commit a901798e36226e9f73a93b6942e7aa3107c80c65
author Mitja Nikolaus <mitja@fairphone.com> Wed Nov 21 12:14:45 2018 +0100
committer Mitja Nikolaus <mitja@fairphone.com> Wed Dec 05 13:34:49 2018 +0100
tree 17e05abe7d4b9bd7824e5e8fd4aceca4238717fb
parent e0e8377acd7002dba3e06c61a19bba282373c576

Return permission denied instead of redirecting in stats views

Return a 403 permission denied error if a user is not part of the
Fairphone staff group. This breaks the infinite redirect loop.

Issue: HIC-260
Change-Id: I682127c2165f826257a84b0bf246fc9fb86813ea

crashreport_stats/views.py

diff --git a/crashreport_stats/views.py b/crashreport_stats/views.py
index 07691df..9e097ec 100644
--- a/crashreport_stats/views.py
+++ b/crashreport_stats/views.py
@@ -1,5 +1,4 @@
 """Views for the Hiccup statistics."""
-
 from django.http import HttpResponse, Http404, HttpResponseRedirect
 from django.template import loader
 from django.contrib.auth.decorators import user_passes_test
@@ -7,8 +6,8 @@
 from django.contrib import messages
 from django.urls import reverse
 
+from crashreport_stats.permissions import check_user_is_hiccup_staff
 from crashreports.models import Device
-from crashreports.permissions import user_is_hiccup_staff
 
 
 class DeviceUUIDForm(forms.Form):
@@ -17,7 +16,7 @@
     uuid = forms.CharField(label="Device UUID:", max_length=100)
 
 
-@user_passes_test(user_is_hiccup_staff)
+@user_passes_test(check_user_is_hiccup_staff)
 def device_stats(request):
     """Respond with statistics for a specific device."""
     template = loader.get_template("crashreport_stats/device.html")
@@ -27,21 +26,21 @@
     return HttpResponse(template.render({"uuid": uuid}, request))
 
 
-@user_passes_test(user_is_hiccup_staff)
+@user_passes_test(check_user_is_hiccup_staff)
 def versions_all_overview(request):
     """Respond with the distribution of official release versions."""
     template = loader.get_template("crashreport_stats/versions.html")
     return HttpResponse(template.render({"is_official_release": "1"}, request))
 
 
-@user_passes_test(user_is_hiccup_staff)
+@user_passes_test(check_user_is_hiccup_staff)
 def versions_overview(request):
     """Respond with the distribution of non-official release versions."""
     template = loader.get_template("crashreport_stats/versions.html")
     return HttpResponse(template.render({"is_official_release": "2"}, request))
 
 
-@user_passes_test(user_is_hiccup_staff)
+@user_passes_test(check_user_is_hiccup_staff)
 def home(request):
     """Respond with a form for searching devices by UUID.