A 403 error page is now displayed (instead of a blank page) when trying to access a protected page.

git-svn-id: http://redmine.rubyforge.org/svn/trunk@495 e93f8b46-1217-0410-a6f0-8f06a7374b81

2 files changed, 14 insertions, 3 deletions

diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index 2a23c311e..2a8e15155 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -71,7 +71,7 @@ class ApplicationController < ActionController::Base
   def require_admin
     return unless require_login
     unless self.logged_in_user.admin?
-      render :nothing => true, :status => 403
+      render_403
       return false
     end
     true
@@ -91,7 +91,7 @@ class ApplicationController < ActionController::Base
     if logged_in_user_membership and Permission.allowed_to_role( "%s/%s" % [ ctrl, action ], logged_in_user_membership )    
       return true		
     end		
-    render :nothing => true, :status => 403
+    render_403
     false
   end
   
@@ -101,7 +101,7 @@ class ApplicationController < ActionController::Base
     return true if @project.is_public?
     return false unless logged_in_user
     return true if logged_in_user.admin? || logged_in_user_membership
-    render :nothing => true, :status => 403
+    render_403
     false
   end
 
@@ -121,6 +121,13 @@ class ApplicationController < ActionController::Base
     end
   end
   
+  def render_403
+    @html_title = "403"
+    @project = nil
+    render :template => "common/403", :layout => true, :status => 403
+    return false
+  end
+    
   def render_404
     @html_title = "404"
     render :template => "common/404", :layout => true, :status => 404
diff --git a/app/views/common/403.rhtml b/app/views/common/403.rhtml
new file mode 100644
index 000000000..138c1a2f9
--- /dev/null
+++ b/app/views/common/403.rhtml
@@ -0,0 +1,4 @@
+<h2>403</h2>
+
+<p><%= l(:notice_not_authorized) %></p>
+<p><a href="javascript:history.back()">Back</a></p>