From 950823585e6298eba442779fcfbd9d51268b9e7b Mon Sep 17 00:00:00 2001
From: Mo8it <mo8it@proton.me>
Date: Wed, 21 Sep 2022 16:52:15 +0200
Subject: [PATCH] Handle unauthorized action

---
 advlabdb/custom_classes.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/advlabdb/custom_classes.py b/advlabdb/custom_classes.py
index fec7336..ffb9b62 100644
--- a/advlabdb/custom_classes.py
+++ b/advlabdb/custom_classes.py
@@ -289,7 +289,8 @@ class SecureAssistantModelView(CustomModelView):
 
         if model not in self.get_query():
             reportBadAttempt("An assistant tried to change a model not in his filter!")
-            raise ModelViewException("Unauthorized action!")
+            self.handle_view_exception(ModelViewException("Unauthorized action!"))
+            return redirect(self.url)
 
     def on_model_delete(self, model):
         reportBadAttempt("An assistant tried to delete a model!")
@@ -308,7 +309,8 @@ class SecureAssistantModelView(CustomModelView):
 
             if model not in self.get_query():
                 reportBadAttempt("An assistant tried to edit a model not in his filter!")
-                raise ModelViewException("Unauthorized action!")
+                self.handle_view_exception(ModelViewException("Unauthorized action!"))
+                return redirect(self.url)
 
         return super().edit_view()
 
@@ -325,7 +327,8 @@ class SecureAssistantModelView(CustomModelView):
 
             if model not in self.get_query():
                 reportBadAttempt("An assistant tried to see details of a model not in his filter!")
-                raise ModelViewException("Unauthorized action!")
+                self.handle_view_exception(ModelViewException("Unauthorized action!"))
+                return redirect(self.url)
 
         return super().details_view()