Merge pull request #1756 from halkyon/permission_denied_hook

BUG Security::permissionFailure() fixing permissionDenied hook inconsistency

security/Security.php

@@ -222,17 +222,20 @@ class Security extends Controller {
 				$messageSet = array('default' => $messageSet);
 			}
 
+			$member = Member::currentUser();
+
 			// Work out the right message to show
-			if(Member::currentUser()) {
+			if($member && $member->exists()) {
 				$response = ($controller) ? $controller->getResponse() : new SS_HTTPResponse();
 				$response->setStatusCode(403);
 
 				//If 'alreadyLoggedIn' is not specified in the array, then use the default
 				//which should have been specified in the lines above
-				if(isset($messageSet['alreadyLoggedIn']))
+				if(isset($messageSet['alreadyLoggedIn'])) {
-					$message=$messageSet['alreadyLoggedIn'];
+					$message = $messageSet['alreadyLoggedIn'];
-				else
+				} else {
-					$message=$messageSet['default'];
+					$message = $messageSet['default'];
+				}
 
 				// Somewhat hackish way to render a login form with an error message.
 				$me = new Security();
@@ -242,6 +245,9 @@ class Security extends Controller {
 				$formText = $me->login();
 
 				$response->setBody($formText);
+
+				$controller->extend('permissionDenied', $member);
+
 				return $response;
 			} else {
 				$message = $messageSet['default'];