From 230e61ee1d992255138b56c50caf9cca52532c2b Mon Sep 17 00:00:00 2001
From: Michael Andreen <harv@ruin.nu>
Date: Fri, 7 Nov 2008 13:12:19 +0100
Subject: [PATCH] Use status 403 for access denied

---
 lib/NDWeb/Controller/JSRPC.pm | 3 +++
 lib/NDWeb/Controller/Root.pm  | 5 ++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/NDWeb/Controller/JSRPC.pm b/lib/NDWeb/Controller/JSRPC.pm
index cc52d43..5515a2a 100644
--- a/lib/NDWeb/Controller/JSRPC.pm
+++ b/lib/NDWeb/Controller/JSRPC.pm
@@ -190,6 +190,7 @@ sub listTargets : Local {
 sub access_denied : Private {
 	my ($self, $c) = @_;
 	$c->stash(template => 'jsrpc/access_denied.tt2');
+	$c->res->status(403);
 }
 
 sub assertTarget : Private {
@@ -216,9 +217,11 @@ sub end : ActionClass('RenderView') {
 	if (scalar @{ $c->error } ){
 		if ($c->error->[0] =~ m/Can't call method "id" on an undefined value at/){
 			$c->stash->{template} = 'jsrpc/access_denied.tt2';
+			$c->res->status(403);
 			$c->clear_errors;
 		}elsif ($c->error->[0] =~ m/Missing roles: /){
 			$c->stash->{template} = 'jsrpc/access_denied.tt2';
+			$c->res->status(403);
 			$c->clear_errors;
 		}
 	}
diff --git a/lib/NDWeb/Controller/Root.pm b/lib/NDWeb/Controller/Root.pm
index 05f2ef8..fcff93f 100644
--- a/lib/NDWeb/Controller/Root.pm
+++ b/lib/NDWeb/Controller/Root.pm
@@ -153,6 +153,7 @@ sub access_denied : Private {
 	my ($self, $c, $action) = @_;
 
 	$c->stash->{template} = 'access_denied.tt2';
+	$c->res->status(403);
 
 }
 
@@ -174,9 +175,11 @@ sub end : ActionClass('RenderView') {
 	if (scalar @{ $c->error } ){
 		if ($c->error->[0] =~ m/Can't call method "id" on an undefined value at/){
 			$c->stash->{template} = 'access_denied.tt2';
+			$c->res->status(403);
 			$c->clear_errors;
 		}elsif ($c->error->[0] =~ m/Missing roles: /){
 			$c->stash->{template} = 'access_denied.tt2';
+			$c->res->status(403);
 			$c->clear_errors;
 		}
 	}
@@ -214,7 +217,7 @@ sub end : ActionClass('RenderView') {
 	$birthdays->execute;
 	$c->stash(birthdays => $birthdays->fetchall_arrayref({}));
 
-	if ($c->res->status == 200){
+	if ($c->res->status == 200 || $c->req->method eq 'GET'){
 		$c->flash(referrer => $c->req->path);
 	}
 }
-- 
2.39.2