diff options
| -rw-r--r-- | CHANGELOG.md | 2 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report.pm | 4 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Root.pm | 4 | ||||
| -rw-r--r-- | t/app/controller/report_display.t | 4 | ||||
| -rwxr-xr-x | templates/web/base/errors/generic.html | 5 |
5 files changed, 13 insertions, 6 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index b18762648..993bb3535 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,8 @@ ## Releases * Unreleased + - Front end improvements: + - Improved 403 message, especially for private reports. - Admin improvements: - Add new roles system, to group permissions and apply to users. - Bugfixes: diff --git a/perllib/FixMyStreet/App/Controller/Report.pm b/perllib/FixMyStreet/App/Controller/Report.pm index f2f411635..9b90da161 100644 --- a/perllib/FixMyStreet/App/Controller/Report.pm +++ b/perllib/FixMyStreet/App/Controller/Report.pm @@ -1,5 +1,6 @@ package FixMyStreet::App::Controller::Report; +use utf8; use Moose; use namespace::autoclean; use JSON::MaybeXS; @@ -156,9 +157,10 @@ sub load_problem_or_display_error : Private { my $permissions = $c->stash->{_permissions} = $c->forward( 'check_has_permission_to', [ qw/report_inspect report_edit_category report_edit_priority report_mark_private / ] ); if ( !$c->user || ($c->user->id != $problem->user->id && !($permissions->{report_inspect} || $permissions->{report_mark_private})) ) { + my $url = '/auth?r=report/' . $problem->id; $c->detach( '/page_error_403_access_denied', - [ sprintf(_('That report cannot be viewed on %s.'), $c->stash->{site_name}) ] + [ sprintf(_('Sorry, you don’t have permission to do that. If you are the problem reporter, or a member of staff, please <a href="%s">sign in</a> to view this report.'), $url) ] ); } } diff --git a/perllib/FixMyStreet/App/Controller/Root.pm b/perllib/FixMyStreet/App/Controller/Root.pm index 340c930c2..2c7e28e5f 100644 --- a/perllib/FixMyStreet/App/Controller/Root.pm +++ b/perllib/FixMyStreet/App/Controller/Root.pm @@ -122,7 +122,9 @@ sub page_error_410_gone : Private { sub page_error_403_access_denied : Private { my ( $self, $c, $error_msg ) = @_; - $c->detach('page_error', [ $error_msg || _("Sorry, you don't have permission to do that."), 403 ]); + $c->stash->{title} = _('Access denied'); + $error_msg ||= _("Sorry, you don't have permission to do that."); + $c->detach('page_error', [ $error_msg, 403 ]); } sub page_error_400_bad_request : Private { diff --git a/t/app/controller/report_display.t b/t/app/controller/report_display.t index bde090dd1..bb5b0a72d 100644 --- a/t/app/controller/report_display.t +++ b/t/app/controller/report_display.t @@ -78,7 +78,7 @@ subtest "change report to non_public and check for 403 status" => sub { ok $mech->get("/report/$report_id"), "get '/report/$report_id'"; is $mech->res->code, 403, "access denied"; is $mech->uri->path, "/report/$report_id", "at /report/$report_id"; - $mech->content_contains('That report cannot be viewed on FixMyStreet.'); + $mech->content_contains('permission to do that. If you are the problem reporter'); ok $report->update( { non_public => 0 } ), 'make report public'; }; @@ -94,7 +94,7 @@ subtest "check owner of report can view non public reports" => sub { ok $mech->get("/report/$report_id"), "get '/report/$report_id'"; is $mech->res->code, 403, "access denied to user who is not report creator"; is $mech->uri->path, "/report/$report_id", "at /report/$report_id"; - $mech->content_contains('That report cannot be viewed on FixMyStreet.'); + $mech->content_contains('permission to do that. If you are the problem reporter'); $mech->log_out_ok; ok $report->update( { non_public => 0 } ), 'make report public'; }; diff --git a/templates/web/base/errors/generic.html b/templates/web/base/errors/generic.html index 241b310de..e5c2ca0c1 100755 --- a/templates/web/base/errors/generic.html +++ b/templates/web/base/errors/generic.html @@ -1,11 +1,12 @@ -[% INCLUDE 'header.html', bodyclass = 'fullwidthpage', title = loc('Error') %] +[% DEFAULT title = loc('Error') %] +[% INCLUDE 'header.html', bodyclass = 'fullwidthpage', title = title %] [% IF csrf_token ~%] <input type="hidden" name="token" value="[% csrf_token %]"> [% END ~%] <div class="confirmation-header confirmation-header--failure"> - <h1>[% loc('Error') %]</h1> + <h1>[% title %]</h1> <p>[% message %]</p> </div> |