ENHANCEMENT: If you are logged in and Security::permissionFailure() is called, just return a 403

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@81430 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sam Minnee 2009-07-09 03:20:32 +00:00
parent 7085f1ce65
commit d38c79f584
2 changed files with 26 additions and 9 deletions

View File

@ -138,8 +138,13 @@ class Security extends Controller {
* in and lacks the
* permission to
* access the item.
*
* The alreadyLoggedIn value can contain a '%s' placeholder that will be replaced with a link
* to log in.
*/
static function permissionFailure($controller = null, $messageSet = null) {
if(!$controller) $controller = Controller::curr();
if(Director::is_ajax()) {
$response = ($controller) ? $controller->getResponse() : new HTTPResponse();
$response->setStatusCode(403);
@ -154,15 +159,20 @@ class Security extends Controller {
$messageSet = array(
'default' => _t(
'Security.NOTEPAGESECURED',
"That page is secured. Enter your credentials below and we will send you right along."
"That page is secured. Enter your credentials below and we will send "
. "you right along."
),
'alreadyLoggedIn' => _t(
'Security.ALREADYLOGGEDIN',
"You don't have access to this page. If you have another account that can access that page, you can log in below."
"You don't have access to this page. If you have another account that "
. "can access that page, you can <a href=\"%s\">log in again</a>.",
PR_MEDIUM,
"%s will be replaced with a link to log in."
),
'logInAgain' => _t(
'Security.LOGGEDOUT',
"You have been logged out. If you would like to log in again, enter your credentials below."
"You have been logged out. If you would like to log in again, enter "
. "your credentials below."
)
);
}
@ -173,11 +183,18 @@ class Security extends Controller {
}
// Work out the right message to show
if(Member::currentUserID()) {
$message = isset($messageSet['alreadyLoggedIn']) ? $messageSet['alreadyLoggedIn'] : $messageSet['default'];
if($member = Member::currentUser()) {
$member->logOut();
}
if(Member::currentUser()) {
$response = ($controller) ? $controller->getResponse() : new HTTPResponse();
$response->setStatusCode(403);
// Replace %s with the log in link
$body = sprintf($messageSet['alreadyLoggedIn'],
Controller::join_links(Director::baseURL(), 'Security/login',
'?BackURL=' . urlencode($_SERVER['REQUEST_URI'])));
$response->setBody($body);
return $response;
} else if(substr(Director::history(),0,15) == 'Security/logout') {
$message = $messageSet['logInAgain'] ? $messageSet['logInAgain'] : $messageSet['default'];
} else {

View File

@ -106,7 +106,7 @@ class SiteTreePermissionsTest extends FunctionalTest {
$response = $this->get($page->URLSegment);
$this->assertEquals(
$response->getStatusCode(),
302,
403,
'Authenticated members cant view a page marked as "Viewable by these groups" if theyre not in the listed groups'
);
$this->session()->inst_set('loggedInAs', null);