issue #28: adding permission denied error page

2014-07-30 13:47:06 +02:00 · 2014-07-30 13:47:06 +02:00 · cdfe3c85d2
parent 11900a55b3
commit cdfe3c85d2
16 changed files with 156 additions and 10 deletions
--- a/src/lang/bg_BG.lang.php
+++ b/src/lang/bg_BG.lang.php
@ -261,4 +261,8 @@ $sm_lang = array(
 		'success_password_forgot' => 'Изпратен е имейл с информация за възстановяване на паролата.',
 		'success_password_reset' => 'Вашата парола е променена успешно. Моля, влезте в системата.',
 	),
 	'error' => array(
 		'401_unauthorized' => 'Unauthorized',
 		'401_unauthorized_description' => 'You do not have the privileges to view this page.',
 	),
 );
--- a/src/lang/da_DK.lang.php
+++ b/src/lang/da_DK.lang.php
@ -261,4 +261,8 @@ $sm_lang = array(
 		'success_password_forgot' => 'En e-mail er blevet sendt til dig med oplysninger om, hvordan du nulstiller din adgangskode.',
 		'success_password_reset' => 'Dit password er blevet nulstillet. venligst log ind.',
 	),
 	'error' => array(
 		'401_unauthorized' => 'Unauthorized',
 		'401_unauthorized_description' => 'You do not have the privileges to view this page.',
 	),
 );
--- a/src/lang/de_DE.lang.php
+++ b/src/lang/de_DE.lang.php
@ -261,4 +261,8 @@ $sm_lang = array(
 		'success_password_forgot' => 'An email has been sent to you with information how to reset your password.',
 		'success_password_reset' => 'Your password has been reset successfully. Please login.',
 	),
 	'error' => array(
 		'401_unauthorized' => 'Unauthorized',
 		'401_unauthorized_description' => 'You do not have the privileges to view this page.',
 	),
 );
--- a/src/lang/en_US.lang.php
+++ b/src/lang/en_US.lang.php
@ -261,4 +261,8 @@ $sm_lang = array(
 		'success_password_forgot' => 'An email has been sent to you with information how to reset your password.',
 		'success_password_reset' => 'Your password has been reset successfully. Please login.',
 	),
 	'error' => array(
 		'401_unauthorized' => 'Unauthorized',
 		'401_unauthorized_description' => 'You do not have the privileges to view this page.',
 	),
 );
--- a/src/lang/es_ES.lang.php
+++ b/src/lang/es_ES.lang.php
@ -259,4 +259,8 @@ $sm_lang = array(
 		'success_password_forgot' => 'An email has been sent to you with information how to reset your password.',
 		'success_password_reset' => 'Your password has been reset successfully. Please login.',
 	),
 	'error' => array(
 		'401_unauthorized' => 'Unauthorized',
 		'401_unauthorized_description' => 'You do not have the privileges to view this page.',
 	),
 );
--- a/src/lang/fr_FR.lang.php
+++ b/src/lang/fr_FR.lang.php
@ -260,4 +260,8 @@ $sm_lang = array(
 		'success_password_forgot' => 'Un email vous a été envoyé pour réinitialiser votre mot de passe.',
 		'success_password_reset' => 'Votre mot de passe a été réinitialisé.',
 	),
 	'error' => array(
 		'401_unauthorized' => 'Unauthorized',
 		'401_unauthorized_description' => 'You do not have the privileges to view this page.',
 	),
 );
--- a/src/lang/it_IT.lang.php
+++ b/src/lang/it_IT.lang.php
@ -259,4 +259,8 @@ $sm_lang = array(
 		'success_password_forgot' => 'An email has been sent to you with information how to reset your password.',
 		'success_password_reset' => 'Your password has been reset successfully. Please login.',
 	),
 	'error' => array(
 		'401_unauthorized' => 'Unauthorized',
 		'401_unauthorized_description' => 'You do not have the privileges to view this page.',
 	),
 );
--- a/src/lang/ko_KR.lang.php
+++ b/src/lang/ko_KR.lang.php
@ -259,4 +259,8 @@ $sm_lang = array(
 		'success_password_forgot' => 'An email has been sent to you with information how to reset your password.',
 		'success_password_reset' => 'Your password has been reset successfully. Please login.',
 	),
 	'error' => array(
 		'401_unauthorized' => 'Unauthorized',
 		'401_unauthorized_description' => 'You do not have the privileges to view this page.',
 	),
 );
--- a/src/lang/nl_NL.lang.php
+++ b/src/lang/nl_NL.lang.php
@ -260,4 +260,8 @@ $sm_lang = array(
 		'success_password_forgot' => 'Er is een mail verstuurd met informatie om je wachtwoord aan te passen.',
 		'success_password_reset' => 'Je wachtwoord is aangepast. Je kunt nu inloggen.',
 	),
 	'error' => array(
 		'401_unauthorized' => 'Unauthorized',
 		'401_unauthorized_description' => 'U heeft niet de juiste bevoegdheden om deze pagina te bekijken.',
 	),
 );
--- a/src/lang/pt_BR.lang.php
+++ b/src/lang/pt_BR.lang.php
@ -261,4 +261,8 @@ $sm_lang = array(
 		'success_password_forgot' => 'Um email foi enviado para você com as instruções de redefinição de senha.',
 		'success_password_reset' => 'Sua senha foi redefinida com sucesso. Por favor faça login.',
 	),
 	'error' => array(
 		'401_unauthorized' => 'Unauthorized',
 		'401_unauthorized_description' => 'You do not have the privileges to view this page.',
 	),
 );
--- a/src/lang/zh_CN.lang.php
+++ b/src/lang/zh_CN.lang.php
@ -260,4 +260,8 @@ $sm_lang = array(
 		'success_password_forgot' => '密码重设邮件已发送.',
 		'success_password_reset' => '密码重设成功.请登录.',
 	),
 	'error' => array(
 		'401_unauthorized' => 'Unauthorized',
 		'401_unauthorized_description' => 'You do not have the privileges to view this page.',
 	),
 );
--- a/src/psm/Module/AbstractController.class.php
+++ b/src/psm/Module/AbstractController.class.php
@ -136,7 +136,7 @@ abstract class AbstractController implements ControllerInterface {
 	 * @var boolean $black_background
 	 */
 	protected $black_background = false;
-	
+
 	/**
 	 * XHR mode?
 	 * @var boolean $xhr
@ -152,10 +152,13 @@ abstract class AbstractController implements ControllerInterface {
 	/**
 	 * Initialize the controller.
 	 *
 	 * @param string $action if NULL, the action will be retrieved from user input (GET/POST)
 	 * @return \Symfony\Component\HttpFoundation\Response
 	 */
-	public function initialize() {
+	public function initialize($action = null) {
-		$action = psm_GET('action', psm_POST('action', $this->action_default));
+		if($action === null) {
 			$action = psm_GET('action', psm_POST('action', $this->action_default));
 		}
 		$this->xhr = (bool) psm_GET('xhr', psm_POST('xhr', false));
 		if(!in_array($action, $this->actions) || !($result = $this->initializeAction($action))) {
@ -256,7 +259,7 @@ abstract class AbstractController implements ControllerInterface {
 			if(psm_update_available()) {
 				$tpl_data['update_available'] = str_replace('{version}', 'v'.psm_get_conf('version_update_check'), psm_get_lang('system', 'update_available'));
 			}
-			
+
 			if($this->black_background) {
 				$tpl_data['body_class'] = 'black_background';
 			}
@ -524,7 +527,7 @@ abstract class AbstractController implements ControllerInterface {
 	public function setHeaderAccessories($html) {
 		$this->header_accessories = $html;
 	}
-	
+
 	/**
 	 * Check if XHR is on
 	 * @return boolean
--- a/src/psm/Module/Error/Controller/ErrorController.class.php
+++ b/src/psm/Module/Error/Controller/ErrorController.class.php
@ -0,0 +1,56 @@
 <?php
 /**
 * PHP Server Monitor
 * Monitor your servers and websites.
 *
 * This file is part of PHP Server Monitor.
 * PHP Server Monitor is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * PHP Server Monitor is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with PHP Server Monitor.  If not, see <http://www.gnu.org/licenses/>.
 *
 * @package     phpservermon
 * @author      Pepijn Over <pep@neanderthal-technology.com>
 * @copyright   Copyright (c) 2008-2014 Pepijn Over <pep@neanderthal-technology.com>
 * @license     http://www.gnu.org/licenses/gpl.txt GNU GPL v3
 * @version     Release: @package_version@
 * @link        http://www.phpservermonitor.org/
 * @since       phpservermon 3.1
 **/
 namespace psm\Module\Error\Controller;
 use psm\Module\AbstractController;
 use psm\Service\Database;
 use psm\Service\Template;
 class ErrorController extends AbstractController {
 	function __construct(Database $db, Template $tpl) {
 		parent::__construct($db, $tpl);
 		$this->setMinUserLevelRequired(PSM_USER_ANONYMOUS);
 		$this->setActions(array(
 			'401',
 		), '401');
 	}
 	/**
 	 * 401 error page
 	 */
 	protected function execute401() {
 		$this->setTemplateId('error', 'error/error.tpl.html');
 		$this->tpl->addTemplateData('error', array(
 			'label_title' => psm_get_lang('error', '401_unauthorized'),
 			'label_description' => psm_get_lang('error', '401_unauthorized_description'),
 		));
 	}
 }
--- a/src/psm/Module/Error/ErrorModule.class.php
+++ b/src/psm/Module/Error/ErrorModule.class.php
@ -0,0 +1,39 @@
 <?php
 /**
 * PHP Server Monitor
 * Monitor your servers and websites.
 *
 * This file is part of PHP Server Monitor.
 * PHP Server Monitor is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * PHP Server Monitor is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with PHP Server Monitor.  If not, see <http://www.gnu.org/licenses/>.
 *
 * @package     phpservermon
 * @author      Pepijn Over <pep@neanderthal-technology.com>
 * @copyright   Copyright (c) 2008-2014 Pepijn Over <pep@neanderthal-technology.com>
 * @license     http://www.gnu.org/licenses/gpl.txt GNU GPL v3
 * @version     Release: @package_version@
 * @link        http://www.phpservermonitor.org/
 * @since       phpservermon 3.1
 **/
 namespace psm\Module\Error;
 use psm\Module\ModuleInterface;
 class ErrorModule implements ModuleInterface {
 	public function getControllers() {
 		return array(
 			'error' => __NAMESPACE__ . '\Controller\ErrorController',
 		);
 	}
 }
--- a/src/psm/Router.class.php
+++ b/src/psm/Router.class.php
@ -83,6 +83,7 @@ class Router {
 	public function getModules() {
 		return array(
 			'config' => new Module\Config\ConfigModule(),
 			'error' => new Module\Error\ErrorModule(),
 			'server' => new Module\Server\ServerModule(),
 			'user' => new Module\User\UserModule(),
 			'install' => new Module\Install\InstallModule(),
@ -122,21 +123,20 @@ class Router {
 		}
 		// get min required level for this controller and make sure the user matches
 		$min_lvl = $controller->getMinUserLevelRequired();
 		$action = null;
 		if($min_lvl < PSM_USER_ANONYMOUS) {
 			// if user is not logged in, load login module
 			if(!$this->services['user']->isUserLoggedIn()) {
 				// redirect to login
 				$controller = $this->getController('user_login');
 			} elseif($this->services['user']->getUserLevel() > $min_lvl) {
-				// @todo perhaps show a nice permission denied page
+				$controller = $this->getController('error');
-				die('You do not have the privileges to view this page.');
+				$action = '401';
 			}
 		}
 		$controller->setUser($this->services['user']);
-		// let the module prepare it's HTML code
+		$response = $controller->initialize($action);
 		$response = $controller->initialize();
 		if(!($response instanceof Response)) {
 			throw new \LogicException('Controller did not return a Response object.');
--- a/src/templates/error/error.tpl.html
+++ b/src/templates/error/error.tpl.html
@ -0,0 +1,4 @@
 <!--%tpl_error-->
 <h2>{label_title}</h2>
 <p>{label_description}</p>
 <!--%%tpl_error-->