Hide posts, courses that are not live form SEO

StackTipsLab · Jan 11, 2024 · c44a732 · c44a732
1 parent 0f1013f
commit c44a732
Show file tree

Hide file tree

Showing 4 changed files with 56 additions and 9 deletions.
diff --git a/bloggy/templates/errors/403.html b/bloggy/templates/errors/403.html
@@ -0,0 +1,23 @@
+{% extends "base-with-header.html" %}
+{% load static %}
+{% load custom_widgets %}
+{% load define_action %}
+{% block content %}
+    <div class="container py-5">
+        <p style="font-weight: 400;" class="h2">{{ errorCode }}
+            <span style="font-weight: 300;" class="text-muted">{{ errorMessage }}</span>
+        </p>
+        <p style="max-width:600px; font-weight: 300;" class="h3 text-muted">{{ errorDescription }}.
+            Please do return to our <a href="{% url 'index' %}">homepage</a> and continue learning.</p>
+
+        <div class="row align-items-start my-5">
+            <div class="col-6">
+                <h3 class="h3 fw-normal mb-2">Here are some of the useful links:</h3>
+                {% include "errors/error_page_links.html" %}
+            </div>
+            <div class="col-4">
+                {% include "errors/search_widget.html" %}
+            </div>
+        </div>
+    </div>
+{% endblock content %}
diff --git a/bloggy/views/courses_view.py b/bloggy/views/courses_view.py
@@ -1,5 +1,5 @@
 from django.core.paginator import EmptyPage, PageNotAnInteger, Paginator
-from django.http import Http404
+from django.http import Http404, HttpResponseForbidden
 from django.utils.decorators import method_decorator
 from django.views.decorators.cache import cache_page
 from django.views.decorators.vary import vary_on_cookie
@@ -50,8 +50,20 @@ class CourseDetailsView(HitCountDetailView):
 
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
+
+        # check if article is published? if live no issues.
+        if self.object.publish_status == "DRAFT":
+            logged_user = self.request.user
+
+            # If not live, check for the context parameter and the user login status
+            # If user is the owner of the post or user is an admin, can preview the post
+            if not logged_user:
+                raise HttpResponseForbidden("You do not have permission to view this page.")
+            if not (logged_user.username.__eq__(self.object.author.username) or logged_user.is_superuser):
+                raise HttpResponseForbidden("You do not have permission to view this page.")
+
         set_seo_settings(post=self.object, context=context)
-        context["posts"] = Post.objects.filter(course=self.object).order_by(
+        context["posts"] = Post.objects.filter(course=self.object).filter(publish_status="LIVE").order_by(
             "display_order").all()
         return context
 
@@ -66,7 +78,7 @@ class LessonDetailsView(TemplateView):
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
         guide_slug = context["course"]
-        post = Post.objects.filter(course__slug=guide_slug).filter(slug=context["slug"]).order_by(
+        post = Post.objects.filter(course__slug=guide_slug).filter(slug=context["slug"], publish_status="LIVE").order_by(
             "display_order").first()
         if not post:
             raise Http404

diff --git a/bloggy/views/posts.py b/bloggy/views/posts.py
@@ -1,4 +1,4 @@
-from django.http import HttpResponse
+from django.http import HttpResponseForbidden
 from django.utils.decorators import method_decorator
 from django.views.decorators.cache import cache_page
 from django.views.decorators.vary import vary_on_cookie
@@ -61,9 +61,9 @@ def get_context_data(self, **kwargs):
             # If not live, check for the context parameter and the user login status
             # If user is the owner of the post or user is an admin, can preview the post
             if not logged_user:
-                raise HttpResponse('Unauthorized', status=401)
+                raise HttpResponseForbidden("You do not have permission to view this page.")
             if not (logged_user.username.__eq__(self.object.author.username) or logged_user.is_superuser):
-                raise HttpResponse('Unauthorized', status=401)
+                raise HttpResponseForbidden("You do not have permission to view this page.")
 
         context = super().get_context_data(**kwargs)
         set_seo_settings(post=self.object, context=context)

diff --git a/bloggy/views/quizzes_view.py b/bloggy/views/quizzes_view.py
@@ -1,3 +1,4 @@
+from django.http import HttpResponseForbidden
 from django.utils.decorators import method_decorator
 from django.views.decorators.cache import cache_page
 from django.views.decorators.vary import vary_on_cookie
@@ -25,9 +26,9 @@ def get_context_data(self, **kwargs):
         return context
 
 
-@method_decorator(
-    [cache_page(settings.CACHE_TTL, key_prefix="quiz_single"), vary_on_cookie],
-    name='dispatch'
+@method_decorator([
+    cache_page(settings.CACHE_TTL, key_prefix="quiz_single"),
+    vary_on_cookie],name='dispatch'
 )
 class QuizDetailView(HitCountDetailView):
     model = Quiz
@@ -38,5 +39,16 @@ def dispatch(self, request, *args, **kwargs):
 
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
+        # check if article is published? if live no issues.
+        if self.object.publish_status == "DRAFT":
+            logged_user = self.request.user
+
+            # If not live, check for the context parameter and the user login status
+            # If user is the owner of the post or user is an admin, can preview the post
+            if not logged_user:
+                raise HttpResponseForbidden("You do not have permission to view this page.")
+            if not (logged_user.username.__eq__(self.object.author.username) or logged_user.is_superuser):
+                raise HttpResponseForbidden("You do not have permission to view this page.")
+
         set_seo_settings(post=self.object, context=context)
         return context