ENHANCEMENT Only logging out users on Security::permissionFailure() is called in non-ajax context. For ajax requests, we now return a 403 HTTP Status in a HTTPResponse Object, with a ":NOTLOGGEDIN" body for backwards compatibility. If a logout+redirection is required after an ajax-request, this should be handled by the clientside.

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65147 467b73ca-7a2a-4603-9d3b-597d59a354a9
2024-10-22 14:05:37 +02:00 · 2008-11-03 13:50:06 +00:00 · 2008-11-03 13:50:06 +00:00 · c4f3bc962f
commit c4f3bc962f
parent c998006b2c
1 changed files with 59 additions and 58 deletions
--- a/security/Security.php
+++ b/security/Security.php
@ -140,6 +140,12 @@ class Security extends Controller {
 	 *                                                       access the item.
 	 */
 	static function permissionFailure($controller = null, $messageSet = null) {
+		if(Director::is_ajax()) {
+			$response = ($controller) ? $controller->getResponse() : new HTTPResponse();
+			$response->setStatusCode(403);
+			$response->setBody('NOTLOGGEDIN:');
+			return $response;
+		} else {
 			// Prepare the messageSet provided
 			if(!$messageSet) {
 				if(self::$default_message_set) {
@ -195,11 +201,6 @@ class Security extends Controller {
 			// Audit logging hook
 			if($controller) $controller->extend('permissionDenied', $member);
 			
-		// AccessLogEntry::create("Permission to access {$name} denied");
-		
-		if(Director::is_ajax()) {
-			die('NOTLOGGEDIN:');
-		} else {
 			Director::redirect("Security/login");
 		}
 		return;