diff --git a/composer.json b/composer.json
index 24a5a8e4f..c7513cc79 100644
--- a/composer.json
+++ b/composer.json
@@ -55,7 +55,8 @@
"require-dev": {
"phpunit/phpunit": "^5.7",
"sminnee/phpunit-mock-objects": "^3.4.5",
- "silverstripe/versioned": "^1"
+ "silverstripe/versioned": "^1",
+ "squizlabs/php_codesniffer": "^3.5"
},
"provide": {
"psr/container-implementation": "1.0.0"
@@ -104,4 +105,4 @@
},
"minimum-stability": "dev",
"prefer-stable": true
-}
\ No newline at end of file
+}
diff --git a/lang/en.yml b/lang/en.yml
index 264ea71aa..a1dda5496 100644
--- a/lang/en.yml
+++ b/lang/en.yml
@@ -111,6 +111,8 @@ en:
NEW: 'Add new record'
NEXT: 'Go to next record'
PREVIOUS: 'Go to previous record'
+ EditPermissionsFailure: 'It seems you don''t have the necessary permissions to edit "{ObjectTitle}"'
+ ViewPermissionsFailure: 'It seems you don''t have the necessary permissions to view "{ObjectTitle}"'
SilverStripe\Forms\GridField\GridFieldEditButton:
EDIT: Edit
SilverStripe\Forms\GridField\GridFieldFilterHeader:
diff --git a/phpcs.xml.dist b/phpcs.xml.dist
index cb2fc02dc..29cedd6c9 100644
--- a/phpcs.xml.dist
+++ b/phpcs.xml.dist
@@ -18,7 +18,7 @@
-
+
diff --git a/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php b/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php
index c808ec129..322cde4b7 100644
--- a/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php
+++ b/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php
@@ -111,7 +111,11 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler
public function view($request)
{
if (!$this->record->canView()) {
- $this->httpError(403);
+ $this->httpError(403, _t(
+ __CLASS__ . '.ViewPermissionsFailure',
+ 'It seems you don\'t have the necessary permissions to view "{ObjectTitle}"',
+ ['ObjectTitle' => $this->record->singular_name()]
+ ));
}
$controller = $this->getToplevelController();
@@ -189,8 +193,11 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler
if (!$this->record->canView()) {
$controller = $this->getToplevelController();
- // TODO More friendly error
- return $controller->httpError(403);
+ return $controller->httpError(403, _t(
+ __CLASS__ . '.ViewPermissionsFailure',
+ 'It seems you don\'t have the necessary permissions to view "{ObjectTitle}"',
+ ['ObjectTitle' => $this->record->singular_name()]
+ ));
}
$fields = $this->component->getFields();
@@ -490,7 +497,12 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler
// Check permission
if (!$this->record->canEdit()) {
- return $this->httpError(403);
+ $this->httpError(403, _t(
+ __CLASS__ . '.EditPermissionsFailure',
+ 'It seems you don\'t have the necessary permissions to edit "{ObjectTitle}"',
+ ['ObjectTitle' => $this->record->singular_name()]
+ ));
+ return null;
}
// Save from form data
diff --git a/src/Security/PasswordExpirationMiddleware.php b/src/Security/PasswordExpirationMiddleware.php
index 050673000..22752a56b 100644
--- a/src/Security/PasswordExpirationMiddleware.php
+++ b/src/Security/PasswordExpirationMiddleware.php
@@ -25,13 +25,13 @@ class PasswordExpirationMiddleware implements HTTPMiddleware
/**
* Session key for persisting URL of the password change form
*/
- const SESSION_KEY_REDIRECT = __CLASS__.'.change password redirect';
+ const SESSION_KEY_REDIRECT = __CLASS__ . '.change password redirect';
/**
* Session key for persisting a flag allowing to process the current request
* without performing password expiration check
*/
- const SESSION_KEY_ALLOW_CURRENT_REQUEST = __CLASS__.'.allow current request';
+ const SESSION_KEY_ALLOW_CURRENT_REQUEST = __CLASS__ . '.allow current request';
/**
* List of URL patterns allowed for users to visit where