HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Custom permissions and custom errors

lifeisfoolifeisfoo Zombie plugins finder ✭✭✭

I'm developing an application with the Garden framework and now I'm securing controllers actions using custom permissions.

class MyController extends Gdn_Controller {
public function Index() {
    $this->Permission('MyApp.OneSecurityPermission');
...
}
}

When I access to /myController with a role that don't has this permission I see this:

Can I customize this error page only for this controller action (not globally)?

There was an error rendering this rich post.

Comments

  • Yes

    Gdn::Locale()->SetTranslation('PermissionErrorMessage',T('Your Message'));

    grep is your friend.

  • lifeisfoolifeisfoo Zombie plugins finder ✭✭✭

    Thank you @x00, but what I want is a custom page...

    There was an error rendering this rich post.

  • x00x00 MVP
    edited June 2013
       public function CustomPermission($Permission) {
          if(Gdn::Session()->CheckPermission($Permission)){
              return TRUE;
            }else{
              header("HTTP/1.0 401", TRUE, 401);
              if ($this->DeliveryMethod() != DELIVERY_METHOD_XHTML) {
                 $this->Render();
              } else {
                 $this->MasterView = 'empty';
                 $this->View='yourview';
                 $this->Render();
              }
              exit;
          }
       }
    

    grep is your friend.

  • lifeisfoolifeisfoo Zombie plugins finder ✭✭✭

    @x00, your help is invaluable. I hope this can help many others developer.

    There was an error rendering this rich post.

  • There is more than one way to shell an egg. You could make it a proper exception, then direct to a custom controller.

    grep is your friend.

  • lifeisfoolifeisfoo Zombie plugins finder ✭✭✭

    Here what I've done:

    added this function to my application bootstrap.php

    function PermissionCheck($Controller, $Permission, $ErrorView, $ErrorMasterView) {
        if( CheckPermission($Permission) ){
            return TRUE;
        }else{
            header("HTTP/1.0 401", TRUE, 401);
            if($ErrorMasterView){
                $Controller->MasterView = $ErrorMasterView;
            }
            if($ErrorView){
                $Controller->View = $ErrorView;
            }
            $Controller->Render();
            exit;
        }
    }
    

    then use this in every controller action:

    public function Index() {
        PermissionCheck($this, 'MyApp.Main.Allow', 'permission_error');
    ...
    }
    

    So now I can show different pages for every action (and If I want I can use another master view as a parameter).

    Thank you again @x00

    There was an error rendering this rich post.

  • x00x00 MVP
    edited June 2013

    I think if you are making your own app you might well keep in house. You could create a base controller, for you app and extend that, or whatever.

    grep is your friend.

Sign In or Register to comment.