From 8d45681fd8bfb4fdbadb211757317816ead5da32 Mon Sep 17 00:00:00 2001
From: Serghei MIHAI <smihai@entrouvert.com>
Date: Mon, 2 Feb 2015 18:05:34 +0100
Subject: [PATCH] display 403 error page if user has no admin privileges

Closes #6397
---
 hobo/templates/403.html | 8 ++++++++
 hobo/views.py           | 8 +++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 hobo/templates/403.html

diff --git a/hobo/templates/403.html b/hobo/templates/403.html
new file mode 100644
index 0000000..c81708c
--- /dev/null
+++ b/hobo/templates/403.html
@@ -0,0 +1,8 @@
+{% extends "hobo/base.html" %}
+{% load i18n %}
+
+{% block content %}
+<h4>
+  {% trans "You have no permission to access this page" %}
+</h4>
+{% endblock %}
diff --git a/hobo/views.py b/hobo/views.py
index c6a1916..baea26f 100644
--- a/hobo/views.py
+++ b/hobo/views.py
@@ -4,13 +4,19 @@ from django.http import HttpResponse
 from django.utils.translation import ugettext as _
 from django.views.generic.base import TemplateView
 from django.views.generic import edit
+from django.core.exceptions import PermissionDenied
 from django.core.urlresolvers import reverse
 from django.contrib.auth.decorators import user_passes_test
 
 from .environment.utils import Zone, get_operational_services
 from .forms import HoboForm, HoboUpdateForm, get_tenant_model
 
-admin_required = user_passes_test(lambda u: u.is_superuser)
+def is_superuser(u):
+    if not u.is_superuser:
+        raise PermissionDenied
+    return True
+
+admin_required = user_passes_test(is_superuser)
 
 class Home(TemplateView):
     template_name = 'hobo/home.html'