]> ruin.nu Git - ndwebbie.git/commitdiff
projects / ndwebbie.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a399bec)
Use status 403 for access denied
authorMichael Andreen <harv@ruin.nu>
Fri, 7 Nov 2008 12:12:19 +0000 (13:12 +0100)
committerMichael Andreen <harv@ruin.nu>
Fri, 7 Nov 2008 12:12:19 +0000 (13:12 +0100)
lib/NDWeb/Controller/JSRPC.pm patch | blob | history
lib/NDWeb/Controller/Root.pm patch | blob | history

diff --git a/lib/NDWeb/Controller/JSRPC.pm b/lib/NDWeb/Controller/JSRPC.pm
index cc52d43cce9ddcec17942e3a5019f7d29508446d..5515a2aecfa824fec3c5e4703b8855ce1be477f8 100644 (file)
--- a/lib/NDWeb/Controller/JSRPC.pm
+++ b/lib/NDWeb/Controller/JSRPC.pm
@@ -190,6 +190,7 @@ sub listTargets : Local {
 sub access_denied : Private {
        my ($self, $c) = @_;
        $c->stash(template => 'jsrpc/access_denied.tt2');
+       $c->res->status(403);
 }
 
 sub assertTarget : Private {
@@ -216,9 +217,11 @@ sub end : ActionClass('RenderView') {
        if (scalar @{ $c->error } ){
                if ($c->error->[0] =~ m/Can't call method "id" on an undefined value at/){
                        $c->stash->{template} = 'jsrpc/access_denied.tt2';
+                       $c->res->status(403);
                        $c->clear_errors;
                }elsif ($c->error->[0] =~ m/Missing roles: /){
                        $c->stash->{template} = 'jsrpc/access_denied.tt2';
+                       $c->res->status(403);
                        $c->clear_errors;
                }
        }
diff --git a/lib/NDWeb/Controller/Root.pm b/lib/NDWeb/Controller/Root.pm
index 05f2ef8fe258801968c6099b47a8dec127d7ece1..fcff93f24b0de56073d1d1ef37a7dfe34366e17a 100644 (file)
--- a/lib/NDWeb/Controller/Root.pm
+++ b/lib/NDWeb/Controller/Root.pm
@@ -153,6 +153,7 @@ sub access_denied : Private {
        my ($self, $c, $action) = @_;
 
        $c->stash->{template} = 'access_denied.tt2';
+       $c->res->status(403);
 
 }
 
@@ -174,9 +175,11 @@ sub end : ActionClass('RenderView') {
        if (scalar @{ $c->error } ){
                if ($c->error->[0] =~ m/Can't call method "id" on an undefined value at/){
                        $c->stash->{template} = 'access_denied.tt2';
+                       $c->res->status(403);
                        $c->clear_errors;
                }elsif ($c->error->[0] =~ m/Missing roles: /){
                        $c->stash->{template} = 'access_denied.tt2';
+                       $c->res->status(403);
                        $c->clear_errors;
                }
        }
@@ -214,7 +217,7 @@ sub end : ActionClass('RenderView') {
        $birthdays->execute;
        $c->stash(birthdays => $birthdays->fetchall_arrayref({}));
 
-       if ($c->res->status == 200){
+       if ($c->res->status == 200 || $c->req->method eq 'GET'){
                $c->flash(referrer => $c->req->path);
        }
 }
The ND webbie, with scripts and database schemas