Added custom error pages

src/pretix/control/middleware.py

@@ -3,7 +3,7 @@ from urllib.parse import urlparse
 from django.conf import settings
 from django.contrib.auth import REDIRECT_FIELD_NAME
 from django.core.urlresolvers import get_script_prefix, resolve
-from django.http import HttpResponseNotFound
+from django.http import Http404
 from django.shortcuts import resolve_url
 from django.utils.encoding import force_str
 from django.utils.translation import ugettext as _
@@ -12,7 +12,6 @@ from pretix.base.models import Event, EventPermission, Organizer
 
 
 class PermissionMiddleware:
-
     """
     This middleware enforces all requests to the control app to require login.
     Additionally, it enforces all requests to "control:event." URLs
@@ -43,6 +42,7 @@ class PermissionMiddleware:
                     (not login_netloc or login_netloc == current_netloc)):
                 path = request.get_full_path()
             from django.contrib.auth.views import redirect_to_login
+
             return redirect_to_login(
                 path, resolved_login_url, REDIRECT_FIELD_NAME)
 
@@ -61,8 +61,8 @@ class PermissionMiddleware:
                 )
                 request.organizer = request.event.organizer
             except IndexError:
-                return HttpResponseNotFound(_("The selected event was not found or you "
-                                              "have no permission to administrate it."))
+                raise Http404(_("The selected event was not found or you "
+                                "have no permission to administrate it."))
         elif 'organizer' in url.kwargs:
             try:
                 request.organizer = Organizer.objects.current.filter(
@@ -70,5 +70,5 @@ class PermissionMiddleware:
                     permitted__id__exact=request.user.id,
                 )[0]
             except IndexError:
-                return HttpResponseNotFound(_("The selected organizer was not found or you "
-                                              "have no permission to administrate it."))
+                return Http404(_("The selected organizer was not found or you "
+                                 "have no permission to administrate it."))

src/pretix/control/permissions.py

@@ -1,4 +1,4 @@
-from django.http import HttpResponseForbidden
+from django.core.exceptions import PermissionDenied
 from django.utils.translation import ugettext as _
 
 from pretix.base.models import EventPermission, OrganizerPermission
@@ -13,7 +13,7 @@ def event_permission_required(permission):
         def wrapper(request, *args, **kw):
             if not request.user.is_authenticated():  # NOQA
                 # just a double check, should not ever happen
-                return HttpResponseForbidden()
+                raise PermissionDenied()
             try:
                 perm = EventPermission.objects.current.get(
                     event=request.event,
@@ -30,7 +30,7 @@ def event_permission_required(permission):
                     pass
                 if allowed:
                     return function(request, *args, **kw)
-            return HttpResponseForbidden(_('You do not have permission to view this content.'))
+            raise PermissionDenied(_('You do not have permission to view this content.'))
         return wrapper
     return decorator
 
@@ -57,7 +57,7 @@ def organizer_permission_required(permission):
         def wrapper(request, *args, **kw):
             if not request.user.is_authenticated():  # NOQA
                 # just a double check, should not ever happen
-                return HttpResponseForbidden()
+                raise PermissionDenied()
             try:
                 perm = OrganizerPermission.objects.current.get(
                     organizer=request.organizer,
@@ -74,7 +74,7 @@ def organizer_permission_required(permission):
                     pass
                 if allowed or request.user.is_superuser:
                     return function(request, *args, **kw)
-            return HttpResponseForbidden(_('You do not have permission to view this content.'))
+            raise PermissionDenied(_('You do not have permission to view this content.'))
         return wrapper
     return decorator
 

src/pretix/control/views/item.py

@@ -4,7 +4,7 @@ from django.contrib import messages
 from django.core.urlresolvers import resolve, reverse
 from django.db import transaction
 from django.forms.models import inlineformset_factory
-from django.http import Http404, HttpResponseForbidden, HttpResponseRedirect
+from django.http import Http404, HttpResponseRedirect
 from django.shortcuts import redirect
 from django.utils.functional import cached_property
 from django.utils.translation import ugettext_lazy as _
@@ -380,7 +380,8 @@ class PropertyDelete(EventPermissionRequiredMixin, DeleteView):
             messages.success(request, _('The selected property has been deleted.'))
             return HttpResponseRedirect(success_url)
         else:
-            return HttpResponseForbidden()
+            messages.error(request, _('The selected property can not be deleted.'))
+            return HttpResponseRedirect(self.get_success_url())
 
     def get_success_url(self) -> str:
         return reverse('control:event.items.properties', kwargs={

src/pretix/control/views/organizer.py

@@ -1,6 +1,6 @@
 from django.contrib import messages
+from django.core.exceptions import PermissionDenied
 from django.core.urlresolvers import reverse
-from django.http import HttpResponseForbidden
 from django.utils.translation import ugettext_lazy as _
 from django.views.generic import CreateView, ListView, UpdateView
 
@@ -52,7 +52,7 @@ class OrganizerCreate(CreateView):
 
     def dispatch(self, request, *args, **kwargs):
         if not request.user.is_superuser:
-            return HttpResponseForbidden()  # TODO
+            raise PermissionDenied()  # TODO
         return super().dispatch(request, *args, **kwargs)
 
     def form_valid(self, form):