Merge branch 'permission-denied-mixin' into 'master'

Raise an explicit DRF PermissionDenied in Corpus ACL mixin See merge request !1270

Merge branch 'permission-denied-mixin' into 'master'
7d2203bd · Bastien Abadie · e05e0554 · 94c507d8 · 7d2203bd · 7d2203bd
Commit 7d2203bd authored 4 years ago by Bastien Abadie
--- a/arkindex/documents/tests/test_destroy_worker_results.py
+++ b/arkindex/documents/tests/test_destroy_worker_results.py
@@ -36,7 +36,7 @@ class TestDestroyWorkerResults(FixtureAPITestCase):
            self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
        self.assertDictEqual(
            response.json(),
-            {'detail': 'You do not have permission to perform this action.'}
+            {'detail': 'You do not have admin access to this corpus.'}
        )

    def test_worker_results_destroy_wrong_corpus_id(self):

--- a/arkindex/project/mixins.py
+++ b/arkindex/project/mixins.py
 from django.conf import settings
-from django.core.exceptions import PermissionDenied
 from django.db.models import Q
 from django.shortcuts import get_object_or_404
 from django.views.decorators.cache import cache_page
 from drf_spectacular.utils import extend_schema, extend_schema_view
-from rest_framework.exceptions import APIException, ValidationError
+from rest_framework.exceptions import APIException, PermissionDenied, ValidationError
 from rest_framework.serializers import CharField, Serializer

 from arkindex.dataimport.models import DataImport, DataImportMode, Repository, Worker
@@ -131,7 +130,7 @@ class CorpusACLMixin(ACLMixin):
        """
        corpus = get_object_or_404(Corpus, id=corpus_id)
        if not self.has_access(corpus, role.value):
-            raise PermissionDenied
+            raise PermissionDenied(detail=f'You do not have {str(role).lower()} access to this corpus.')
        return corpus

    @property