Return 403 if the user logged in is now an org and handle it on the client

endpoints/api.py

@@ -40,6 +40,10 @@ def api_login_required(f):
   def decorated_view(*args, **kwargs):
     if not current_user.is_authenticated():
       abort(401)
+
+    if current_user.db_user().organization:
+      abort(403)
+
     return f(*args, **kwargs)
   return decorated_view
 
@@ -78,7 +82,7 @@ def get_logged_in_user():
       'can_create_repo': admin_org.can() or CreateRepositoryPermission(o.username).can()
     }
 
-  if current_user.is_anonymous():
+  if current_user.is_anonymous() or current_user.db_user().organization:
     return jsonify({'anonymous': True})
 
   user = current_user.db_user()
@@ -223,9 +227,7 @@ def conduct_signin(username, password):
 @api_login_required
 def logout():
   logout_user()
-
   identity_changed.send(app, identity=AnonymousIdentity())
-
   return make_response('Success', 200)
 
 

static/js/app.js

@@ -867,7 +867,14 @@ quayApp.directive('ngBlur', function() {
   };
 });
 
-quayApp.run(['$location', '$rootScope', function($location, $rootScope) {
+quayApp.run(['$location', '$rootScope', 'Restangular', 'UserService', function($location, $rootScope, Restangular, UserService) {
+  Restangular.setResponseInterceptor(function(data, operation, what, url, response, deferred) {
+    if (response.status == 403) {
+      UserService.load();
+    }
+    return data;
+  });
+
   $rootScope.$on('$routeChangeSuccess', function (event, current, previous) {
     if (current.$$route.title) {
       $rootScope.title = current.$$route.title;