added 403 pages for private tables access via public url. closes #624

ferblape · Mar 21, 2012 · f273b8e · f273b8e
1 parent 9dc2b9e
commit f273b8e
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 3 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -162,7 +162,7 @@ GEM
       columnize (>= 0.3.1)
       linecache19 (>= 0.5.11)
       ruby_core_source (>= 0.1.4)
-    ruby-debug-base19x (0.11.30.pre9)
+    ruby-debug-base19x (0.11.30.pre10)
       columnize (>= 0.3.1)
       linecache19 (>= 0.5.11)
       rake (>= 0.8.1)
@@ -187,7 +187,7 @@ GEM
       sequel (>= 3.29.0)
     sinatra (1.2.8)
       rack (~> 1.1)
-      tilt (< 2.0, >= 1.2.2)
+      tilt (>= 1.2.2, < 2.0)
     spreadsheet (0.6.5.9)
       ruby-ole (>= 1.0)
     state_machine (1.1.2)

diff --git a/app/controllers/admin/tables_controller.rb b/app/controllers/admin/tables_controller.rb
@@ -79,7 +79,7 @@ def show_public
     @table = Table.find_by_subdomain(@subdomain, params[:id])    
 
     if @table.blank? || (!current_user && @table.private?) || ((current_user && current_user.id != @table.owner.id) && @table.private?)     
-      head :forbidden
+      render_403
     else
       respond_to do |format|
         format.html {render 'show_public', :layout => 'application_public' }

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -34,6 +34,13 @@ def allow_cross_domain_access
     end
   end
 
+  def render_403
+    respond_to do |format|
+      format.html { render :file => "public/403.html", :status => 403, :layout => false }
+      format.all  { head :forbidden }      
+    end
+  end
+
   def render_404
     respond_to do |format|
       format.html do

diff --git a/public/403.html b/public/403.html
@@ -0,0 +1,18 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict //EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html>
+  <head>
+    <title>CartoDB - 403 Error</title>
+    <link href="/stylesheets/reset.css" media="screen" rel="stylesheet" type="text/css" />
+    <link href="/stylesheets/front/error.css" media="screen" rel="stylesheet" type="text/css" />
+    <link rel="shortcut icon" href="/favicon/favicon_32x32.ico" />
+  </head>
+  <body>
+    <div class="glow">
+      <div class="section">
+        <h1><strong>Sorry!</strong> You are not able to access this page</h1>
+        <div class="no_table"></div>
+      </div>
+      <div class="footer"><a href="http://www.cartodb.com" target="_blank">CartoDB</a> is a product from <a href="http://www.vizzuality.com" target="_blank">vizzuality</a> | <a href="http://cartodb.com/terms">Terms of service</a></div>
+    </div>
+  </body>
+</html>