Merge pull request #400 from Cadasta/bugfix/#369

Fixes #369 — Fixes permission denied redirects
Cadasta · Jul 12, 2016 · d3e1d82 · d3e1d82
2 parents 3f006e0 + 9382ae7
commit d3e1d82
Show file tree

Hide file tree

Showing 2 changed files with 177 additions and 1 deletion.
diff --git a/cadasta/core/mixins.py b/cadasta/core/mixins.py
@@ -1,5 +1,6 @@
 from django.contrib import messages
 from django.shortcuts import redirect
+from django.core.urlresolvers import reverse
 from django.utils.translation import gettext as _
 
 from tutelary import mixins
@@ -11,7 +12,34 @@ def handle_no_permission(self):
         messages.add_message(self.request, messages.WARNING,
                              msg[0] if len(msg) > 0 and len(msg[0]) > 0
                              else _("PERMISSION DENIED"))
-        return redirect(self.request.META.get('HTTP_REFERER', '/'))
+
+        referer = self.request.META.get('HTTP_REFERER')
+        redirect_url = self.request.META.get('HTTP_REFERER', '/')
+
+        if (referer and '/account/login/' in referer and
+                not self.request.user.is_anonymous()):
+
+            if 'organization' in self.kwargs and 'project' in self.kwargs:
+                redirect_url = reverse(
+                    'organization:project-dashboard',
+                    kwargs={'organization': self.kwargs['organization'],
+                            'project': self.kwargs['project']}
+                )
+                if redirect_url == self.request.get_full_path():
+                    redirect_url = reverse(
+                        'organization:dashboard',
+                        kwargs={'slug': self.kwargs['organization']}
+                    )
+
+            elif 'slug' in self.kwargs:
+                redirect_url = reverse(
+                    'organization:dashboard',
+                    kwargs={'slug': self.kwargs['slug']}
+                )
+                if redirect_url == self.request.get_full_path():
+                    redirect_url = reverse('core:dashboard')
+
+        return redirect(redirect_url)
 
 
 class LoginPermissionRequiredMixin(PermissionRequiredMixin,

diff --git a/cadasta/core/tests/test_mixins.py b/cadasta/core/tests/test_mixins.py
@@ -0,0 +1,148 @@
+from django.http import HttpRequest
+from django.contrib.messages.storage.fallback import FallbackStorage
+from django.core.urlresolvers import reverse
+
+from tutelary.models import assign_user_policies
+
+from organization.views import default as org_views
+from organization.tests.factories import ProjectFactory, OrganizationFactory
+from spatial.views.default import LocationsAdd
+from accounts.tests.factories import UserFactory
+from core.tests.base_test_case import UserTestCase
+
+
+class PermissionRequiredMixinTest(UserTestCase):
+    def test_login_redirect_to_original_referer(self):
+        user = UserFactory.create()
+        project = ProjectFactory.create()
+
+        view = LocationsAdd.as_view()
+
+        request = HttpRequest()
+        referer = '/organizations/{}/projects/{}'.format(
+            project.organization.slug,
+            project.slug
+        )
+        request.META['HTTP_REFERER'] = referer
+        setattr(request, 'user', user)
+        setattr(request, 'method', 'GET')
+
+        setattr(request, 'session', 'session')
+        self.messages = FallbackStorage(request)
+        setattr(request, '_messages', self.messages)
+
+        kwargs = {
+            'organization': project.organization.slug,
+            'project': project.slug
+        }
+
+        response = view(request, **kwargs)
+        assert response.status_code == 302
+        assert referer == response['location']
+
+    def test_login_redirect_to_project_dashboard(self):
+        user = UserFactory.create()
+        project = ProjectFactory.create()
+
+        view = LocationsAdd.as_view()
+
+        request = HttpRequest()
+        request.META['HTTP_REFERER'] = '/account/login/'
+        setattr(request, 'user', user)
+        setattr(request, 'method', 'GET')
+
+        setattr(request, 'session', 'session')
+        self.messages = FallbackStorage(request)
+        setattr(request, '_messages', self.messages)
+
+        kwargs = {
+            'organization': project.organization.slug,
+            'project': project.slug
+        }
+
+        exp_redirect = reverse('organization:project-dashboard', kwargs=kwargs)
+        response = view(request, **kwargs)
+        assert response.status_code == 302
+        assert exp_redirect == response['location']
+
+    def test_login_redirect_from_project_dashboard_to_org_dashboard(self):
+        user = UserFactory.create()
+        assign_user_policies(user, *[])
+        project = ProjectFactory.create()
+
+        view = org_views.ProjectDashboard.as_view()
+
+        request = HttpRequest()
+        request.META['HTTP_REFERER'] = '/account/login/'
+        setattr(request, 'user', user)
+        setattr(request, 'method', 'GET')
+
+        setattr(request, 'session', 'session')
+        self.messages = FallbackStorage(request)
+        setattr(request, '_messages', self.messages)
+
+        kwargs = {
+            'organization': project.organization.slug,
+            'project': project.slug
+        }
+
+        def get_full_path():
+            return '/organizations/{}/projects/{}/'.format(
+                project.organization.slug,
+                project.slug
+            )
+        setattr(request, 'get_full_path', get_full_path)
+
+        exp_redirect = reverse('organization:dashboard', kwargs={
+            'slug': project.organization.slug})
+        response = view(request, **kwargs)
+        assert response.status_code == 302
+        assert exp_redirect == response['location']
+
+    def test_login_redirect_to_organization_dashboard(self):
+        user = UserFactory.create()
+        org = OrganizationFactory.create()
+
+        view = org_views.OrganizationEdit.as_view()
+
+        request = HttpRequest()
+        request.META['HTTP_REFERER'] = '/account/login/'
+        setattr(request, 'user', user)
+        setattr(request, 'method', 'GET')
+
+        setattr(request, 'session', 'session')
+        self.messages = FallbackStorage(request)
+        setattr(request, '_messages', self.messages)
+
+        kwargs = {'slug': org.slug}
+
+        exp_redirect = reverse('organization:dashboard', kwargs=kwargs)
+        response = view(request, **kwargs)
+        assert response.status_code == 302
+        assert exp_redirect == response['location']
+
+    def test_login_redirect_from_org_dashboard_to_dashboard(self):
+        user = UserFactory.create()
+        assign_user_policies(user, *[])
+        org = OrganizationFactory.create()
+        view = org_views.OrganizationDashboard.as_view()
+
+        request = HttpRequest()
+        request.META['HTTP_REFERER'] = '/account/login/'
+        setattr(request, 'user', user)
+        setattr(request, 'method', 'GET')
+
+        setattr(request, 'session', 'session')
+        self.messages = FallbackStorage(request)
+        setattr(request, '_messages', self.messages)
+
+        kwargs = {'slug': org.slug}
+
+        def get_full_path():
+            return '/organizations/{}/'.format(org.slug)
+        setattr(request, 'get_full_path', get_full_path)
+
+        exp_redirect = reverse('core:dashboard')
+        response = view(request, **kwargs)
+        assert response.status_code == 302
+        assert exp_redirect == response['location']