Raise PermissionDenied instead of generic exception for non-owned items

Raising a generic exception generates a http 500 internal error and a stackdump. Instead raising PermissionDenied appopriately turns it into a http 403 forbidden response.
author: Magnus Hagander 2020-01-24 12:55:44 +0000
committer: Magnus Hagander 2020-01-24 12:55:44 +0000
commit: b59458e3ca650d97987d1c08026824d8c3bb354d (patch)
tree: 7cf8eadcd89293b6e5b8afe71a678e57e6581f19 /pgweb/util
parent: 6dca475a044ae650be24bfe2b2bf535141715f45 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/pgweb/util/helpers.py b/pgweb/util/helpers.py
index 460dd774..1b0e0ab4 100644
--- a/pgweb/util/helpers.py
+++ b/pgweb/util/helpers.py
@@ -1,4 +1,5 @@
 from django.shortcuts import render, get_object_or_404
+from django.core.exceptions import PermissionDenied
 from django.http import HttpResponseRedirect, Http404
 from django.template.loader import get_template
 from django.db import models
@@ -30,10 +31,10 @@ def simple_form(instancetype, itemid, request, formclass, formtemplate='base/for
             instance = get_object_or_404(instancetype, pk=itemid)
         if hasattr(instance, 'submitter'):
             if not instance.submitter == request.user:
-                raise Exception("You are not the owner of this item!")
+                raise PermissionDenied("You are not the owner of this item!")
         elif hasattr(instance, 'verify_submitter'):
             if not instance.verify_submitter(request.user):
-                raise Exception("You are not the owner of this item!")
+                raise PermissionDenied("You are not the owner of this item!")
 
     if request.method == 'POST':
         # Process this form
author	Magnus Hagander	2020-01-24 12:55:44 +0000
committer	Magnus Hagander	2020-01-24 12:55:44 +0000
commit	b59458e3ca650d97987d1c08026824d8c3bb354d (patch)
tree	7cf8eadcd89293b6e5b8afe71a678e57e6581f19 /pgweb/util
parent	6dca475a044ae650be24bfe2b2bf535141715f45 (diff)