Improve code redirection for indexController

- add comments - forward request is done in the controller (no Minz_Request::forward() in the view, please) - "soft" forward to the login form (no need of 302) - show a 403 page (no authenticated) for rss output when token is wrong
author: Marien Fressinaud <dev@marienfressinaud.fr> 2014-02-15 11:43:07 +0100
committer: Marien Fressinaud <dev@marienfressinaud.fr> 2014-02-15 11:43:07 +0100
commit: a34941f41875bcc9d260c8dfcf9d44a00f835bc9 (patch)
tree: bc05f9dfaff8166a791261551cb45f7dd20465a3 /app/Controllers/indexController.php
parent: fb7bc50673f226070c5399bd6bbf07b91eeda01e (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php
index af08edb46..a680c914a 100755
--- a/app/Controllers/indexController.php
+++ b/app/Controllers/indexController.php
@@ -11,7 +11,16 @@ class FreshRSS_index_Controller extends Minz_ActionController {
 		if (!$this->view->loginOk && !Minz_Configuration::allowAnonymous()) {
 			$token_param = Minz_Request::param ('token', '');
 			$token_is_ok = ($token != '' && $token === $token_param);
-			if (!($output === 'rss' && $token_is_ok)) {
+			if ($output === 'rss' && !$token_is_ok) {
+				Minz_Error::error (
+					403,
+					array ('error' => array (Minz_Translate::t ('access_denied')))
+				);
+				return;
+			} elseif ($output !== 'rss') {
+				// "hard" redirection is not required, just ask dispatcher to
+				// forward to the login form without 302 redirection
+				Minz_Request::forward(array('c' => 'index', 'a' => 'formLogin'));
 				return;
 			}
 		}
author	Marien Fressinaud <dev@marienfressinaud.fr>	2014-02-15 11:43:07 +0100
committer	Marien Fressinaud <dev@marienfressinaud.fr>	2014-02-15 11:43:07 +0100
commit	a34941f41875bcc9d260c8dfcf9d44a00f835bc9 (patch)
tree	bc05f9dfaff8166a791261551cb45f7dd20465a3 /app/Controllers/indexController.php
parent	fb7bc50673f226070c5399bd6bbf07b91eeda01e (diff)