From bf8cce15ad642444772e447fb3ec516423321d23 Mon Sep 17 00:00:00 2001
From: Joenio Costa <joenio@colivre.coop.br>
Date: Thu, 22 Jan 2009 14:25:26 -0300
Subject: [PATCH] ActionItem890: "access denied" page is too ugly

---
 app/controllers/application.rb                              |  5 +++++
 app/controllers/my_profile_controller.rb                    |  3 +--
 app/controllers/public/content_viewer_controller.rb         |  3 +--
 app/views/content_viewer/access_denied.rhtml                |  5 -----
 app/views/shared/access_denied.rhtml                        | 21 +++++++++++++++------
 public/stylesheets/common.css                               |  6 ++++--
 test/functional/content_viewer_controller_test.rb           |  4 ++--
 vendor/plugins/access_control/lib/permission_check.rb       | 10 ++++++----
 vendor/plugins/access_control/test/permission_check_test.rb |  8 +++++++-
 9 files changed, 41 insertions(+), 24 deletions(-)
 delete mode 100644 app/views/content_viewer/access_denied.rhtml

diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index 9a83159..19d6c86 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -96,6 +96,11 @@ class ApplicationController < ActionController::Base
     render :template => 'shared/not_found.rhtml', :status => 404
   end
 
+  def render_access_denied(message = nil)
+    @message = message
+    render :template => 'shared/access_denied.rhtml', :status => 403
+  end
+
   def user
     current_user.person if logged_in?
   end
diff --git a/app/controllers/my_profile_controller.rb b/app/controllers/my_profile_controller.rb
index 7909efd..371c835 100644
--- a/app/controllers/my_profile_controller.rb
+++ b/app/controllers/my_profile_controller.rb
@@ -18,8 +18,7 @@ class MyProfileController < ApplicationController
   def self.requires_profile_class(some_class)
     before_filter do |controller|
       unless controller.send(:profile).kind_of?(some_class)
-        controller.instance_variable_set('@message',  _("This action is not available for \"%s\".") % controller.send(:profile).name)
-        controller.send(:render, :file => File.join(RAILS_ROOT, 'app', 'views', 'shared', 'access_denied.rhtml'), :layout => true, :status => 403)
+        controller.send(:render_access_denied, _("This action is not available for \"%s\".") % controller.send(:profile).name)
       end
     end
   end
diff --git a/app/controllers/public/content_viewer_controller.rb b/app/controllers/public/content_viewer_controller.rb
index d414841..68f02ae 100644
--- a/app/controllers/public/content_viewer_controller.rb
+++ b/app/controllers/public/content_viewer_controller.rb
@@ -49,8 +49,7 @@ class ContentViewerController < ApplicationController
     end
 
     if !@page.display_to?(user)
-      # FIXME find a nice "access denied" layout
-      render :action => 'access_denied', :status => 403, :layout => false
+      render_access_denied(_('You are not allowed to view this content. You can contact the owner of this profile to request access then.'))
     end
 
     # At this point the page will be showed
diff --git a/app/views/content_viewer/access_denied.rhtml b/app/views/content_viewer/access_denied.rhtml
deleted file mode 100644
index 3cabd2d..0000000
--- a/app/views/content_viewer/access_denied.rhtml
+++ /dev/null
@@ -1,5 +0,0 @@
-<h1><%= _('Access denied') %></h1>
-
-<p>
-<%= _('You are not allowed to view this content.') %>
-</p>
diff --git a/app/views/shared/access_denied.rhtml b/app/views/shared/access_denied.rhtml
index f8d98f5..9e0d628 100644
--- a/app/views/shared/access_denied.rhtml
+++ b/app/views/shared/access_denied.rhtml
@@ -1,7 +1,16 @@
-<h2> <%= _('Access denied') %> </h2>
+<div id='access-denied'>
 
-<% unless @message.nil? %>
-  <p>
-  <%= @message %>
-  </p>
-<% end %>
+  <h1> <%= _('Access denied') %> </h1>
+
+  <% unless @message.nil? %>
+    <p><%= @message %></p>
+  <% else %>
+    <p><%= _('You are not allowed to view this page.') %></p>
+  <% end %>
+
+  <ul>
+    <li><%= link_to _('Go to the site home page'), :controller => 'home' %></li>
+    <li><%= link_to _('Go back'), :back %></li>
+  </ul>
+
+</div>
diff --git a/public/stylesheets/common.css b/public/stylesheets/common.css
index c08a56a..fc669cf 100644
--- a/public/stylesheets/common.css
+++ b/public/stylesheets/common.css
@@ -419,14 +419,16 @@ div.pending-tasks {
   margin: 1em;
 }
 
-#content #not-found {
+#content #not-found,
+#content #access-denied {
   padding: 20px;
   margin: 20px;
   border: 1px solid #DDD;
   -moz-border-radius: 6px;
 }
 
-#content #not-found h1 {
+#content #not-found h1,
+#content #access-denied h1 {
   text-align: left;
   background: url(../images/icons-app/alert-icon.png) no-repeat;
   padding-left: 30px;
diff --git a/test/functional/content_viewer_controller_test.rb b/test/functional/content_viewer_controller_test.rb
index 43a642c..58d8090 100644
--- a/test/functional/content_viewer_controller_test.rb
+++ b/test/functional/content_viewer_controller_test.rb
@@ -410,7 +410,7 @@ class ContentViewerControllerTest < Test::Unit::TestCase
     @request.stubs(:ssl?).returns(true)
     get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
 
-    assert_template 'access_denied'
+    assert_template 'access_denied.rhtml'
   end
 
   should 'not give access to private articles if logged in but not member' do
@@ -421,7 +421,7 @@ class ContentViewerControllerTest < Test::Unit::TestCase
     @request.stubs(:ssl?).returns(true)
     get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
 
-    assert_template 'access_denied'
+    assert_template 'access_denied.rhtml'
   end
 
   should 'give access to private articles if logged in and member' do
diff --git a/vendor/plugins/access_control/lib/permission_check.rb b/vendor/plugins/access_control/lib/permission_check.rb
index fbf3ba3..945ac72 100644
--- a/vendor/plugins/access_control/lib/permission_check.rb
+++ b/vendor/plugins/access_control/lib/permission_check.rb
@@ -21,16 +21,18 @@ module PermissionCheck
           accessor = accessor_method.kind_of?(Symbol) ? c.send(accessor_method) : accessor_method
           unless accessor && accessor.has_permission?(permission.to_s, target)
 #            c.instance_variable_set('@b', [accessor, permission, target])
-            c.send(:render, :file => access_denied_template_path, :status => 403) && false
+            c.send(:render, :template => access_denied_template_path, :status => 403) && false
           end
       end
     end
 
     def access_denied_template_path
-      if File.exists?(File.join(RAILS_ROOT, 'app', 'views','access_control' ,'access_denied.rhtml'))
-        file_path = File.join(RAILS_ROOT, 'app', 'views','access_control' ,'access_denied.rhtml')
+      if File.exists?(File.join(RAILS_ROOT, 'app', 'views', 'access_control', 'access_denied.rhtml'))
+        File.join(RAILS_ROOT, 'app', 'views', 'access_control', 'access_denied.rhtml')
+      elsif File.exists?(File.join(RAILS_ROOT, 'app','views', 'shared', 'access_denied.rhtml'))
+        File.join('shared', 'access_denied.rhtml')
       else
-        file_path = File.join(File.dirname(__FILE__),'..', 'views','access_denied.rhtml')
+        File.join(File.dirname(__FILE__), '..', 'views', 'access_denied.rhtml')
       end
     end
   end
diff --git a/vendor/plugins/access_control/test/permission_check_test.rb b/vendor/plugins/access_control/test/permission_check_test.rb
index 2c01de6..060ddc0 100644
--- a/vendor/plugins/access_control/test/permission_check_test.rb
+++ b/vendor/plugins/access_control/test/permission_check_test.rb
@@ -36,6 +36,12 @@ class PermissionCheckTest < Test::Unit::TestCase
     get :other_stuff, :user => user.id, :resource => resource.id
     assert_response :success
     assert_template nil
-  
   end
+
+  def test_try_render_shared_access_denied_view
+    File.expects(:exists?).with(File.join(RAILS_ROOT, 'app', 'views', 'access_control', 'access_denied.rhtml'))
+    File.expects(:exists?).with(File.join(RAILS_ROOT, 'app', 'views', 'shared', 'access_denied.rhtml'))
+    AccessControlTestController.access_denied_template_path
+  end
+
 end
--
libgit2 0.21.2