#2477 403 page

2025-11-01 11:35:55 +01:00 · 2014-12-01 21:07:23 -05:00
parent be11577aa4
commit ddd6ed9e8c
7 changed files with 19 additions and 25 deletions
--- a/public/language/en_GB/global.json
+++ b/public/language/en_GB/global.json
@@ -3,7 +3,8 @@
 	"search": "Search",
 	"buttons.close": "Close",
 	"403.title": "Access Denied",
-	"403.message": "You seem to have stumbled upon a page that you do not have access to. Perhaps you should <a href='/login'>try logging in</a>?",
+	"403.message": "You seem to have stumbled upon a page that you do not have access to.",
+	"403.login": "Perhaps you should <a href='/login'>try logging in</a>?",
 	"404.title": "Not Found",
 	"404.message": "You seem to have stumbled upon a page that does not exist. Return to the <a href='/'>home page</a>.",
 	"500.title": "Internal error.",
--- a/public/src/ajaxify.js
+++ b/public/src/ajaxify.js
@@ -28,15 +28,12 @@ $(document).ready(function() {
 				textStatus = err.textStatus;

 			if (data) {
-				if (data.status === 404 || data.status === 500) {
+				if (data.status === 403 || data.status === 404 || data.status === 500) {
 					$('#footer, #content').removeClass('hide').addClass('ajaxifying');
 					return renderTemplate(url, data.status.toString(), data.responseJSON, (new Date()).getTime(), callback);
 				} else if (data.status === 401) {
 					app.alertError('[[global:please_log_in]]');
 					return ajaxify.go('login');
-				} else if (data.status === 403) {
-					$('#content, #footer').removeClass('ajaxifying');
-					app.alertError('[[error:no-privileges]]');
 				} else if (data.status === 302) {
 					return ajaxify.go(data.responseJSON.slice(1), callback, quiet);
 				}
@@ -70,7 +67,7 @@ $(document).ready(function() {
 			if (ajaxify.isTemplateAvailable(tpl_url) && !!!templatesModule.config.force_refresh[tpl_url]) {
 				ajaxify.currentPage = url;

-				if (window.history && window.history.pushState && url !== '404') {
+				if (window.history && window.history.pushState) {
 					window.history[!quiet ? 'pushState' : 'replaceState']({
 						url: url + hash
 					}, url, RELATIVE_PATH + '/' + url + hash);
@@ -219,7 +216,6 @@ $(document).ready(function() {
 				cache: false,
 				success: function(data) {
 					if (!data) {
-						ajaxify.go('404');
 						return;
 					}

--- a/src/controllers/helpers.js
+++ b/src/controllers/helpers.js
@@ -12,14 +12,14 @@ helpers.notFound = function(req, res, error) {
 	}
 };

-helpers.notAllowed = function(req, res) {
+helpers.notAllowed = function(req, res, error) {
 	var uid = req.user ? req.user.uid : 0;

 	if (uid) {
 		if (res.locals.isAPI) {
-			res.status(403).json('not-allowed');
+			res.status(403).json({path: req.path.replace(/^\/api/, ''), loggedIn: !!uid, error: error});
 		} else {
-			res.status(403).render('403');
+			res.status(403).render('403', {path: req.path, loggedIn: !!uid, error: error});
 		}
 	} else {
 		if (res.locals.isAPI) {
--- a/src/middleware/admin.js
+++ b/src/middleware/admin.js
@@ -10,27 +10,22 @@ var app,
 	plugins = require('../plugins'),

 	controllers = {
-		api: require('../controllers/api')
+		api: require('../controllers/api'),
+		helpers: require('../controllers/helpers')
 	};


 middleware.isAdmin = function(req, res, next) {
 	if (!req.user) {
-		return res.status(404).json({
-			error: 'not-found'
-		});
+		return controllers.helpers.notAllowed(req, res);
 	}

 	user.isAdministrator((req.user && req.user.uid) ? req.user.uid : 0, function (err, isAdmin) {
-		if (err) {
+		if (err || isAdmin) {
 			return next(err);
 		}

-		if (!isAdmin) {
-			res.status(403).redirect(nconf.get('relative_path') + '/403');
-		} else {
-			next();
-		}
+		controllers.helpers.notAllowed(req, res);
 	});
 };

--- a/src/routes/admin.js
+++ b/src/routes/admin.js
@@ -22,9 +22,6 @@ function adminRouter(middleware, controllers) {
 	var router = express.Router();

 	router.use(middleware.applyCSRF);
-	router.use(middleware.admin.buildHeader);
-
-	router.get('/', controllers.admin.home);

 	addRoutes(router, middleware, controllers);

@@ -42,6 +39,7 @@ function apiRouter(middleware, controllers) {
 }

 function addRoutes(router, middleware, controllers) {
+	router.get('/', controllers.admin.home);
 	router.get('/general/dashboard', controllers.admin.home);
 	router.get('/general/languages', controllers.admin.languages.get);
 	router.get('/general/sounds', controllers.admin.sounds.get);
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -119,8 +119,8 @@ module.exports = function(app, middleware) {
 	app.use(middleware.maintenanceMode);

 	app.all(relativePath + '/api/?*', middleware.prepareAPI);
-	app.all(relativePath + '/api/admin/*', middleware.admin.isAdmin, middleware.prepareAPI);
-	app.all(relativePath + '/admin/?*', middleware.ensureLoggedIn, middleware.admin.isAdmin);
+	app.all(relativePath + '/api/admin/?*', middleware.admin.isAdmin, middleware.prepareAPI);
+	app.all(relativePath + '/admin/?*', middleware.ensureLoggedIn, middleware.buildHeader, middleware.admin.isAdmin);

 	adminRoutes(router, middleware, controllers);
 	metaRoutes(router, middleware, controllers);
--- a/src/views/403.tpl
+++ b/src/views/403.tpl
@@ -5,4 +5,8 @@
 	<!-- ELSE -->
 	<p>[[global:403.message]]</p>
 	<!-- ENDIF error -->
+
+	<!-- IF !loggedIn -->
+	<p>[[global:403.login]]</p>
+	<!-- ENDIF !loggedIn -->
 </div>