Merge remote branch 'gallery3/master'

author: mamouneyya <mamoun.diraneyya@gmail.com> 2010-09-20 04:30:34 +0300
committer: mamouneyya <mamoun.diraneyya@gmail.com> 2010-09-20 04:30:34 +0300
commit: ce80259d6939e43aaea34eba7bea4b2a602a5019 (patch)
tree: 7ca81d874b62c5a2c0244657aa903d565a7e6b04 /modules/gallery/controllers/reauthenticate.php
parent: ba950bec0c84a1467aa2545ca815d5af7b0b002b (diff)
parent: 93d1a8103e757a87fb006f2389f0ee24497367a7 (diff)
1 files changed, 9 insertions, 2 deletions
diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php
index 0486c0fe..53a96374 100644
--- a/modules/gallery/controllers/reauthenticate.php
+++ b/modules/gallery/controllers/reauthenticate.php
@@ -19,12 +19,19 @@
  */
 class Reauthenticate_Controller extends Controller {
   public function index() {
+    $is_ajax = Session::instance()->get_once("is_ajax_request", request::is_ajax());
     if (!identity::active_user()->admin) {
-      access::forbidden();
+      if ($is_ajax) {
+        // We should never be able to get here since Admin_Controller::_reauth_check() won't work
+        // for non-admins.
+        access::forbidden();
+      } else {
+        url::redirect(item::root()->abs_url());
+      }
     }
+
     // On redirects from the admin controller, the ajax request indicator is lost,
     // so we store it in the session.
-    $is_ajax = Session::instance()->get_once("is_ajax_request", request::is_ajax());
     if ($is_ajax) {
       $v = new View("reauthenticate.html");
       $v->form = self::_form();
author	mamouneyya <mamoun.diraneyya@gmail.com>	2010-09-20 04:30:34 +0300
committer	mamouneyya <mamoun.diraneyya@gmail.com>	2010-09-20 04:30:34 +0300
commit	ce80259d6939e43aaea34eba7bea4b2a602a5019 (patch)
tree	7ca81d874b62c5a2c0244657aa903d565a7e6b04 /modules/gallery/controllers/reauthenticate.php
parent	ba950bec0c84a1467aa2545ca815d5af7b0b002b (diff)
parent	93d1a8103e757a87fb006f2389f0ee24497367a7 (diff)