Implements a 403 error page (hedyorg#1344)

* creates 403 html page * creates 403 jpg image * updates 403 error redirection in website\teacher.py * Adds class retrieval error message Co-authored-by: Felienne <[email protected]>
aelhamah · Nov 21, 2021 · 3640a6f · 3640a6f
1 parent d1854e1
commit 3640a6f
Show file tree

Hide file tree

Showing 7 changed files with 37 additions and 6 deletions.
diff --git a/app.py b/app.py
@@ -538,10 +538,10 @@ def programs_page(request):
     from_user = request.args.get('user') or None
     if from_user and not is_admin(user):
         if not is_teacher(user):
-            return "unauthorized", 403
+            return utils.page_403 (TRANSLATIONS, render_main_menu('hedy'), username, g.lang, TRANSLATIONS.get_translations (g.lang, 'ui').get ('not_teacher'))
         students = DATABASE.get_teacher_students(username)
         if from_user not in students:
-            return "unauthorized", 403
+            return utils.page_403 (TRANSLATIONS, render_main_menu('hedy'), username, g.lang, TRANSLATIONS.get_translations (g.lang, 'ui').get ('not_enrolled'))
 
     texts=TRANSLATIONS.get_translations(g.lang, 'Programs')
     ui=TRANSLATIONS.get_translations(g.lang, 'ui')
@@ -1022,7 +1022,8 @@ def main_page(page):
                                    auth=TRANSLATIONS.get_translations(g.lang, 'Auth'), teacher_classes=teacher_classes,
                                    welcome_teacher=welcome_teacher, **front_matter)
         else:
-            return "unauthorized", 403
+            return utils.page_403 (TRANSLATIONS, render_main_menu('hedy'), current_user()['username'], g.lang, TRANSLATIONS.get_translations (g.lang, 'ui').get ('not_teacher'))
+
 
     return render_template('main-page.html', mkd=markdown, menu=menu, auth=TRANSLATIONS.get_translations(g.lang, 'Auth'), **front_matter)
 

diff --git a/coursedata/texts/en.yaml b/coursedata/texts/en.yaml
@@ -30,6 +30,7 @@ ui:
     commands_title: "Commands"
     by: "by"
     start_quiz: "Start quiz"
+    default_403: "Looks like you aren't authorized..."
     default_404: "We could not find that page..."
     default_500: "Something went wrong..."
     go_back_to_main: "Go back to the main page"
@@ -41,6 +42,9 @@ ui:
     no_such_program: "No such Hedy program!"
     invalid_teacher_invitation_code: "The teacher invitation code is invalid. To become a teacher, reach out to [email protected]."
     page_not_found: "We could not find that page!"
+    not_teacher: "Looks like you are not a teacher!"
+    not_enrolled: "Looks like you are not in this class!"
+    retrieve_class: "Only teachers can retrieve classes"
 ClientErrorMessages:
     Transpile_success:
       - "Good job!"

diff --git a/coursedata/texts/nl.yaml b/coursedata/texts/nl.yaml
@@ -30,7 +30,20 @@ ui:
     commands_title: "Commando's"
     by: "door"
     start_quiz: "Naar de quiz"
+    default_403: "Jij mag niet bij deze pagina"
+    default_404: "We konden deze pagina niet vinden"
+    default_500: "Oeps! Er ging iets mis..."
+    go_back_to_main: "Ga terug naar de hoofdpagina"
+    no_such_level: "Dit level bestaat niet!"
+    no_such_class: "Deze klas bestaat niet!"
+    invalid_class_link: "Ongeldige klassenlink"
+    no_such_adventure: "Dit avontuur bestaat niet"
+    no_such_adventure_level: "Dit level bestaat niet in dit avontuur"
+    no_such_program: "Dit programma bestaat niet!"
     invalid_teacher_invitation_code: "Deze leerkrachtenuitnodigingscode is niet geldig. Als je een nieuwe uitnodiging nodig hebt, neem dan contact op met [email protected]"
+    not_teacher: "Jij bent geen leraar!"
+    not_enrolled: "Jij zit niet in deze klas!"
+    retrieve_class: "Alleen leerkrachten mogen klassen openen"
     page_not_found: "We konden deze pagina niet vinden!"
 ClientErrorMessages:
     Transpile_success:

diff --git a/static/images/403.jpg b/static/images/403.jpg
diff --git a/templates/403.html b/templates/403.html
@@ -0,0 +1,7 @@
+{% extends "layout.html" %}
+
+{% block body %}
+  <div class="w-full text-center"><img class="inline-block" src="/images/403.jpg" style="width: 40%;"></div>
+  <div class="w-full text-center"><p class="text-lg font-bold">{{page_error or ui.default_403}}</p></div>
+  <div class="w-full text-center mt-8"><button class="green-btn" style="width: 40%;" onclick="window.location.href = '{{localize_link ('/')}}'">{{ui.go_back_to_main}}</button></div>
+{% endblock %}
diff --git a/utils.py b/utils.py
@@ -199,6 +199,11 @@ def markdown_to_html_tags(markdown):
     soup = BeautifulSoup(_html, 'html.parser')
     return soup.find_all()
 
+def page_403(translations, menu, lang, username, *page_error):
+    if page_error:
+        page_error = page_error[0]
+    return render_template("403.html", menu=menu, username=username, auth=translations.get_translations(lang, 'Auth'), ui=translations.get_translations(lang, 'ui'), page_error=page_error or ''), 403
+
 def page_404(translations, menu, lang, username, *page_error):
     if page_error:
         page_error = page_error[0]

diff --git a/website/teacher.py b/website/teacher.py
@@ -20,14 +20,15 @@ def routes (app, database):
     @requires_login
     def get_classes (user):
         if not is_teacher(user):
-            return 'Only teachers can retrieve classes', 403
+            return utils.page_403 (TRANSLATIONS, render_main_menu('hedy'), current_user()['username'], g.lang, TRANSLATIONS.get_translations (g.lang, 'ui').get ('retrieve_class'))
         return jsonify (DATABASE.get_teacher_classes (user ['username'], True))
 
     @app.route('/class/<class_id>', methods=['GET'])
     @requires_login
     def get_class (user, class_id):
+        app.logger.info('This is info output')
         if not is_teacher(user):
-            return 'Only teachers can retrieve classes', 403
+            return utils.page_403 (TRANSLATIONS, render_main_menu('hedy'), current_user()['username'], g.lang, TRANSLATIONS.get_translations (g.lang, 'ui').get ('retrieve_class'))
         Class = DATABASE.get_class (class_id)
         if not Class or Class ['teacher'] != user ['username']:
             return utils.page_404 (TRANSLATIONS, render_main_menu('my-profile'), current_user()['username'], g.lang, TRANSLATIONS.get_translations(g.lang, 'ui').get('no_such_class'))
@@ -166,7 +167,7 @@ def leave_class (user, class_id, student_id):
     @requires_login
     def get_class_info(user, class_id):
         if not is_teacher(user):
-            return 'Only teachers can retrieve classes', 403
+            return utils.page_403 (TRANSLATIONS, render_main_menu('hedy'), current_user()['username'], g.lang, TRANSLATIONS.get_translations (g.lang, 'ui').get ('retrieve_class'))
         Class = DATABASE.get_class(class_id)
         if not Class or Class['teacher'] != user['username']:
             return utils.page_404(TRANSLATIONS, render_main_menu('my-profile'), current_user()['username'], g.lang,