doortts doortts 2014-02-24
fix: forbidden page access post action
 When a user try to access forbidden page,
 then redirect to login page and show noti message.
@434c9dcb62954668ebab55d844c54ef9e4028f15
app/actions/AbstractProjectCheckAction.java
--- app/actions/AbstractProjectCheckAction.java
+++ app/actions/AbstractProjectCheckAction.java
@@ -22,14 +22,18 @@
 
 import controllers.UserApp;
 import models.Project;
+import models.User;
 import models.enumeration.Operation;
 import actions.support.PathParser;
+import play.i18n.Messages;
 import play.mvc.Action;
 import play.mvc.Http.Context;
 import play.mvc.Result;
 import utils.AccessControl;
 import utils.AccessLogger;
 import utils.ErrorViews;
+
+import static play.mvc.Controller.flash;
 
 /**
  * /{user.loginId}/{project.name}/** 패턴의 요청에 해당하는 프로젝트가 존재하는지 확인하는 액션.
@@ -50,13 +54,19 @@
         Project project = Project.findByOwnerAndProjectName(ownerLoginId, projectName);
 
         if (project == null) {
+            if (UserApp.currentUser() == User.anonymous){
+                flash("failed", Messages.get("error.auth.unauthorized.waringMessage"));
+                return AccessLogger.log(context.request(),
+                        forbidden(ErrorViews.Forbidden.render("error.forbidden.or.notfound", context.request().path().toString())), null);
+            }
             return AccessLogger.log(context.request(),
-                    notFound(ErrorViews.NotFound.render("error.notfound.project")), null);
+                    forbidden(ErrorViews.NotFound.render("error.forbidden.or.notfound")), null);
         }
 
         if (!AccessControl.isAllowed(UserApp.currentUser(), project.asResource(), Operation.READ)) {
+            flash("failed", Messages.get("error.auth.unauthorized.waringMessage"));
             return AccessLogger.log(context.request(),
-                    notFound(ErrorViews.NotFound.render("error.notfound.project")), null);
+                    forbidden(ErrorViews.Forbidden.render("error.forbidden.or.notfound", context.request().path().toString())), null);
         }
 
         return call(project, context, parser);
app/utils/ErrorViews.java
--- app/utils/ErrorViews.java
+++ app/utils/ErrorViews.java
@@ -1,6 +1,9 @@
 package utils;
+import controllers.UserApp;
 import models.Project;
+import models.User;
 import play.api.templates.Html;
+import views.html.index.index;
 
 
 /**
@@ -16,6 +19,14 @@
         @Override
         public Html render(String messageKey, Project project) {
             return views.html.error.forbidden.render(messageKey, project);
+        }
+
+        public Html render(String messageKey, String returnUrl) {
+            if(UserApp.currentUser() == User.anonymous){
+                return views.html.user.login.render("error.fobidden", null, returnUrl);
+            } else {
+                return views.html.error.forbidden_default.render(messageKey);
+            }
         }
 
         @Deprecated
@@ -137,4 +148,7 @@
      */
     public abstract Html render(String messageKey, Project project, String target);
 
+    public Html render(String messageKey, String returnUrl) {
+        return index.render(UserApp.currentUser());
+    };
 }
app/views/error/notfound_default.scala.html
--- app/views/error/notfound_default.scala.html
+++ app/views/error/notfound_default.scala.html
@@ -21,7 +21,7 @@
     <div class="page-wrap-outer">
         <div class="project-page-wrap">
             <div class="error-wrap">
-                <i class="ico-404"></i>
+                <i class="ico ico-err2"></i>
                 <p>@Messages(messageKey)</p>
                 <a href="@routes.Application.index()" class="ybtn ybtn-info">@Messages("menu.home")</a>
             </div>
conf/messages
--- conf/messages
+++ conf/messages
@@ -164,6 +164,7 @@
 error.badrequest = The request cannot be fulfilled due to bad syntax
 error.badrequest.only.available.for.git = This request is only available for a git project.
 error.forbidden = You are not authorized
+error.forbidden.or.notfound = Project doesn't exist or you don't have proper authority.
 error.internalServerError = Server error occurred and the service is not available
 error.notfound = Page not found
 error.notfound.board_post = Post not found
conf/messages.ko
--- conf/messages.ko
+++ conf/messages.ko
@@ -164,6 +164,7 @@
 error.badrequest = 잘못된 요청입니다
 error.badrequest.only.available.for.git = GIT 프로젝트에서만 지원하는 요청입니다.
 error.forbidden = 권한이 없습니다
+error.forbidden.or.notfound = 권한이 없거나 존재하지 않는 프로젝트입니다.
 error.internalServerError = 서버 오류가 발생하여 서비스를 이용할 수 없습니다
 error.notfound = 페이지를 찾을 수 없습니다
 error.notfound.board_post = 존재하지 않는 글입니다
Add a comment
List