![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dw-free] Friendlier error message when a logged-in user tries to load an inaccessible entry
[commit: http://hg.dwscoalition.org/dw-free/rev/29d54e1e6015]
http://bugs.dwscoalition.org/show_bug.cgi?id=2138
Add new files (missed them the first time!)
Patch by![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
allen.
Files modified:
http://bugs.dwscoalition.org/show_bug.cgi?id=2138
Add new files (missed them the first time!)
Patch by
allen.Files modified:
- cgi-bin/DW/Controller/Protected.pm
- cgi-bin/weblib.pl
- htdocs/manage/subscriptions/comments.bml
- htdocs/manage/subscriptions/entry.bml
- htdocs/manage/subscriptions/user.bml
- htdocs/stc/widgets/protected.css
- views/login.tt
- views/login.tt.text
- views/protected.tt
- views/protected.tt.text
--------------------------------------------------------------------------------
diff -r 624a2b7f6639 -r 29d54e1e6015 cgi-bin/DW/Controller/Protected.pm
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/cgi-bin/DW/Controller/Protected.pm Thu Jul 08 15:46:55 2010 +0800
@@ -0,0 +1,73 @@
+#!/usr/bin/perl
+#
+# DW::Controller::Protected
+#
+# Displays when a user tries to access protected content.
+#
+# Author:
+# Allen Petersen <allen@suberic.net>
+#
+# Copyright (c) 2010 by Dreamwidth Studios, LLC.
+#
+# This program is free software; you may redistribute it and/or modify it under
+# the same terms as Perl itself. For a copy of the license, please reference
+# 'perldoc perlartistic' or 'perldoc perlgpl'.
+#
+
+package DW::Controller::Protected;
+
+use strict;
+use warnings;
+use DW::Controller;
+use DW::Template;
+use DW::Routing;
+use DW::Request;
+
+DW::Routing->register_string( '/protected', \&protected_handler, app => 1 );
+
+sub protected_handler {
+ my $r = DW::Request->get;
+
+ my ( $ok, $rv ) = controller( anonymous => 1 );
+ return $rv unless $ok;
+
+ # set the status to 403
+ $r->status( 403 );
+
+ # returnto will either have been set as a request note or passed in as
+ # a query argument. if neither of those work, we can reconstruct it
+ # using the current request url
+ my $returnto = $r->note( 'returnto' ) || LJ::ehtml( $r->get_args->{returnto} );
+ if ( ( ! $returnto ) && ( $r->uri ne '/protected' ) ) {
+ my $host = $r->header_in('Host');
+ my $query_string = $r->query_string ? "?" . $r->query_string : "";
+ $returnto = LJ::ehtml( "http://$host" . $r->uri . "$query_string" );
+ }
+
+ my $vars = {
+ returnto => $returnto,
+ };
+
+ my $remote = $rv->{remote};
+
+ if ( $remote ) {
+ $vars->{remote} = $remote;
+ if ( $r->note( 'error_key' ) ) {
+ my $journalname = $r->note( 'journalname' );
+ $vars->{journalname} = $journalname;
+ $vars->{'error_key'} = '.protected.error.notauthorised' . $r->note( 'error_key' );
+ } else {
+ $vars->{'error_key'} = '.protected.message.user';
+ $vars->{'journalname'} = "";
+ }
+ } else {
+ $vars->{chal} = LJ::challenge_generate(300);
+ # include SSL if it's an option
+ $vars->{'usessl'} = $LJ::USE_SSL;
+ }
+
+ return DW::Template->render_template( 'protected.tt', $vars );
+
+}
+
+1;
diff -r 624a2b7f6639 -r 29d54e1e6015 cgi-bin/weblib.pl
--- a/cgi-bin/weblib.pl Thu Jul 08 15:33:21 2010 +0800
+++ b/cgi-bin/weblib.pl Thu Jul 08 15:46:55 2010 +0800
@@ -3512,7 +3512,7 @@ sub subscribe_interface {
};
$ret .= LJ::html_hidden({name => 'mode', value => 'save_subscriptions'});
- $ret .= LJ::html_hidden({name => 'ret_url', value => $ret_url});
+ $ret .= LJ::html_hidden({name => 'ret_url', value => LJ::ehtml( $ret_url )});
$ret .= LJ::html_hidden({name => 'post_to_settings_page', value => $post_to_settings_page});
# print buttons
diff -r 624a2b7f6639 -r 29d54e1e6015 htdocs/manage/subscriptions/comments.bml
--- a/htdocs/manage/subscriptions/comments.bml Thu Jul 08 15:33:21 2010 +0800
+++ b/htdocs/manage/subscriptions/comments.bml Thu Jul 08 15:46:55 2010 +0800
@@ -103,11 +103,15 @@ body<=
},
];
+ my $referer = BML::get_client_header('Referer');
+ my ( $style ) = ( $referer =~ /\b(style=\w+)/ );
+ $style = LJ::viewing_style_args( split( /=/, $style ) );
+
return LJ::subscribe_interface(
$remote,
categories => $categories,
journal => $journal,
- ret_url => ($can_watch ? $comment->url : $entry->url),
+ ret_url => ($can_watch ? $comment->url( $style ) : $entry->url . "?$style" ),
default_selected_notifications => ['LJ::NotificationMethod::Email'],
post_to_settings_page => 1,
);
diff -r 624a2b7f6639 -r 29d54e1e6015 htdocs/manage/subscriptions/entry.bml
--- a/htdocs/manage/subscriptions/entry.bml Thu Jul 08 15:33:21 2010 +0800
+++ b/htdocs/manage/subscriptions/entry.bml Thu Jul 08 15:46:55 2010 +0800
@@ -88,10 +88,14 @@ body<=
flags => LJ::Subscription::TRACKING,
);
+ my $referer = BML::get_client_header('Referer');
+ my ( $style ) = ( $referer =~ /\b(style=\w+)/ );
+ $style = LJ::viewing_style_args( split( /=/, $style ) );
+
$body .= LJ::subscribe_interface( $remote,
journal => $journal,
categories => $categories,
- ret_url => $entry->url,
+ ret_url => $entry->url . "?$style",
default_selected_notifications => ['LJ::NotificationMethod::Email'],
post_to_settings_page => 1,
);
diff -r 624a2b7f6639 -r 29d54e1e6015 htdocs/manage/subscriptions/user.bml
--- a/htdocs/manage/subscriptions/user.bml Thu Jul 08 15:33:21 2010 +0800
+++ b/htdocs/manage/subscriptions/user.bml Thu Jul 08 15:46:55 2010 +0800
@@ -92,6 +92,7 @@ body<=
return LJ::subscribe_interface( $remote,
categories => $categories,
journal => $journal,
+ ret_url => BML::get_client_header('Referer'),
post_to_settings_page => 1,
);
diff -r 624a2b7f6639 -r 29d54e1e6015 htdocs/stc/widgets/protected.css
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/htdocs/stc/widgets/protected.css Thu Jul 08 15:46:55 2010 +0800
@@ -0,0 +1,76 @@
+/* this is the css for the login widget as used in the /protected page.*/
+
+.login-container {
+ overflow: auto;
+ clear: both;
+}
+
+.appwidget-login {
+ padding-left: 1em;
+ border: 1px solid #ccc;
+ width: 47%;
+ float: left;
+ clear: left;
+}
+.appwidget-login h2 {
+ margin: 0 0 8px 0;
+ display: none;
+}
+.appwidget-login form {
+ margin-bottom: 10px;
+}
+.appwidget-login fieldset.nostyle {
+ margin-bottom: 0.5em !important;
+}
+.appwidget-login label.left {
+ width: 8em;
+ line-height: 22px;
+}
+.appwidget-login input.text {
+ width: 160px;
+}
+.appwidget-login #user {
+ background: #fff url(/img/silk/identity/user.png) no-repeat 1px 50%;
+ padding-left: 18px;
+ font-weight: bold;
+ color: #c1272c;
+ width: 144px; /* needs to be 16px less than input.text width */
+}
+.appwidget-login fieldset.nostyle,
+.appwidget-login p {
+ margin: 0 0 0.5em 0;
+}
+.appwidget-login p {
+ margin-left: 8em;
+}
+.appwidget-login a.small-link {
+ font-size: 85%;
+ color: #777;
+}
+
+.appwidget-login-openid {
+ border: 1px solid #ccc;
+ width: 47%;
+ float: right;
+ clear: right;
+ padding: 0.4em;
+ background: #ccc;
+}
+
+.login-create-account {
+ width: auto;
+}
+
+.errorbar {
+ color: #000;
+ font: 12px Verdana, Arial, Sans-Serif;
+ background-color: #FFEEEE;
+ background-repeat: repeat-x;
+ border: 1px solid #FF9999;
+ padding: 6px 8px;
+ margin-top: auto; margin-bottom: 15px;
+ margin-left: auto; margin-right: auto;
+ width: auto;
+ text-align: left;
+}
+
diff -r 624a2b7f6639 -r 29d54e1e6015 views/login.tt
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/views/login.tt Thu Jul 08 15:46:55 2010 +0800
@@ -0,0 +1,64 @@
+[%# login.tt
+
+Login page.
+
+Authors:
+ Allen Petersen <allen@suberic.net>
+
+This program is free software; you may redistribute it and/or modify it
+under the same terms as Perl itself. For a copy of the license, please
+reference 'perldoc perlartistic' or 'perldoc perlgpl'.
+%]
+<div class="login-container">
+ <div class="appwidget appwidget-login" id="protected_login">
+ <form action="[% IF usessl %][% roots.ssl %][% ELSE %][% roots.site %][% END %]/login" method="post" class="lj_login_form pkg">
+ <h4>[% '.login.header' | ml( sitename = site.name ) %]</h4>
+ [% dw.form_auth() %]
+ <input type="hidden" name="chal" class="lj_login_chal" value="[% chal %]" />
+ <input type="hidden" name="response" class="lj_login_response" value="" />
+ <fieldset class="pkg nostyle">
+ <label for="user" class="left">[% '.login.username' | ml %]</label>
+ <input type="text" value="" name="user" id="user" class="text" size="18" maxlength="27" style="" tabindex="11" aria-required="true" />
+ </fieldset>
+ <fieldset class="pkg nostyle">
+ <label for="lj_login_password" class="left">[% '.login.password' | ml %]</label>
+ <input type="password" id="lj_login_password" name="password" class="lj_login_password text" size="20" maxlength="30" tabindex="12" aria-required="true" />
+ </fieldset>
+ <input type="hidden" name="returnto" value="[% returnto %]"/>
+ <fieldset class="pkg nostyle">
+ <p><input type="checkbox" name="remember_me" id="remember_me" value="1" tabindex="13" /> <label for="remember_me">[% '.login.remember' | ml %]</label></p>
+ </fieldset>
+ <p><input name="action:login" type="submit" value="[% '.login.btn.login' | ml %]" tabindex="14" />
+ [% IF usessl %]
+ <img src="[% roots.img %]/padlocked.gif" width="20" height="16" class="secure-image" alt="[% '.login.secure' | ml %]" />
+ [% ELSE %]
+ <img src="[% roots.img %]/unpadlocked.gif" width="20" height="16" class="secure-image" alt="[% '.login.standard' | ml %]" />
+ [% END %]
+ <p><a href="[% roots.site %]/lostinfo" class="small-link" tabindex="15">[% '.login.forget' | ml %]</a> </p>
+ </form>
+ </div><!-- end .appwidget-login -->
+
+ <div class="appwidget-login-openid">
+ <h4>[% '.login.openid.header' | ml %]</h4>
+ <form method='post' action='[% roots.site %]/openid/login' style='display:inline; width:auto'>
+ <b>[% '.login.openid.url' | ml %]</b><br/>
+ <input class="sexy" id="openid_url" name="openid_url" size="30" aria-required="true" tabindex="16" /><br/>
+ <input type="hidden" name="continue_to" value="[% returnto %]"/>
+ <input style="background: #ff6200; color: #fff;" type="submit" value="[% '.login.openid.submit' | ml %]" tabindex="17" />
+ <br />[% '.login.openid.example' | ml %]
+ </form>
+ </div>
+</div>
+
+ <div class="login-create-account">
+ <hr class="hr" />
+ <h4>[% '.createaccount.header' | ml( sitename = site.name ) %]</h4>
+ <form action="[% roots.site %]/create" method="get"><input type="submit" value="[% '.createaccount.button' | ml %]" class="create-account" tabindex="18" /></form>
+ <ul>
+ <li>[% '.createaccount.whylogin.benefit1' | ml %]</li>
+ <li>[% '.createaccount.whylogin.benefit2' | ml %]</li>
+ <li>[% '.createaccount.whylogin.benefit3' | ml %]</li>
+ <li>[% '.createaccount.whylogin.benefit4' | ml %]</li>
+ <li>[% '.createaccount.whylogin.benefit5' | ml %]</li>
+ </ul>
+ </div><!-- end .login-create-account -->
diff -r 624a2b7f6639 -r 29d54e1e6015 views/login.tt.text
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/views/login.tt.text Thu Jul 08 15:46:55 2010 +0800
@@ -0,0 +1,39 @@
+;; -*- coding: utf-8 -*-
+.createaccount.header=Not a [[sitename]] member?
+
+.createaccount.button=Create an Account
+
+.createaccount.whylogin.benefit1=Read Access List and filtered entries that you have access to.
+
+.createaccount.whylogin.benefit2=Leave comments in any journal or community.
+
+.createaccount.whylogin.benefit3=Post entries in your own journal.
+
+.createaccount.whylogin.benefit4=Add any journal or community to your Reading page.
+
+.createaccount.whylogin.benefit5=Access features that are only visible when you're logged in.
+
+.login.btn.login=Log in
+
+.login.forget=Forgot password?
+
+.login.header=Log in to [[sitename]]
+
+.login.openid.example=For example: <tt>melody.someblog.com</tt> (if your host supports OpenID)
+
+.login.openid.header=Log in with OpenID
+
+.login.openid.submit=Login
+
+.login.openid.url=Your OpenID URL:
+
+.login.password=Password:
+
+.login.remember=Remember me
+
+.login.secure=Secure
+
+.login.standard=Standard
+
+.login.username=Account name:
+
diff -r 624a2b7f6639 -r 29d54e1e6015 views/protected.tt
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/views/protected.tt Thu Jul 08 15:46:55 2010 +0800
@@ -0,0 +1,32 @@
+[%# protected.tt
+
+Protected content splash page
+
+Authors:
+ Allen Petersen <allen@suberic.net>
+
+This program is free software; you may redistribute it and/or modify it
+under the same terms as Perl itself. For a copy of the license, please
+reference 'perldoc perlartistic' or 'perldoc perlgpl'.
+%]
+
+[% sections.title = '.title' | ml %]
+[% dw.need_res('stc/widgets/protected.css') %]
+
+<div class="errorbar" style="background-image: URL('[%- roots.img -%]/message-error.gif');">
+<strong>
+[% IF remote %]
+ [% error_key | ml( user = remote.ljuser_display, siteroot = roots.site, journalname= journalname ) %]
+[% ELSE %]
+ [% '.protected.message.nouser' | ml ( sitename = site.name ) %]
+[% END %]
+</strong>
+</div>
+
+[% UNLESS remote %]
+ [% old_scope = dw.ml_scope() %]
+ [% CALL dw.ml_scope( '/login.tt' ) %]
+ [% INCLUDE login.tt %]
+ [% CALL dw.ml_scope( old_scope ) %]
+[% END %]
+
diff -r 624a2b7f6639 -r 29d54e1e6015 views/protected.tt.text
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/views/protected.tt.text Thu Jul 08 15:46:55 2010 +0800
@@ -0,0 +1,13 @@
+;; -*- coding: utf-8 -*-
+.protected.error.notauthorised.comm.closed=This protected entry is viewable by community members only. Membership to this community is closed.
+
+.protected.error.notauthorised.comm.open=This protected entry is viewable by community members only. Would you like to <a href="[[siteroot]]/community/join?comm=[[journalname]]">join the community</a>?
+
+.protected.message.nouser=You need to be logged in to see this content. If you have an account on [[sitename]], you can log in using it. Or, if you have an account on a site that supports OpenID, you may log in using OpenID.
+
+.protected.message.user=You are currently logged in as [[user]], but do not have permission to view this content. The journal owner may have locked or removed this content, or you may need to log in as another user that has access.
+
+.title=Protected
+
+.windowtitle=Protected
+
--------------------------------------------------------------------------------