badmanners/shimmie2
badmanners/shimmie2
Archived
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[core] differentiate permission denied due to missing permission vs error, see #1103

Browse source
This commit is contained in:
Shish 2024-03-12 10:34:13 +00:00 committed by Shish
parent b8ff02f6ba
commit 517f8c0019
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
core/event.php
View file

@ -217,10 +217,10 @@ class PageRequestEvent extends Event
// if we matched the method and the path, but the page requires // if we matched the method and the path, but the page requires
// authentication and the user is not authenticated, then complain // authentication and the user is not authenticated, then complain
if($authed && $this->is_authed === false) { if($authed && $this->is_authed === false) {
throw new PermissionDenied("Permission Denied"); throw new PermissionDenied("Permission Denied: Missing CSRF Token");
} }
if($permission !== null && !$user->can($permission)) { if($permission !== null && !$user->can($permission)) {
throw new PermissionDenied("Permission Denied"); throw new PermissionDenied("Permission Denied: {$user->name} lacks permission {$permission}");
} }
return true; return true;