Throw 403/412 when using ajax as appropriate

Added error pages
2013-05-15 17:06:23 +10:00 · 2013-05-15 17:06:23 +10:00 · 25d9fbf846
commit 25d9fbf846
parent 783964ee59
5 changed files with 25 additions and 13 deletions
--- a/classes/lnApp/Controller/TemplateDefault.php
+++ b/classes/lnApp/Controller/TemplateDefault.php
@ -70,7 +70,7 @@ abstract class lnApp_Controller_TemplateDefault extends Kohana_Controller_Templa

 		// Actions that start with ajax, should only be ajax
 		if (! Kohana::$config->load('debug')->ajax AND preg_match('/^ajax/',Request::current()->action()) AND ! Request::current()->is_ajax())
-			die();
+			throw HTTP_Exception::factory(412,_('Unable to fulfil request.'));

 		parent::before();

@ -82,18 +82,9 @@ abstract class lnApp_Controller_TemplateDefault extends Kohana_Controller_Templa
 			// If auth is required and the user is logged in, then they dont have access.
 			// (We have already checked authorisation.)
 			if (Auth::instance()->logged_in(NULL,get_class($this).'|'.__METHOD__)) {
-				if (Config::sitemode() == Kohana::DEVELOPMENT)
-					SystemMessage::add(array(
-						'title'=>_('Insufficient Access'),
-						'type'=>'debug',
-						'body'=>Debug::vars(array('required'=>$this->auth_required,'action'=>$this->request->action(),'user'=>Auth::instance()->get_user()->username)),
-					));
-
-				// @todo Login No Access redirects are not handled in JS?
-				if ($this->request->is_ajax()) {
-					echo _('You dont have enough permissions.');
-					die();
-				} else
+				if ($this->request->is_ajax())
+					throw HTTP_Exception::factory(403,_('You dont have enough permissions.'));
+				else
 					HTTP::redirect('login/noaccess');

 			} else {
--- a/views/errors/403.php
+++ b/views/errors/403.php
@ -0,0 +1,5 @@
+<h1>Oops!</h1>
+<h2>403 Not Found or Not Authorised?</h2>
+<div class="error-details">
+	Sorry, either the item doesnt exist, or you are not authorised to see it.
+</div>
--- a/views/errors/404.php
+++ b/views/errors/404.php
@ -0,0 +1,5 @@
+<h1>Oops!</h1>
+<h2>404 Not Found?</h2>
+<div class="error-details">
+	Sorry, an error has occured, requested page not found?
+</div>
--- a/views/errors/412.php
+++ b/views/errors/412.php
@ -0,0 +1,5 @@
+<h1>Oops!</h1>
+<h2>412 Unable to fulfil your request?</h2>
+<div class="error-details">
+	Your request needs more information before it can be fulfilled.
+</div>
--- a/views/errors/501.php
+++ b/views/errors/501.php
@ -0,0 +1,6 @@
+<h1>Oops!</h1>
+<h2>501 Bother, something went wrong.</h2>
+<?php echo $message; ?>
+<div class="error-details">
+	If this keeps happening, please let us know.
+</div>