From: Andy Allan <git@gravitystorm.co.uk>
Date: Wed, 24 Oct 2018 07:39:02 +0000 (+0200)
Subject: Rework the default denied access handler to give different responses to tokens, logge... 
X-Git-Tag: live~2772^2~7
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/a50ad1c895f2d7ed3dfa4d40f3748ae6fb801256?ds=sidebyside

Rework the default denied access handler to give different responses to tokens, logged in users and other users
---

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 0d43393fd..690bdf5ca 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -477,11 +477,16 @@ class ApplicationController < ActionController::Base
   end
 
   def deny_access(_exception)
-    if current_user
+    if current_token
       set_locale
       report_error t("oauth.permissions.missing"), :forbidden
+    elsif current_user
+      set_locale
+      report_error t("application.permission_denied"), :forbidden
+    elsif request.get?
+      redirect_to :controller => "users", :action => "login", :referer => request.fullpath
     else
-      require_user
+      head :forbidden
     end
   end
 
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 6e126e27e..6942c1720 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -1793,6 +1793,7 @@ en:
         other: "GPX file with %{count} points from %{user}"
       description_without_count: "GPX file from %{user}"
   application:
+    permission_denied: You do not have permission to access that action
     require_cookies:
       cookies_needed: "You appear to have cookies disabled - please enable cookies in your browser before continuing."
     require_admin: