From 048585ca7dfa1613d609e32fb5369051591c3873 Mon Sep 17 00:00:00 2001
From: "Sean R. Abraham" <seanabraham@gmail.com>
Date: Wed, 22 Jan 2025 14:51:51 -0600
Subject: [PATCH] update the friendly unauthorized message, based on
 Frankenstein's suggestions

---
 src/ims/application/_klein.py | 37 +++++++++++++++++++++--------------
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/src/ims/application/_klein.py b/src/ims/application/_klein.py
index a58ff3db1..b371eb1fe 100644
--- a/src/ims/application/_klein.py
+++ b/src/ims/application/_klein.py
@@ -183,24 +183,31 @@ def friendlyNotAuthorizedResponse(request: IRequest) -> KleinSynchronousRenderab
     request.setResponseCode(http.FORBIDDEN)
     if user is not None:
         message = (
-            f"Hey Ranger {user.shortNames[0]}, you don't have permission to access this URI:\n"  # noqa:E501
-            f"    {request.uri.decode('utf-8')}\n"
+            f"Hey Ranger {user.shortNames[0]}, you don't have permission to access "
+            f"this IMS endpoint:\n"
             f"\n"
-            f"Permissions are granted per-event via positions. These are your positions:\n"  # noqa:E501
-            f"    {user.groups}\n"
+            f"    {request.uri.decode('utf-8')}\n"
             f"\n"
-            f"Be aware that many permissions are only granted to on-site Rangers.\n"
-            f"Your current on-site status is '{user.active}'.\n"
-            "\n"
-            "All Rangers are allowed (and encouraged!) to write Field Reports while\n"
-            "on playa. Only some positions need access to read and write Incidents.\n"
-            "We do this to help protect participants' PII.\n"
-            "\n"
-            "If your position is erroneously not granting you a permission you need\n"
-            "to do your work as a Ranger, then please get in touch with an Operator\n"
-            "or the Ranger Tech Oncall.\n"
+        )
+        if not user.active:
+            message += (
+                "Please note that most IMS permissions are granted to Rangers only "
+                "while they are actively working on the playa. You are currently "
+                "marked as off-site in the Clubhouse, indicating that you're done "
+                "Rangering for the year (or maybe you still need to check in at "
+                "Ranger HQ?).\n"
+                "\n"
+            )
+        message += (
+            "All Rangers are very much encouraged to write Field Reports while on the "
+            "playa. While you may have submitted a Field Report for an Incident, only "
+            "certain positions are authorized to view the Incident records themselves. "
+            "This policy is in place to protect participants' personal and other "
+            "related confidential information.\n"
             "\n"
-            "<3 from the Ranger Tech Team\n"
+            "If you believe you need access to the full Incident records, please reach "
+            "out to an on-duty Operator for assistance. For post-event access, contact "
+            "the Ranger Tech Cadre (ranger-tech-cadre@burningman.org).\n"
         )
     else:
         message = "Permission denied"