Error if logged-in user visits admin without permission.

This is less confusing than redirecting to /auth and then to /my (as they're logged in). Fixes #1566.
author: Matthew Somerville <matthew-github@dracos.co.uk> 2016-10-26 17:01:56 +0100
committer: Matthew Somerville <matthew-github@dracos.co.uk> 2016-10-26 17:20:11 +0100
commit: 50379992dc95e242fd29f6e3473c70f2106749bc (patch)
tree: c460b1b425ccf58720566cbfb72e79163eb471a0 /perllib/FixMyStreet/App/Controller/Admin.pm
parent: b42f354d5c4ad7f237a826033c3c176821e4a085 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm
index d5a6486fd..c4bd5c293 100644
--- a/perllib/FixMyStreet/App/Controller/Admin.pm
+++ b/perllib/FixMyStreet/App/Controller/Admin.pm
@@ -33,9 +33,12 @@ sub begin : Private {
 
     # User must be logged in to see cobrand, and meet whatever checks the
     # cobrand specifies. Default cobrand just requires superuser flag to be set.
-    unless ( $c->user_exists && $c->cobrand->admin_allow_user($c->user) ) {
+    unless ( $c->user_exists ) {
         $c->detach( '/auth/redirect' );
     }
+    unless ( $c->cobrand->admin_allow_user($c->user) ) {
+        $c->detach('/page_error_403_access_denied', []);
+    }
 
     if ( $c->cobrand->moniker eq 'zurich' ) {
         $c->cobrand->admin_type();
author	Matthew Somerville <matthew-github@dracos.co.uk>	2016-10-26 17:01:56 +0100
committer	Matthew Somerville <matthew-github@dracos.co.uk>	2016-10-26 17:20:11 +0100
commit	50379992dc95e242fd29f6e3473c70f2106749bc (patch)
tree	c460b1b425ccf58720566cbfb72e79163eb471a0 /perllib/FixMyStreet/App/Controller/Admin.pm
parent	b42f354d5c4ad7f237a826033c3c176821e4a085 (diff)