "
+"the site administrator."
+msgstr ""
+"Cette action est interdite. Si toutefois vous pensez qu'elle devrait être "
+"autorisée, veuillez contacter l'administrateur du site."
+
msgid "This entity type permissions:"
msgstr "Permissions pour ce type d'entité"
diff -r 1a6000ff2080 -r d066ba3bb07d web/application.py
--- a/web/application.py Tue Nov 27 11:38:03 2012 +0100
+++ b/web/application.py Tue Nov 27 12:24:56 2012 +0100
@@ -34,7 +34,8 @@
from cubicweb import set_log_methods, cwvreg
from cubicweb import (
- ValidationError, Unauthorized, AuthenticationError, NoSelectableObject,
+ ValidationError, Unauthorized, Forbidden,
+ AuthenticationError, NoSelectableObject,
BadConnectionId, CW_EVENT_MANAGER)
from cubicweb.dbapi import DBAPISession, anonymous_session
from cubicweb.web import LOGGER, component
@@ -470,6 +471,11 @@
'If you think you should, please contact the site administrator.')
req.status_out = httplib.UNAUTHORIZED
result = self.error_handler(req, ex, tb=False)
+ except Forbidden, ex:
+ req.data['errmsg'] = req._('This action is forbidden. '
+ 'If you think it should be allowed, please contact the site administrator.')
+ req.status_out = httplib.FORBIDDEN
+ result = self.error_handler(req, ex, tb=False)
except (BadRQLQuery, RequestError), ex:
result = self.error_handler(req, ex, tb=False)
### pass through exception