diff --git a/etiquette/exceptions.py b/etiquette/exceptions.py index 9fd00c7..0597a15 100644 --- a/etiquette/exceptions.py +++ b/etiquette/exceptions.py @@ -151,6 +151,9 @@ class UsernameTooShort(InvalidUsername): class DisplayNameTooLong(EtiquetteException): error_message = 'Display name "{display_name}" is longer than maximum of {max_length}.' +class Unauthorized(EtiquetteException): + error_message = 'You\'re not allowed to do that.' + class WrongLogin(EtiquetteException): error_message = 'Wrong username-password combination.' diff --git a/frontends/etiquette_flask/backend/endpoints/user_endpoints.py b/frontends/etiquette_flask/backend/endpoints/user_endpoints.py index 5ea0fbc..c9eb6ad 100644 --- a/frontends/etiquette_flask/backend/endpoints/user_endpoints.py +++ b/frontends/etiquette_flask/backend/endpoints/user_endpoints.py @@ -38,11 +38,12 @@ def get_user_id_redirect(user_id): @site.route('/user//edit', methods=['POST']) def post_user_edit(username): session = session_manager.get(request) + if not session: - return jsonify.make_json_response({}, status=403) + return jsonify.make_json_response(etiquette.exceptions.Unauthorized().jsonify(), status=403) user = common.P_user(username, response_type='json') if session.user != user: - return jsonify.make_json_response({}, status=403) + return jsonify.make_json_response(etiquette.exceptions.Unauthorized().jsonify(), status=403) display_name = request.form.get('display_name') if display_name is not None: diff --git a/frontends/etiquette_flask/templates/user.html b/frontends/etiquette_flask/templates/user.html index 59744dd..f7060cf 100644 --- a/frontends/etiquette_flask/templates/user.html +++ b/frontends/etiquette_flask/templates/user.html @@ -103,7 +103,7 @@ function profile_ed_on_save(ed) } if ("error_type" in response.data) { - ed.show_error(response.data.error_message); + ed.show_error(`${response.data.error_type} ${response.data.error_message}`); return; }