From d53f6d0e052fb455059170a311640fcd06cad798 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Fri, 12 Feb 2010 16:40:44 -0800 Subject: Fix for tickets 1009 and 603: Show a themed error page to guests / registered users (not to admins though). And show a login form to guests for 404 (incl. insufficient view permissions) errors. --- modules/gallery/controllers/albums.php | 13 ++----------- modules/gallery/controllers/items.php | 2 +- modules/gallery/controllers/movies.php | 2 +- modules/gallery/controllers/photos.php | 2 +- 4 files changed, 5 insertions(+), 14 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index c2b474ee..1cc3b1ec 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -26,19 +26,10 @@ class Albums_Controller extends Items_Controller { if (!is_object($album)) { // show() must be public because we route to it in url::parse_url(), so make // sure that we're actually receiving an object - throw new Kohana_404_Exception(); + Event::run('system.404'); } - if (!access::can("view", $album)) { - if ($album->id == 1) { - // Even show the login page to logged in users. - // It's a better user experience than a "Dang" error page. - print auth::login_page(); - return; - } else { - access::required("view", $album); - } - } + access::required("view", $album); $page_size = module::get_var("gallery", "page_size", 9); $input = Input::instance(); diff --git a/modules/gallery/controllers/items.php b/modules/gallery/controllers/items.php index f261e3a9..0bd47b2d 100644 --- a/modules/gallery/controllers/items.php +++ b/modules/gallery/controllers/items.php @@ -21,7 +21,7 @@ class Items_Controller extends Controller { public function __call($function, $args) { $item = ORM::factory("item", (int)$function); if (!$item->loaded()) { - throw new Kohana_404_Exception(); + Event::run('system.404'); } // Redirect to the more specific resource type, since it will render diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index 78a56e81..1dbcb481 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -22,7 +22,7 @@ class Movies_Controller extends Items_Controller { if (!is_object($movie)) { // show() must be public because we route to it in url::parse_url(), so make // sure that we're actually receiving an object - throw new Kohana_404_Exception(); + Event::run('system.404'); } access::required("view", $movie); diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index f2d47eec..2a77aea4 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -22,7 +22,7 @@ class Photos_Controller extends Items_Controller { if (!is_object($photo)) { // show() must be public because we route to it in url::parse_url(), so make // sure that we're actually receiving an object - throw new Kohana_404_Exception(); + Event::run('system.404'); } access::required("view", $photo); -- cgit v1.2.3 From 7e47c3b19f522344f7083ea0bd9524bfff1a0eb2 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Fri, 12 Feb 2010 19:05:44 -0800 Subject: For consistency, use straight Kohana_404_Exception instead of the event system. --- modules/gallery/controllers/albums.php | 2 +- modules/gallery/controllers/items.php | 2 +- modules/gallery/controllers/movies.php | 2 +- modules/gallery/controllers/photos.php | 2 +- modules/gallery/helpers/access.php | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index 1cc3b1ec..036dade0 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -26,7 +26,7 @@ class Albums_Controller extends Items_Controller { if (!is_object($album)) { // show() must be public because we route to it in url::parse_url(), so make // sure that we're actually receiving an object - Event::run('system.404'); + throw new Kohana_404_Exception(); } access::required("view", $album); diff --git a/modules/gallery/controllers/items.php b/modules/gallery/controllers/items.php index 0bd47b2d..f261e3a9 100644 --- a/modules/gallery/controllers/items.php +++ b/modules/gallery/controllers/items.php @@ -21,7 +21,7 @@ class Items_Controller extends Controller { public function __call($function, $args) { $item = ORM::factory("item", (int)$function); if (!$item->loaded()) { - Event::run('system.404'); + throw new Kohana_404_Exception(); } // Redirect to the more specific resource type, since it will render diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index 1dbcb481..78a56e81 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -22,7 +22,7 @@ class Movies_Controller extends Items_Controller { if (!is_object($movie)) { // show() must be public because we route to it in url::parse_url(), so make // sure that we're actually receiving an object - Event::run('system.404'); + throw new Kohana_404_Exception(); } access::required("view", $movie); diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index 2a77aea4..f2d47eec 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -22,7 +22,7 @@ class Photos_Controller extends Items_Controller { if (!is_object($photo)) { // show() must be public because we route to it in url::parse_url(), so make // sure that we're actually receiving an object - Event::run('system.404'); + throw new Kohana_404_Exception(); } access::required("view", $photo); diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index c4c100ca..7e8b079a 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -120,7 +120,7 @@ class access_Core { if (!self::can($perm_name, $item)) { if ($perm_name == "view") { // Treat as if the item didn't exist, don't leak any information. - Event::run('system.404'); + throw new Kohana_404_Exception(); } else { self::forbidden(); } -- cgit v1.2.3