Use status 403 for access denied

[ndwebbie.git] / lib / NDWeb / Controller / Root.pm

diff --git a/lib/NDWeb/Controller/Root.pm b/lib/NDWeb/Controller/Root.pm
index 2b16db2b71cc6435af34a4be89360eda88796963..fcff93f24b0de56073d1d1ef37a7dfe34366e17a 100644 (file)
--- a/lib/NDWeb/Controller/Root.pm
+++ b/lib/NDWeb/Controller/Root.pm
@@ -32,6 +32,8 @@ NDWeb::Controller::Root - Root Controller for NDWeb
 
 sub index : Local Path Args(0) {
        my ( $self, $c ) = @_;
+
+       $c->res->redirect($c->uri_for('/wiki'));
 }
 
 sub default : Path {
@@ -58,8 +60,10 @@ sub login : Local {
                $log->execute($c->user->id,$c->req->address
                        ,$country,$c->sessionid,$remember);
 
-               $c->res->redirect($c->req->referer);
+               $c->forward('redirect');
                return;
+       } elsif ($c->req->method eq 'POST'){
+               $c->res->status(400);
        }
 }
 
@@ -115,12 +119,18 @@ sub listAlliances : Private {
        $c->stash(alliances => \@alliances);
 }
 
+sub sslurl {
+       return $_[0];
+}
+
 sub auto : Private {
        my ($self, $c) = @_;
        my $dbh = $c ->model;
 
        $c->stash(dbh => $dbh);
 
+       $c->stash(sslurl => \&sslurl);
+
        $dbh->do(q{SET timezone = 'GMT'});
 
        $c->stash(TICK =>$dbh->selectrow_array('SELECT tick()',undef));
@@ -132,13 +142,18 @@ sub auto : Private {
        }else{
                $c->stash(UID => -4);
        }
+}
 
+sub redirect : Private {
+       my ($self, $c) = @_;
+       $c->res->redirect($c->uri_for('/'.$c->flash->{referrer}));
 }
 
 sub access_denied : Private {
        my ($self, $c, $action) = @_;
 
        $c->stash->{template} = 'access_denied.tt2';
+       $c->res->status(403);
 
 }
 
@@ -151,19 +166,25 @@ Attempt to render a view, if needed.
 sub end : ActionClass('RenderView') {
        my ($self, $c) = @_;
 
+       if ($c->res->status == 302){
+               return;
+       }
+
        my $dbh = $c ->model;
 
        if (scalar @{ $c->error } ){
                if ($c->error->[0] =~ m/Can't call method "id" on an undefined value at/){
                        $c->stash->{template} = 'access_denied.tt2';
+                       $c->res->status(403);
                        $c->clear_errors;
                }elsif ($c->error->[0] =~ m/Missing roles: /){
                        $c->stash->{template} = 'access_denied.tt2';
+                       $c->res->status(403);
                        $c->clear_errors;
                }
        }
 
-       if ($c->user_exists && $c->res->status == 200){
+       if ($c->user_exists){
                my $fleetupdate = 0;
                if ($c->check_user_roles(qw/member_menu/)){
                        $fleetupdate = $dbh->selectrow_array(q{SELECT tick FROM fleets WHERE sender = ?
@@ -188,6 +209,17 @@ sub end : ActionClass('RenderView') {
                                        || $c->check_user_roles(qw/no_fleet_update/)))),
                $c->forward('listTargets');
        }
+       my $birthdays = $dbh->prepare(q{SELECT username
+                       ,date_part('year',age(birthday)) AS age
+                       FROM users WHERE birthday IS NOT NULL
+                               AND mmdd(birthday) = mmdd(CURRENT_DATE)
+               });
+       $birthdays->execute;
+       $c->stash(birthdays => $birthdays->fetchall_arrayref({}));
+
+       if ($c->res->status == 200 || $c->req->method eq 'GET'){
+               $c->flash(referrer => $c->req->path);
+       }
 }
 
 =head1 AUTHOR