Custom error pages

apps/permission/signals.py

@@ -2,6 +2,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.core.exceptions import PermissionDenied
+from django.utils.translation import gettext_lazy as _
 from note_kfet.middlewares import get_current_authenticated_user
 from permission.backends import PermissionBackend
 
@@ -57,13 +58,19 @@ def pre_save_object(sender, instance, **kwargs):
             if old_value == new_value:
                 continue
             if not PermissionBackend.check_perm(user, app_label + ".change_" + model_name + "_" + field_name, instance):
-                raise PermissionDenied
+                raise PermissionDenied(
+                    _("You don't have the permission to change the field {field} on this instance of model"
+                      " {app_label}.{model_name}.")
+                    .format(field=field_name, app_label=app_label, model_name=model_name, )
+                )
     else:
         # We check if the user has right to add the object
         has_perm = PermissionBackend.check_perm(user, app_label + ".add_" + model_name, instance)
 
         if not has_perm:
-            raise PermissionDenied
+            raise PermissionDenied(
+                _("You don't have the permission to add this instance of model {app_label}.{model_name}.")
+                .format(app_label=app_label, model_name=model_name, ))
 
 
 def pre_delete_object(instance, **kwargs):
@@ -88,4 +95,6 @@ def pre_delete_object(instance, **kwargs):
 
     # We check if the user has rights to delete the object
     if not PermissionBackend.check_perm(user, app_label + ".delete_" + model_name, instance):
-        raise PermissionDenied
+        raise PermissionDenied(
+            _("You don't have the permission to delete this instance of model {app_label}.{model_name}.")
+            .format(app_label=app_label, model_name=model_name))

apps/wei/views.py

@@ -661,7 +661,7 @@ class WEIDeleteRegistrationView(ProtectQuerysetMixin, LoginRequiredMixin, Delete
             return redirect(reverse_lazy('wei:wei_closed', args=(wei.pk,)))
 
         if not PermissionBackend.check_perm(self.request.user, "wei.delete_weiregistration", object):
-            raise PermissionDenied
+            raise PermissionDenied(_("You don't have the right to delete this WEI registration."))
 
         return super().dispatch(request, *args, **kwargs)
 

locale/de/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2020-04-25 15:52+0200\n"
+"POT-Creation-Date: 2020-04-25 19:12+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -868,6 +868,27 @@ msgstr ""
 msgid "role permissions"
 msgstr ""
 
+#: apps/permission/signals.py:62
+#, python-brace-format
+msgid ""
+"You don't have the permission to change the field {field} on this instance "
+"of model {app_label}.{model_name}."
+msgstr ""
+
+#: apps/permission/signals.py:72
+#, python-brace-format
+msgid ""
+"You don't have the permission to add this instance of model {app_label}."
+"{model_name}."
+msgstr ""
+
+#: apps/permission/signals.py:100
+#, python-brace-format
+msgid ""
+"You don't have the permission to delete this instance of model {app_label}."
+"{model_name}."
+msgstr ""
+
 #: apps/registration/apps.py:10
 msgid "registration"
 msgstr ""
@@ -1353,6 +1374,10 @@ msgstr ""
 msgid "You already opened an account in the Société générale."
 msgstr ""
 
+#: apps/wei/views.py:664
+msgid "You don't have the right to delete this WEI registration."
+msgstr ""
+
 #: apps/wei/views.py:763
 msgid "This user didn't give her/his caution check."
 msgstr ""
@@ -1375,6 +1400,50 @@ msgstr ""
 msgid "French"
 msgstr ""
 
+#: templates/400.html:6
+msgid "Bad request"
+msgstr ""
+
+#: templates/400.html:7
+msgid ""
+"Sorry, your request was bad. Don't know what could be wrong. An email has "
+"been sent to webmasters with the details of the error. You can now drink a "
+"coke."
+msgstr ""
+
+#: templates/403.html:6
+msgid "Permission denied"
+msgstr ""
+
+#: templates/403.html:7
+msgid "You don't have the right to perform this request."
+msgstr ""
+
+#: templates/403.html:10 templates/404.html:10
+msgid "Exception message:"
+msgstr ""
+
+#: templates/404.html:6
+msgid "Page not found"
+msgstr ""
+
+#: templates/404.html:7
+#, python-format
+msgid ""
+"The requested path <code>%(request_path)s</code> was not found on the server."
+msgstr ""
+
+#: templates/500.html:6
+msgid "Server error"
+msgstr ""
+
+#: templates/500.html:7
+msgid ""
+"Sorry, an error occurred when processing your request. An email has been "
+"sent to webmasters with the detail of the error, and this will be fixed "
+"soon. You can now drink a beer."
+msgstr ""
+
 #: templates/activity/activity_detail.html:29
 msgid "creater"
 msgstr ""

locale/fr/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2020-04-25 15:52+0200\n"
+"POT-Creation-Date: 2020-04-25 19:12+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -878,6 +878,33 @@ msgstr ""
 msgid "role permissions"
 msgstr "Permissions par rôles"
 
+#: apps/permission/signals.py:62
+#, python-brace-format
+msgid ""
+"You don't have the permission to change the field {field} on this instance "
+"of model {app_label}.{model_name}."
+msgstr ""
+"Vous n'avez pas la permission de modifier le champ {field} sur l'instance du "
+"modèle {app_label}.{model_name}."
+
+#: apps/permission/signals.py:72
+#, python-brace-format
+msgid ""
+"You don't have the permission to add this instance of model {app_label}."
+"{model_name}."
+msgstr ""
+"Vous n'avez pas la permission d'ajouter cette instance du modèle {app_label}."
+"{model_name}."
+
+#: apps/permission/signals.py:100
+#, python-brace-format
+msgid ""
+"You don't have the permission to delete this instance of model {app_label}."
+"{model_name}."
+msgstr ""
+"Vous n'avez pas la permission de supprimer cette instance du modèle "
+"{app_label}.{model_name}."
+
 #: apps/registration/apps.py:10
 msgid "registration"
 msgstr "inscription"
@@ -1387,6 +1414,10 @@ msgstr "Inscrire un 2A+"
 msgid "You already opened an account in the Société générale."
 msgstr "Vous avez déjà ouvert un compte auprès de la société générale."
 
+#: apps/wei/views.py:664
+msgid "You don't have the right to delete this WEI registration."
+msgstr "Vous n'avez pas la permission de supprimer cette inscription au WEI."
+
 #: apps/wei/views.py:763
 msgid "This user didn't give her/his caution check."
 msgstr "Cet utilisateur n'a pas donné son chèque de caution."
@@ -1409,6 +1440,59 @@ msgstr "Anglais"
 msgid "French"
 msgstr "Français"
 
+#: templates/400.html:6
+msgid "Bad request"
+msgstr "Requête invalide"
+
+#: templates/400.html:7
+msgid ""
+"Sorry, your request was bad. Don't know what could be wrong. An email has "
+"been sent to webmasters with the details of the error. You can now drink a "
+"coke."
+msgstr ""
+"Désolé, votre requête est invalide. Aucune idée de ce qui a pu se produire. "
+"Un e-mail a été envoyé aux responsables de la plateforme avec les détails de "
+"cette erreur. Vous pouvez désormais allez boire un coca."
+
+#: templates/403.html:6
+msgid "Permission denied"
+msgstr "Accès refusé"
+
+#: templates/403.html:7
+msgid "You don't have the right to perform this request."
+msgstr "Vous n'avez pas la permission d'exécuter cette requête."
+
+#: templates/403.html:10 templates/404.html:10
+msgid "Exception message:"
+msgstr "Message d'erreur :"
+
+#: templates/404.html:6
+msgid "Page not found"
+msgstr "Page inexistante"
+
+#: templates/404.html:7
+#, python-format
+msgid ""
+"The requested path <code>%(request_path)s</code> was not found on the server."
+msgstr ""
+"The  chemin demandé <code>%(request_path)s</code> n'a pas été trouvé sur le "
+"serveur."
+
+#: templates/500.html:6
+msgid "Server error"
+msgstr "Erreur du serveur"
+
+#: templates/500.html:7
+msgid ""
+"Sorry, an error occurred when processing your request. An email has been "
+"sent to webmasters with the detail of the error, and this will be fixed "
+"soon. You can now drink a beer."
+msgstr ""
+"Désolé, une erreur est survenue lors de l'analyse de votre requête. Un email "
+"a été envoyé aux responsables de la plateforme avec les détails de cette "
+"erreur, qui sera corrigée rapidement. Vous pouvez désormais aller boire une "
+"bière."
+
 #: templates/activity/activity_detail.html:29
 msgid "creater"
 msgstr "Créateur"

note_kfet/settings/development.py

@@ -62,10 +62,6 @@ CSRF_COOKIE_HTTPONLY = False
 X_FRAME_OPTIONS = 'DENY'
 SESSION_COOKIE_AGE = 60 * 60 * 3
 
-# CAS Client settings
-# Can be modified in secrets.py
-CAS_SERVER_URL = "http://localhost:8000/cas/"
-
 STATIC_ROOT = ''  # not needed in development settings
 STATICFILES_DIRS = [
     os.path.join(BASE_DIR, 'static')]

note_kfet/settings/production.py

@@ -51,6 +51,3 @@ CSRF_COOKIE_SECURE = False
 CSRF_COOKIE_HTTPONLY = False
 X_FRAME_OPTIONS = 'DENY'
 SESSION_COOKIE_AGE = 60 * 60 * 3
-
-# CAS Client settings
-CAS_SERVER_URL = "https://" + os.getenv("NOTE_URL", "note.example.com") + "/cas/"

note_kfet/urls.py

@@ -5,6 +5,7 @@ from django.conf import settings
 from django.conf.urls.static import static
 from django.contrib import admin
 from django.urls import path, include
+from django.views.defaults import bad_request, permission_denied, page_not_found, server_error
 from django.views.generic import RedirectView
 
 from member.views import CustomLoginView
@@ -45,3 +46,11 @@ if "debug_toolbar" in settings.INSTALLED_APPS:
     urlpatterns = [
         path('__debug__/', include(debug_toolbar.urls)),
     ] + urlpatterns
+
+
+handler400 = bad_request
+handler403 = permission_denied
+
+# Only displayed in production, when debug mode is set to False
+handler404 = page_not_found
+handler500 = server_error

templates/400.html

@@ -0,0 +1,8 @@
+{% extends "base.html" %}
+
+{% load i18n %}
+
+{% block content %}
+    <h1>{% trans "Bad request" %}</h1>
+    {% blocktrans %}Sorry, your request was bad. Don't know what could be wrong. An email has been sent to webmasters with the details of the error. You can now drink a coke.{% endblocktrans %}
+{% endblock %}

templates/403.html

@@ -0,0 +1,13 @@
+{% extends "base.html" %}
+
+{% load i18n %}
+
+{% block content %}
+    <h1>{% trans "Permission denied" %}</h1>
+    {% blocktrans %}You don't have the right to perform this request.{% endblocktrans %}
+    {% if exception %}
+        <div>
+            {% trans "Exception message:" %} {{ exception }}
+        </div>
+    {% endif %}
+{% endblock %}

templates/404.html

@@ -0,0 +1,13 @@
+{% extends "base.html" %}
+
+{% load i18n %}
+
+{% block content %}
+    <h1>{% trans "Page not found" %}</h1>
+    {% blocktrans %}The requested path <code>{{ request_path }}</code> was not found on the server.{% endblocktrans %}
+    {% if exception != "Resolver404" %}
+        <div>
+            {% trans "Exception message:" %} {{ exception }}
+        </div>
+    {% endif %}
+{% endblock %}

templates/500.html

@@ -0,0 +1,8 @@
+{% extends "base.html" %}
+
+{% load i18n %}
+
+{% block content %}
+    <h1>{% trans "Server error" %}</h1>
+    {% blocktrans %}Sorry, an error occurred when processing your request. An email has been sent to webmasters with the detail of the error, and this will be fixed soon. You can now drink a beer.{% endblocktrans %}
+{% endblock %}

templates/scripts/mail-error500.html

@@ -0,0 +1,2 @@
+{# The data is already sent as HTML, so we return only the HTML data. Devs don't need a pretty mail... #}
+{{ error }}

templates/scripts/mail-error500.txt

@@ -0,0 +1,7 @@
+Une erreur est survenue dans la Note Kfet. Les détails sont ci-dessous.
+
+Cordialement,
+
+L'équipe de la Note Kfet.
+
+{{ error }}