created dedicated not allowed view

misago/core/decorators.py

@@ -1,12 +1,10 @@
-from django.shortcuts import render
+from misago.core.errorpages import not_allowed
 
 
 def ajax_only(f):
     def decorator(request, *args, **kwargs):
         if not request.is_ajax():
-            response = render(request, 'misago/errorpages/wrong_way.html')
-            response.status_code = 405
-            return response
+            return not_allowed(request)
         else:
             return f(request, *args, **kwargs)
     return decorator
@@ -15,9 +13,7 @@ def ajax_only(f):
 def require_POST(f):
     def decorator(request, *args, **kwargs):
         if not request.method == 'POST':
-            response = render(request, 'misago/errorpages/wrong_way.html')
-            response.status_code = 405
-            return response
+            return not_allowed(request)
         else:
             return f(request, *args, **kwargs)
     return decorator

misago/core/errorpages.py

@@ -46,6 +46,12 @@ def csrf_failure(request, reason=""):
         return response
 
 
+def not_allowed(request):
+    response = render(request, 'misago/errorpages/405.html')
+    response.status_code = 405
+    return response
+
+
 # Decorators for custom error page handlers
 def shared_403_exception_handler(f):
     def page_decorator(request, *args, **kwargs):

misago/core/testproject/urls.py

@@ -13,6 +13,7 @@ urlpatterns += patterns('misago.core.testproject.views',
     url(r'^forum/test-valid-slug/(?P<model_slug>[a-z0-9\-]+)-(?P<model_id>\d+)/$', 'validate_slug_view', name='validate_slug_view'),
     url(r'^forum/test-403/$', 'raise_misago_403', name='raise_misago_403'),
     url(r'^forum/test-404/$', 'raise_misago_404', name='raise_misago_404'),
+    url(r'^forum/test-405/$', 'raise_misago_405', name='raise_misago_405'),
     url(r'^test-403/$', 'raise_403', name='raise_403'),
     url(r'^test-404/$', 'raise_404', name='raise_404'),
 )

misago/core/testproject/views.py

@@ -50,6 +50,10 @@ def raise_misago_404(request):
     raise Http404('Misago 404')
 
 
+def raise_misago_405(request):
+    return errorpages.not_allowed(request)
+
+
 def raise_403(request):
     raise PermissionDenied()
 

misago/core/tests/test_errorpages.py

@@ -31,6 +31,12 @@ class ErrorPageViewsTests(TestCase):
         self.assertEqual(response.status_code, 404)
         self.assertIn("Page not found", response.content)
 
+    def test_not_allowed_returns_405(self):
+        """not allowed error page has no showstoppers"""
+        response = self.client.get(reverse('raise_misago_405'))
+        self.assertEqual(response.status_code, 405)
+        self.assertIn("Wrong way", response.content)
+
 
 class CustomErrorPagesTests(TestCase):
     urls = 'misago.core.testproject.urlswitherrorhandlers'

misago/threads/views/generic/gotopostslist.py

@@ -1,6 +1,8 @@
 from django.core.exceptions import PermissionDenied
 from django.utils.translation import ugettext as _
 
+from misago.core.errorpages import not_allowed
+
 from misago.threads.views.generic.base import ViewBase
 
 
@@ -29,9 +31,7 @@ class ModeratedPostsListView(ViewBase):
         self.allow_action(thread)
 
         if not request.is_ajax():
-            response = render(request, 'misago/errorpages/wrong_way.html')
-            response.status_code = 405
-            return response
+            return not_allowed(request)
 
         posts_qs = self.exclude_invisible_posts(
             thread.post_set, request.user, forum, thread)

misago/threads/views/generic/post.py

@@ -2,10 +2,11 @@ from django.contrib import messages
 from django.core.exceptions import PermissionDenied
 from django.db.transaction import atomic
 from django.http import JsonResponse
-from django.shortcuts import redirect, render
+from django.shortcuts import redirect
 from django.utils.translation import ugettext as _
 
 from misago.acl import add_acl
+from misago.core.errorpages import not_allowed
 
 from misago.threads import permissions, moderation, goto
 from misago.threads.views.generic.base import ViewBase
@@ -26,9 +27,7 @@ class PostView(ViewBase):
 
     def dispatch(self, request, *args, **kwargs):
         if request.method != "POST" and self.require_post:
-            response = render(request, 'misago/errorpages/wrong_way.html')
-            response.status_code = 405
-            return response
+            return not_allowed(request)
 
         post = None
         response = None

misago/threads/views/generic/posting.py

@@ -1,11 +1,12 @@
 from django.contrib import messages
 from django.db.transaction import atomic
 from django.http import JsonResponse
-from django.shortcuts import redirect, render
+from django.shortcuts import redirect
 from django.utils import html
 from django.utils.translation import ugettext as _
 from django.views.generic import View
 
+from misago.core.errorpages import not_allowed
 from misago.core.exceptions import AjaxError
 from misago.forums.lists import get_forum_path
 
@@ -84,6 +85,9 @@ class PostingView(ViewBase):
         allow_edit_post(user, post)
 
     def dispatch(self, request, *args, **kwargs):
+        if not request.is_ajax():
+            return not_allowed(request)
+
         if request.method == 'POST':
             with atomic():
                 return self.real_dispatch(request, *args, **kwargs)
@@ -95,11 +99,6 @@ class PostingView(ViewBase):
         self.allow_mode(request.user, *mode_context)
         mode, forum, thread, post = mode_context
 
-        if not request.is_ajax():
-            response = render(request, 'misago/errorpages/wrong_way.html')
-            response.status_code = 405
-            return response
-
         forum.labels = Label.objects.get_forum_labels(forum)
         formset = EditorFormset(request=request,
                                 mode=mode,

misago/threads/views/privatethreads.py

@@ -3,10 +3,11 @@ from django.contrib.auth import get_user_model
 from django.core.exceptions import PermissionDenied
 from django.db.transaction import atomic
 from django.http import Http404, JsonResponse
-from django.shortcuts import get_object_or_404, redirect, render
+from django.shortcuts import get_object_or_404, redirect
 from django.utils.translation import ugettext as _, ungettext
 
 from misago.acl import add_acl
+from misago.core.errorpages import not_allowed
 from misago.core.exceptions import AjaxError
 from misago.core.uiviews import uiview
 from misago.forums.models import Forum
@@ -247,9 +248,7 @@ class ThreadParticipantsView(PrivateThreadsMixin, generic.ViewBase):
         thread = self.get_thread(request, **kwargs)
 
         if not request.is_ajax():
-            response = render(request, 'misago/errorpages/wrong_way.html')
-            response.status_code = 405
-            return response
+            return not_allowed(request)
 
         participants_qs = thread.threadparticipant_set
         participants_qs = participants_qs.select_related('user', 'user__rank')
@@ -273,9 +272,7 @@ class BaseEditThreadParticipantView(PrivateThreadsMixin, generic.ViewBase):
         thread = self.get_thread(request, lock=True, **kwargs)
 
         if not request.is_ajax():
-            response = render(request, 'misago/errorpages/wrong_way.html')
-            response.status_code = 405
-            return response
+            return not_allowed(request)
 
         if not request.method == "POST":
             raise AjaxError(_("Wrong action received."))