feat(project): add a 404 page and redirect users to first project found

Security-Tools-Alliance · Sep 2, 2024 · a3d3a66 · a3d3a66
1 parent 2e3f3fa
commit a3d3a66
Show file tree

Hide file tree

Showing 6 changed files with 59 additions and 8 deletions.
diff --git a/web/dashboard/utils.py b/web/dashboard/utils.py
@@ -1,7 +1,7 @@
 from functools import wraps
 from django.http import JsonResponse
 from django.shortcuts import redirect
-from django.urls import reverse
+from django.urls import reverse, NoReverseMatch
 from .models import Project
 
 def get_user_projects(user):
@@ -26,6 +26,11 @@ def _wrapped_view(request, *args, **kwargs):
             project = Project.objects.filter(slug=project_slug).first()
             if project and project in get_user_projects(request.user):
                 return view_func(request, *args, **kwargs)
+            if not project and request.user.is_superuser:
+                return redirect(reverse('onboarding'))
+            else:
+                project = Project.objects.filter(users=request.user).first()
+                return redirect(reverse('page_not_found', kwargs={'slug': project.slug}))
 
         # Check if it's an API request
         if request.path.startswith('/api/'):

diff --git a/web/dashboard/views.py b/web/dashboard/views.py
@@ -4,7 +4,6 @@
 
 from django.contrib import messages
 from django.contrib.auth import get_user_model, update_session_auth_hash
-from django.contrib.auth.decorators import login_required
 from django.contrib.auth.forms import PasswordChangeForm
 from django.contrib.auth.signals import user_logged_in, user_logged_out
 from django.db.models import Count
@@ -18,7 +17,7 @@
 from rolepermissions.roles import assign_role, clear_roles
 from rolepermissions.decorators import has_permission_decorator
 
-from dashboard.utils import get_user_projects, user_has_project_access, user_has_project_access_by_id
+from dashboard.utils import get_user_projects, user_has_project_access
 from targetApp.models import Domain
 from startScan.models import (
     EndPoint, ScanHistory, Subdomain, Vulnerability, ScanActivity,
@@ -391,16 +390,22 @@ def onboarding(request):
                 NetlasAPIKey.objects.create(key=key_netlas)
 
     context['error'] = error
-    # check is any projects exists, then redirect to project list else onboarding
-    project = Project.objects.first()
+    if request.user.is_superuser:
+        # if super user, redirect to the first project
+        project = Project.objects.first()
+    else:
+        # check is any projects exists for the current user
+        project = Project.objects.filter(users=request.user).first()
 
     context['openai_key'] = OpenAiAPIKey.objects.first()
     context['netlas_key'] = NetlasAPIKey.objects.first()
 
+    # then redirect to the dashboard
     if project:
         slug = project.slug
         return HttpResponseRedirect(reverse('dashboardIndex', kwargs={'slug': slug}))
 
+    # else redirect to the onboarding
     return render(request, 'dashboard/onboarding.html', context)
 
 @user_has_project_access

diff --git a/web/reNgine/common_views.py b/web/reNgine/common_views.py
@@ -12,4 +12,15 @@ def permission_denied(request, slug):
             processor = import_string(processor)
         context.update(processor(request))
 
-    return render(request, 'common/permission_denied.html', context.flatten(), status=403)
+    return render(request, 'common/permission_denied.html', context.flatten(), status=403)
+
+def page_not_found(request, slug):
+    context = RequestContext(request)
+
+    # Applying manually the context processors
+    for processor in settings.TEMPLATES[0]['OPTIONS']['context_processors']:
+        if isinstance(processor, str):
+            processor = import_string(processor)
+        context.update(processor(request))
+
+    return render(request, 'common/page_not_found.html', context.flatten(), status=404)
diff --git a/web/reNgine/urls.py b/web/reNgine/urls.py
@@ -7,7 +7,7 @@
 from drf_yasg import openapi
 from drf_yasg.views import get_schema_view
 from rest_framework import permissions
-from .common_views import permission_denied
+from .common_views import permission_denied, page_not_found
 
 schema_view = get_schema_view(
    openapi.Info(
@@ -58,5 +58,9 @@
         '<slug:slug>/permission_denied/',
         permission_denied,
         name='permission_denied'),
+    path(
+        '<slug:slug>/page_not_found/',
+        page_not_found,
+        name='page_not_found'),
 ] + static(settings.MEDIA_URL, document_root=settings.RENGINE_RESULTS) + \
     static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
diff --git a/web/templates/common/page_not_found.html b/web/templates/common/page_not_found.html
@@ -0,0 +1,26 @@
+{% extends 'base/base.html' %}
+{% load static %}
+
+{% block title %}
+Page Not Found
+{% endblock title %}
+
+{% block page_title %}
+Page Not Found
+{% endblock page_title %}
+
+{% block custom_js_css_link %}
+<link rel="stylesheet" type="text/css" href="{% static 'custom/custom.css' %}">
+{% endblock custom_js_css_link %}
+
+{% block main_content %}
+<div class="row justify-content-center">
+    <div class="col-lg-6">
+        <div class="text-center">
+            <h1 class="text-error mt-4">404</h1>
+            <h4 class="text-uppercase text-danger mt-3">Page not found</h4>
+            <p>The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.</p>
+        </div>
+    </div>
+</div>
+{% endblock main_content %}
diff --git a/web/templates/common/permission_denied.html b/web/templates/common/permission_denied.html
@@ -19,7 +19,7 @@
         <div class="text-center">
             <h1 class="text-error mt-4">403</h1>
             <h4 class="text-uppercase text-danger mt-3">You do not have access to this page</h4>
-
+            <p>Please contact the administrator to request access.</p>
         </div>
     </div>
 </div>