diff --git a/code/controller/behavior/permissible.php b/code/controller/behavior/permissible.php index 1116b5a7f0..e78acdc13f 100644 --- a/code/controller/behavior/permissible.php +++ b/code/controller/behavior/permissible.php @@ -88,22 +88,44 @@ public function execute(CommandInterface $command, CommandChainInterface $chain) { $action = $parts[1]; - if($this->canExecute($action) === false) + $result = $this->canExecute($action); + + $invalid_statuses = array( + HttpResponse::NOT_IMPLEMENTED, + HttpResponse::UNAUTHORIZED, + HttpResponse::FORBIDDEN, + false, + ); + + if (in_array($result, $invalid_statuses)) { - $message = 'Action '.ucfirst($action).' Not Allowed'; + if ($result === false && $this->getUser()->isAuthentic()) { + $result = HttpResponse::FORBIDDEN; + } - if($this->getUser()->isAuthentic()) + switch ($result) { - if (!$this->getUser()->isEnabled()) { - $message = 'User account is disabled'; - } + case HttpResponse::NOT_IMPLEMENTED: + throw new HttpExceptionNotImplemented('Action "'.ucfirst($action).'" not implemented'); + + case HttpResponse::UNAUTHORIZED: + throw new ControllerExceptionRequestNotAuthenticated('Action "'.ucfirst($action).'" requires authentication'); - throw new ControllerExceptionRequestForbidden($message); - } - else throw new ControllerExceptionRequestNotAuthorized($message); + case HttpResponse::FORBIDDEN: + throw new ControllerExceptionRequestForbidden('Action "'.ucfirst($action).'" not allowed'); - return false; + default: + $message = 'Action "'.ucfirst($action).'" not allowed'; + + if ($this->getUser()->isAuthentic() && $this->getUser()->isEnabled()) { + $message .= 'User account is disabled'; + } + + throw new ControllerExceptionRequestForbidden($message); + } } + + return true; } return true; @@ -125,7 +147,7 @@ public function canExecute($action) $actions = $this->getActions(); $actions = array_flip($actions); - $result = isset($actions[$action]); + $result = isset($actions[$action]) ? HttpResponse::NOT_IMPLEMENTED : true; } else $result = $this->$method();