Blog Documentation Book a Demo
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Custom permissions and custom errors

lifeisfoolifeisfoo ✭✭✭
in Community Addons & Development

I'm developing an application with the Garden framework and now I'm securing controllers actions using custom permissions.

class MyController extends Gdn_Controller {
public function Index() {
    $this->Permission('MyApp.OneSecurityPermission');
...
}
}

When I access to /myController with a role that don't has this permission I see this:

Can I customize this error page only for this controller action (not globally)?

There was an error rendering this rich post.

Tagged:

Comments

  • x00x00 MVP

    Yes

    Gdn::Locale()->SetTranslation('PermissionErrorMessage',T('Your Message'));

    grep is your friend.

  • lifeisfoolifeisfoo ✭✭✭

    Thank you @x00, but what I want is a custom page...

    There was an error rendering this rich post.

  • x00x00 MVP
    edited June 2013 
       public function CustomPermission($Permission) {
      if(Gdn::Session()->CheckPermission($Permission)){
          return TRUE;
        }else{
          header("HTTP/1.0 401", TRUE, 401);
          if ($this->DeliveryMethod() != DELIVERY_METHOD_XHTML) {
             $this->Render();
          } else {
             $this->MasterView = 'empty';
             $this->View='yourview';
             $this->Render();
          }
          exit;
      }
   }

    grep is your friend.

  • lifeisfoolifeisfoo ✭✭✭

    @x00, your help is invaluable. I hope this can help many others developer.

    There was an error rendering this rich post.

  • x00x00 MVP

    There is more than one way to shell an egg. You could make it a proper exception, then direct to a custom controller.

    grep is your friend.

  • lifeisfoolifeisfoo ✭✭✭

    Here what I've done:

    added this function to my application bootstrap.php

    function PermissionCheck($Controller, $Permission, $ErrorView, $ErrorMasterView) {
    if( CheckPermission($Permission) ){
        return TRUE;
    }else{
        header("HTTP/1.0 401", TRUE, 401);
        if($ErrorMasterView){
            $Controller->MasterView = $ErrorMasterView;
        }
        if($ErrorView){
            $Controller->View = $ErrorView;
        }
        $Controller->Render();
        exit;
    }
}

    then use this in every controller action:

    public function Index() {
    PermissionCheck($this, 'MyApp.Main.Allow', 'permission_error');
...
}

    So now I can show different pages for every action (and If I want I can use another master view as a parameter).

    Thank you again @x00

    There was an error rendering this rich post.

  • x00x00 MVP
    edited June 2013

    I think if you are making your own app you might well keep in house. You could create a base controller, for you app and extend that, or whatever.

    grep is your friend.

Sign In or Register to comment.