issue #28: adding permission denied error page

2014-07-30 13:47:06 +02:00 · 2014-07-30 13:47:06 +02:00 · cdfe3c85d2
parent 11900a55b3
commit cdfe3c85d2
16 changed files with 156 additions and 10 deletions
--- a/src/lang/bg_BG.lang.php
+++ b/src/lang/bg_BG.lang.php
@ -261,4 +261,8 @@ $sm_lang = array(
 		'success_password_forgot' => 'Изпратен е имейл с информация за възстановяване на паролата.',
 		'success_password_reset' => 'Вашата парола е променена успешно. Моля, влезте в системата.',
 	),
+	'error' => array(
+		'401_unauthorized' => 'Unauthorized',
+		'401_unauthorized_description' => 'You do not have the privileges to view this page.',
+	),
 );
--- a/src/lang/da_DK.lang.php
+++ b/src/lang/da_DK.lang.php
@ -261,4 +261,8 @@ $sm_lang = array(
 		'success_password_forgot' => 'En e-mail er blevet sendt til dig med oplysninger om, hvordan du nulstiller din adgangskode.',
 		'success_password_reset' => 'Dit password er blevet nulstillet. venligst log ind.',
 	),
+	'error' => array(
+		'401_unauthorized' => 'Unauthorized',
+		'401_unauthorized_description' => 'You do not have the privileges to view this page.',
+	),
 );
--- a/src/lang/de_DE.lang.php
+++ b/src/lang/de_DE.lang.php
@ -261,4 +261,8 @@ $sm_lang = array(
 		'success_password_forgot' => 'An email has been sent to you with information how to reset your password.',
 		'success_password_reset' => 'Your password has been reset successfully. Please login.',
 	),
+	'error' => array(
+		'401_unauthorized' => 'Unauthorized',
+		'401_unauthorized_description' => 'You do not have the privileges to view this page.',
+	),
 );
--- a/src/lang/en_US.lang.php
+++ b/src/lang/en_US.lang.php
@ -261,4 +261,8 @@ $sm_lang = array(
 		'success_password_forgot' => 'An email has been sent to you with information how to reset your password.',
 		'success_password_reset' => 'Your password has been reset successfully. Please login.',
 	),
+	'error' => array(
+		'401_unauthorized' => 'Unauthorized',
+		'401_unauthorized_description' => 'You do not have the privileges to view this page.',
+	),
 );
--- a/src/lang/es_ES.lang.php
+++ b/src/lang/es_ES.lang.php
@ -259,4 +259,8 @@ $sm_lang = array(
 		'success_password_forgot' => 'An email has been sent to you with information how to reset your password.',
 		'success_password_reset' => 'Your password has been reset successfully. Please login.',
 	),
+	'error' => array(
+		'401_unauthorized' => 'Unauthorized',
+		'401_unauthorized_description' => 'You do not have the privileges to view this page.',
+	),
 );
--- a/src/lang/fr_FR.lang.php
+++ b/src/lang/fr_FR.lang.php
@ -260,4 +260,8 @@ $sm_lang = array(
 		'success_password_forgot' => 'Un email vous a été envoyé pour réinitialiser votre mot de passe.',
 		'success_password_reset' => 'Votre mot de passe a été réinitialisé.',
 	),
+	'error' => array(
+		'401_unauthorized' => 'Unauthorized',
+		'401_unauthorized_description' => 'You do not have the privileges to view this page.',
+	),
 );
--- a/src/lang/it_IT.lang.php
+++ b/src/lang/it_IT.lang.php
@ -259,4 +259,8 @@ $sm_lang = array(
 		'success_password_forgot' => 'An email has been sent to you with information how to reset your password.',
 		'success_password_reset' => 'Your password has been reset successfully. Please login.',
 	),
+	'error' => array(
+		'401_unauthorized' => 'Unauthorized',
+		'401_unauthorized_description' => 'You do not have the privileges to view this page.',
+	),
 );
--- a/src/lang/ko_KR.lang.php
+++ b/src/lang/ko_KR.lang.php
@ -259,4 +259,8 @@ $sm_lang = array(
 		'success_password_forgot' => 'An email has been sent to you with information how to reset your password.',
 		'success_password_reset' => 'Your password has been reset successfully. Please login.',
 	),
+	'error' => array(
+		'401_unauthorized' => 'Unauthorized',
+		'401_unauthorized_description' => 'You do not have the privileges to view this page.',
+	),
 );
--- a/src/lang/nl_NL.lang.php
+++ b/src/lang/nl_NL.lang.php
@ -260,4 +260,8 @@ $sm_lang = array(
 		'success_password_forgot' => 'Er is een mail verstuurd met informatie om je wachtwoord aan te passen.',
 		'success_password_reset' => 'Je wachtwoord is aangepast. Je kunt nu inloggen.',
 	),
+	'error' => array(
+		'401_unauthorized' => 'Unauthorized',
+		'401_unauthorized_description' => 'U heeft niet de juiste bevoegdheden om deze pagina te bekijken.',
+	),
 );
--- a/src/lang/pt_BR.lang.php
+++ b/src/lang/pt_BR.lang.php
@ -261,4 +261,8 @@ $sm_lang = array(
 		'success_password_forgot' => 'Um email foi enviado para você com as instruções de redefinição de senha.',
 		'success_password_reset' => 'Sua senha foi redefinida com sucesso. Por favor faça login.',
 	),
+	'error' => array(
+		'401_unauthorized' => 'Unauthorized',
+		'401_unauthorized_description' => 'You do not have the privileges to view this page.',
+	),
 );
--- a/src/lang/zh_CN.lang.php
+++ b/src/lang/zh_CN.lang.php
@ -260,4 +260,8 @@ $sm_lang = array(
 		'success_password_forgot' => '密码重设邮件已发送.',
 		'success_password_reset' => '密码重设成功.请登录.',
 	),
+	'error' => array(
+		'401_unauthorized' => 'Unauthorized',
+		'401_unauthorized_description' => 'You do not have the privileges to view this page.',
+	),
 );
--- a/src/psm/Module/AbstractController.class.php
+++ b/src/psm/Module/AbstractController.class.php
@ -136,7 +136,7 @@ abstract class AbstractController implements ControllerInterface {
 	 * @var boolean $black_background
 	 */
 	protected $black_background = false;
-	
+
 	/**
 	 * XHR mode?
 	 * @var boolean $xhr
@ -152,10 +152,13 @@ abstract class AbstractController implements ControllerInterface {
 	/**
 	 * Initialize the controller.
 	 *
+	 * @param string $action if NULL, the action will be retrieved from user input (GET/POST)
 	 * @return \Symfony\Component\HttpFoundation\Response
 	 */
-	public function initialize() {
-		$action = psm_GET('action', psm_POST('action', $this->action_default));
+	public function initialize($action = null) {
+		if($action === null) {
+			$action = psm_GET('action', psm_POST('action', $this->action_default));
+		}
 		$this->xhr = (bool) psm_GET('xhr', psm_POST('xhr', false));

 		if(!in_array($action, $this->actions) || !($result = $this->initializeAction($action))) {
@ -256,7 +259,7 @@ abstract class AbstractController implements ControllerInterface {
 			if(psm_update_available()) {
 				$tpl_data['update_available'] = str_replace('{version}', 'v'.psm_get_conf('version_update_check'), psm_get_lang('system', 'update_available'));
 			}
-			
+
 			if($this->black_background) {
 				$tpl_data['body_class'] = 'black_background';
 			}
@ -524,7 +527,7 @@ abstract class AbstractController implements ControllerInterface {
 	public function setHeaderAccessories($html) {
 		$this->header_accessories = $html;
 	}
-	
+
 	/**
 	 * Check if XHR is on
 	 * @return boolean
--- a/src/psm/Module/Error/Controller/ErrorController.class.php
+++ b/src/psm/Module/Error/Controller/ErrorController.class.php
@ -0,0 +1,56 @@
+<?php
+/**
+ * PHP Server Monitor
+ * Monitor your servers and websites.
+ *
+ * This file is part of PHP Server Monitor.
+ * PHP Server Monitor is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * PHP Server Monitor is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with PHP Server Monitor.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @package     phpservermon
+ * @author      Pepijn Over <pep@neanderthal-technology.com>
+ * @copyright   Copyright (c) 2008-2014 Pepijn Over <pep@neanderthal-technology.com>
+ * @license     http://www.gnu.org/licenses/gpl.txt GNU GPL v3
+ * @version     Release: @package_version@
+ * @link        http://www.phpservermonitor.org/
+ * @since       phpservermon 3.1
+ **/
+
+namespace psm\Module\Error\Controller;
+use psm\Module\AbstractController;
+use psm\Service\Database;
+use psm\Service\Template;
+
+class ErrorController extends AbstractController {
+
+	function __construct(Database $db, Template $tpl) {
+		parent::__construct($db, $tpl);
+
+		$this->setMinUserLevelRequired(PSM_USER_ANONYMOUS);
+
+		$this->setActions(array(
+			'401',
+		), '401');
+	}
+
+	/**
+	 * 401 error page
+	 */
+	protected function execute401() {
+		$this->setTemplateId('error', 'error/error.tpl.html');
+		$this->tpl->addTemplateData('error', array(
+			'label_title' => psm_get_lang('error', '401_unauthorized'),
+			'label_description' => psm_get_lang('error', '401_unauthorized_description'),
+		));
+	}
+}
--- a/src/psm/Module/Error/ErrorModule.class.php
+++ b/src/psm/Module/Error/ErrorModule.class.php
@ -0,0 +1,39 @@
+<?php
+/**
+ * PHP Server Monitor
+ * Monitor your servers and websites.
+ *
+ * This file is part of PHP Server Monitor.
+ * PHP Server Monitor is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * PHP Server Monitor is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with PHP Server Monitor.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @package     phpservermon
+ * @author      Pepijn Over <pep@neanderthal-technology.com>
+ * @copyright   Copyright (c) 2008-2014 Pepijn Over <pep@neanderthal-technology.com>
+ * @license     http://www.gnu.org/licenses/gpl.txt GNU GPL v3
+ * @version     Release: @package_version@
+ * @link        http://www.phpservermonitor.org/
+ * @since       phpservermon 3.1
+ **/
+
+namespace psm\Module\Error;
+use psm\Module\ModuleInterface;
+
+class ErrorModule implements ModuleInterface {
+	public function getControllers() {
+		return array(
+			'error' => __NAMESPACE__ . '\Controller\ErrorController',
+		);
+
+	}
+}
--- a/src/psm/Router.class.php
+++ b/src/psm/Router.class.php
@ -83,6 +83,7 @@ class Router {
 	public function getModules() {
 		return array(
 			'config' => new Module\Config\ConfigModule(),
+			'error' => new Module\Error\ErrorModule(),
 			'server' => new Module\Server\ServerModule(),
 			'user' => new Module\User\UserModule(),
 			'install' => new Module\Install\InstallModule(),
@ -122,21 +123,20 @@ class Router {
 		}
 		// get min required level for this controller and make sure the user matches
 		$min_lvl = $controller->getMinUserLevelRequired();
+		$action = null;

 		if($min_lvl < PSM_USER_ANONYMOUS) {
 			// if user is not logged in, load login module
 			if(!$this->services['user']->isUserLoggedIn()) {
-				// redirect to login
 				$controller = $this->getController('user_login');
 			} elseif($this->services['user']->getUserLevel() > $min_lvl) {
-				// @todo perhaps show a nice permission denied page
-				die('You do not have the privileges to view this page.');
+				$controller = $this->getController('error');
+				$action = '401';
 			}
 		}

 		$controller->setUser($this->services['user']);
-		// let the module prepare it's HTML code
-		$response = $controller->initialize();
+		$response = $controller->initialize($action);

 		if(!($response instanceof Response)) {
 			throw new \LogicException('Controller did not return a Response object.');
--- a/src/templates/error/error.tpl.html
+++ b/src/templates/error/error.tpl.html
@ -0,0 +1,4 @@
+<!--%tpl_error-->
+<h2>{label_title}</h2>
+<p>{label_description}</p>
+<!--%%tpl_error-->