From d94bcd285abb2b6f37747168f7aeeff1da856be3 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Mon, 30 Apr 2007 19:47:28 +0000
Subject: A 403 error page is now displayed (instead of a blank page) when
 trying to access a protected page.

git-svn-id: http://redmine.rubyforge.org/svn/trunk@495 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/application.rb | 13 ++++++++++---
 app/views/common/403.rhtml     |  4 ++++
 2 files changed, 14 insertions(+), 3 deletions(-)
 create mode 100644 app/views/common/403.rhtml

(limited to 'app')

diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index 2a23c311e..2a8e15155 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -71,7 +71,7 @@ class ApplicationController < ActionController::Base
   def require_admin
     return unless require_login
     unless self.logged_in_user.admin?
-      render :nothing => true, :status => 403
+      render_403
       return false
     end
     true
@@ -91,7 +91,7 @@ class ApplicationController < ActionController::Base
     if logged_in_user_membership and Permission.allowed_to_role( "%s/%s" % [ ctrl, action ], logged_in_user_membership )    
       return true		
     end		
-    render :nothing => true, :status => 403
+    render_403
     false
   end
   
@@ -101,7 +101,7 @@ class ApplicationController < ActionController::Base
     return true if @project.is_public?
     return false unless logged_in_user
     return true if logged_in_user.admin? || logged_in_user_membership
-    render :nothing => true, :status => 403
+    render_403
     false
   end
 
@@ -121,6 +121,13 @@ class ApplicationController < ActionController::Base
     end
   end
   
+  def render_403
+    @html_title = "403"
+    @project = nil
+    render :template => "common/403", :layout => true, :status => 403
+    return false
+  end
+    
   def render_404
     @html_title = "404"
     render :template => "common/404", :layout => true, :status => 404
diff --git a/app/views/common/403.rhtml b/app/views/common/403.rhtml
new file mode 100644
index 000000000..138c1a2f9
--- /dev/null
+++ b/app/views/common/403.rhtml
@@ -0,0 +1,4 @@
+<h2>403</h2>
+
+<p><%= l(:notice_not_authorized) %></p>
+<p><a href="javascript:history.back()">Back</a></p>
-- 
cgit v1.2.3