From a50ad1c895f2d7ed3dfa4d40f3748ae6fb801256 Mon Sep 17 00:00:00 2001 From: Andy Allan Date: Wed, 24 Oct 2018 09:39:02 +0200 Subject: [PATCH] Rework the default denied access handler to give different responses to tokens, logged in users and other users --- app/controllers/application_controller.rb | 9 +++++++-- config/locales/en.yml | 1 + 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0d43393fd..690bdf5ca 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -477,11 +477,16 @@ class ApplicationController < ActionController::Base end def deny_access(_exception) - if current_user + if current_token set_locale report_error t("oauth.permissions.missing"), :forbidden + elsif current_user + set_locale + report_error t("application.permission_denied"), :forbidden + elsif request.get? + redirect_to :controller => "users", :action => "login", :referer => request.fullpath else - require_user + head :forbidden end end diff --git a/config/locales/en.yml b/config/locales/en.yml index 6e126e27e..6942c1720 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -1793,6 +1793,7 @@ en: other: "GPX file with %{count} points from %{user}" description_without_count: "GPX file from %{user}" application: + permission_denied: You do not have permission to access that action require_cookies: cookies_needed: "You appear to have cookies disabled - please enable cookies in your browser before continuing." require_admin: -- 2.43.2