A 403 error page is now displayed (instead of a blank page) when trying to access a protected page.

git-svn-id: http://redmine.rubyforge.org/svn/trunk@495 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2007-04-30 19:47:28 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2007-04-30 19:47:28 +0000
commit: d94bcd285abb2b6f37747168f7aeeff1da856be3 (patch)
tree: dc118279d28876c6cf3fd76d9658e1a54e98fff7
parent: 9af49e07f3b7505b982573a75ae10b1330b38a2b (diff)
download: redmine-d94bcd285abb2b6f37747168f7aeeff1da856be3.tar.gz
redmine-d94bcd285abb2b6f37747168f7aeeff1da856be3.zip
10 files changed, 22 insertions, 3 deletions
diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index 2a23c311e..2a8e15155 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -71,7 +71,7 @@ class ApplicationController < ActionController::Base
   def require_admin
     return unless require_login
     unless self.logged_in_user.admin?
-      render :nothing => true, :status => 403
+      render_403
       return false
     end
     true
@@ -91,7 +91,7 @@ class ApplicationController < ActionController::Base
     if logged_in_user_membership and Permission.allowed_to_role( "%s/%s" % [ ctrl, action ], logged_in_user_membership )    
       return true		
     end		
-    render :nothing => true, :status => 403
+    render_403
     false
   end
   
@@ -101,7 +101,7 @@ class ApplicationController < ActionController::Base
     return true if @project.is_public?
     return false unless logged_in_user
     return true if logged_in_user.admin? || logged_in_user_membership
-    render :nothing => true, :status => 403
+    render_403
     false
   end
 
@@ -121,6 +121,13 @@ class ApplicationController < ActionController::Base
     end
   end
   
+  def render_403
+    @html_title = "403"
+    @project = nil
+    render :template => "common/403", :layout => true, :status => 403
+    return false
+  end
+    
   def render_404
     @html_title = "404"
     render :template => "common/404", :layout => true, :status => 404
diff --git a/app/views/common/403.rhtml b/app/views/common/403.rhtml
new file mode 100644
index 000000000..138c1a2f9
--- /dev/null
+++ b/app/views/common/403.rhtml
@@ -0,0 +1,4 @@
+<h2>403</h2>
+
+<p><%= l(:notice_not_authorized) %></p>
+<p><a href="javascript:history.back()">Back</a></p>
diff --git a/lang/de.yml b/lang/de.yml
index 3cf43bf4b..efd5e38b6 100644
--- a/lang/de.yml
+++ b/lang/de.yml
@@ -66,6 +66,7 @@ notice_successful_connection: Verbindung erfolgreich.
 notice_file_not_found: Anhang besteht nicht oder ist gelöscht worden.
 notice_locking_conflict: Datum wurde von einem anderen Benutzer geändert.
 notice_scm_error: Eintrag und/oder Revision besteht nicht im SVN.
+notice_not_authorized: You are not authorized to access this page.
 
 mail_subject_lost_password: Ihr redMine Kennwort
 mail_subject_register: redMine Kontoaktivierung
diff --git a/lang/en.yml b/lang/en.yml
index e1329bed2..7fcb2b14b 100644
--- a/lang/en.yml
+++ b/lang/en.yml
@@ -66,6 +66,7 @@ notice_successful_connection: Successful connection.
 notice_file_not_found: The page you were trying to access doesn't exist or has been removed.
 notice_locking_conflict: Data have been updated by another user.
 notice_scm_error: Entry and/or revision doesn't exist in the repository.
+notice_not_authorized: You are not authorized to access this page.
 
 mail_subject_lost_password: Your redMine password
 mail_subject_register: redMine account activation
diff --git a/lang/es.yml b/lang/es.yml
index 3522bd42a..806c8d462 100644
--- a/lang/es.yml
+++ b/lang/es.yml
@@ -66,6 +66,7 @@ notice_successful_connection: Successful connection.
 notice_file_not_found: La página que intentabas tener acceso no existe ni se ha quitado.
 notice_locking_conflict: Data have been updated by another user.
 notice_scm_error: La entrada y/o la revisión no existe en el depósito.
+notice_not_authorized: You are not authorized to access this page.
 
 mail_subject_lost_password: Tu contraseña del redMine
 mail_subject_register: Activación de la cuenta del redMine
diff --git a/lang/fr.yml b/lang/fr.yml
index 0541f09f3..8423ba93b 100644
--- a/lang/fr.yml
+++ b/lang/fr.yml
@@ -66,6 +66,7 @@ notice_successful_connection: Connection réussie.
 notice_file_not_found: La page à laquelle vous souhaitez accéder n'existe pas ou a été supprimée.
 notice_locking_conflict: Les données ont été mises à jour par un autre utilisateur. Mise à jour impossible.
 notice_scm_error: L'entrée et/ou la révision demandée n'existe pas dans le dépôt.
+notice_not_authorized: Vous n'êtes pas autorisés à accéder à cette page.
 
 mail_subject_lost_password: Votre mot de passe redMine
 mail_subject_register: Activation de votre compte redMine
diff --git a/lang/it.yml b/lang/it.yml
index 2861ced32..0c48ee20e 100644
--- a/lang/it.yml
+++ b/lang/it.yml
@@ -66,6 +66,7 @@ notice_successful_connection: Connessione effettuata.
 notice_file_not_found: La pagina desiderata non esiste o è stata rimossa.
 notice_locking_conflict: Le informazioni sono state modificate da un altro utente.
 notice_scm_error: La risorsa e/o la versione non esistono nel repository.
+notice_not_authorized: You are not authorized to access this page.
 
 mail_subject_lost_password: Password redMine
 mail_subject_register: Attivazione utenza redMine
diff --git a/lang/ja.yml b/lang/ja.yml
index 3b62421d1..274171d6d 100644
--- a/lang/ja.yml
+++ b/lang/ja.yml
@@ -67,6 +67,7 @@ notice_successful_connection: 接続しました。
 notice_file_not_found: アクセスしようとしたページは存在しないか削除されています。
 notice_locking_conflict: 別のユーザがデータを更新しています。
 notice_scm_error: リポジトリに、エントリ/リビジョンが存在しません。
+notice_not_authorized: You are not authorized to access this page.
 
 mail_subject_lost_password: redMine パスワード
 mail_subject_register: redMine アカウントが有効になりました
diff --git a/lang/pt.yml b/lang/pt.yml
index 8cc98aa88..4719e4174 100644
--- a/lang/pt.yml
+++ b/lang/pt.yml
@@ -66,6 +66,7 @@ notice_successful_connection: Conectado com sucesso.
 notice_file_not_found: A pagina que voce esta tentando acessar nao existe ou foi excluida.
 notice_locking_conflict: Os dados foram atualizados por um outro usuario.
 notice_scm_error: A entrada e/ou a revisao nao existem no repositorio.
+notice_not_authorized: You are not authorized to access this page.
 
 mail_subject_lost_password: Sua senha do redMine.
 mail_subject_register: Ativacao de conta do redMine.
diff --git a/lang/zh.yml b/lang/zh.yml
index 3a5ad7c81..79f998c1c 100644
--- a/lang/zh.yml
+++ b/lang/zh.yml
@@ -69,6 +69,7 @@ notice_successful_connection: 连接成功
 notice_file_not_found: 您访问的页面不存在或已被删除。
 notice_locking_conflict: 数据已被另一个用户更新
 notice_scm_error: 在版本库中不存在该条目或修订
+notice_not_authorized: You are not authorized to access this page.
 
 mail_subject_lost_password: 您的redMine口令
 mail_subject_register: redMine帐户激活
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2007-04-30 19:47:28 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2007-04-30 19:47:28 +0000
commit	d94bcd285abb2b6f37747168f7aeeff1da856be3 (patch)
tree	dc118279d28876c6cf3fd76d9658e1a54e98fff7
parent	9af49e07f3b7505b982573a75ae10b1330b38a2b (diff)
download	redmine-d94bcd285abb2b6f37747168f7aeeff1da856be3.tar.gz redmine-d94bcd285abb2b6f37747168f7aeeff1da856be3.zip