Replace "Access::forbidden()" with "throw HTTP_Exception::factory(403…

…)" so

it makes more sense next to other errors (e.g. 404).

modules/comment/classes/Comment/Controller/Comments.php

@@ -27,7 +27,7 @@ public function action_add() {
     $item = ORM::factory("Item", $item_id);
     Access::required("view", $item);
     if (!Comment::can_comment()) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
     $author = Identity::active_user();
 

modules/comment/classes/Comment/Hook/Rest/Comment.php

@@ -31,7 +31,7 @@ static function get($request) {
   static function put($request) {
     // Only admins can edit comments, for now
     if (!Identity::active_user()->admin) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     $comment = Rest::resolve($request->url);
@@ -42,7 +42,7 @@ static function put($request) {
 
   static function delete($request) {
     if (!Identity::active_user()->admin) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     $comment = Rest::resolve($request->url);

modules/gallery/classes/Gallery/Access.php

@@ -114,7 +114,7 @@ static function user_can($user, $perm_name, $item) {
   }
 
   /**
-   * If the active user does not have this permission, failed with an Access::forbidden().
+   * If the active user does not have this permission, fire a 403 Forbidden.
    *
    * @param  string     $perm_name
    * @param  Model_Item $item
@@ -126,7 +126,7 @@ static function required($perm_name, $item) {
         // Treat as if the item didn't exist, don't leak any information.
         throw HTTP_Exception::factory(404);
       } else {
-        Access::forbidden();
+        throw HTTP_Exception::factory(403);
       }
     }
   }
@@ -191,13 +191,6 @@ static function locked_by($group, $perm_name, $item) {
     }
   }
 
-  /**
-   * Terminate immediately with an HTTP 403 Forbidden response.
-   */
-  static function forbidden() {
-    throw HTTP_Exception::factory(403);
-  }
-
   /**
    * Internal method to set a permission
    *
@@ -415,7 +408,7 @@ static function verify_csrf($csrf=null) {
     }
 
     if ($csrf !== Session::instance()->get("csrf")) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
   }
 

modules/gallery/classes/Gallery/Controller/Admin.php

@@ -27,7 +27,7 @@ public function check_auth($auth) {
       if (Identity::active_user()->guest) {
         $auth->login = true;
       } else {
-        Access::forbidden();
+        throw HTTP_Exception::factory(403);
       }
     } else {
       $time_remaining = Auth::get_time_remaining_for_admin_area();

modules/gallery/classes/Gallery/Controller/L10nClient.php

@@ -21,7 +21,7 @@ class Gallery_Controller_L10nClient extends Controller {
   public function action_save() {
     Access::verify_csrf();
     if (!Identity::active_user()->admin) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     $locale = I18n::instance()->locale();
@@ -96,7 +96,7 @@ public function action_save() {
   public function action_toggle_l10n_mode() {
     Access::verify_csrf();
     if (!Identity::active_user()->admin) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     $session = Session::instance();

modules/gallery/classes/Gallery/Controller/Packager.php

@@ -20,7 +20,7 @@
 class Gallery_Controller_Packager extends Controller {
   public function action_package() {
     if (PHP_SAPI != "cli") {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     $_SERVER["SERVER_NAME"] = "example.com";

modules/gallery/classes/Gallery/Controller/Permissions.php

@@ -25,7 +25,7 @@ public function action_browse() {
     Access::required("edit", $item);
 
     if (!$item->is_album()) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     $view = new View("gallery/permissions_browse.html");
@@ -44,7 +44,7 @@ public function action_form() {
     Access::required("edit", $item);
 
     if (!$item->is_album()) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     $this->response->body($this->_get_form($item));

modules/gallery/classes/Gallery/Controller/Reauthenticate.php

@@ -33,7 +33,7 @@ public function action_index() {
       if ($this->request->is_ajax()) {
         // We should never be able to get here since the admin reauth_check
         // won't work for non-admins.
-        Access::forbidden();
+        throw HTTP_Exception::factory(403);
       } else {
         // The user could have navigated here directly.  This isn't a security
         // breach, but they still shouldn't be here.

modules/gallery/classes/Gallery/Controller/Upgrader.php

@@ -57,7 +57,7 @@ public function action_upgrade() {
       $_SERVER["SERVER_NAME"] = "example.com";
     } else {
       if (!Identity::active_user()->admin && !Session::instance()->get("can_upgrade", false)) {
-        Access::forbidden();
+        throw HTTP_Exception::factory(403);
       }
 
       try {

modules/gallery/classes/Gallery/IdentityProvider.php

@@ -66,7 +66,7 @@ static function confirmation_message() {
   static function change_provider($new_provider) {
     if (!Identity::active_user()->admin && PHP_SAPI != "cli") {
       // Below, the active user is set to the primary admin.
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     $current_provider = Module::get_var("gallery", "identity_provider");

modules/server_add/classes/ServerAdd/Controller/ServerAdd.php

@@ -117,7 +117,7 @@ public function action_run() {
 
     $task = ORM::factory("Task", $task_id);
     if (!$task->loaded() || $task->owner_id != Identity::active_user()->id) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     $task = Task::run($task_id);

modules/user/classes/User/Controller/Admin/Users.php

@@ -124,7 +124,7 @@ public function action_delete_user() {
 
     // You cannot delete yourself or the guest user.
     if ($id == Identity::active_user()->id || $id == User::guest()->id) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     // Build the form.

modules/user/classes/User/Controller/Users.php

@@ -26,7 +26,7 @@ public function action_edit() {
     $user_id = $this->request->arg(0, "digit");
     $user = User::lookup($user_id);
     if (empty($user) || $user->guest || $user->id != Identity::active_user()->id) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     // Build the form.
@@ -83,7 +83,7 @@ public function action_change_password() {
     $user_id = $this->request->arg(0, "digit");
     $user = User::lookup($user_id);
     if (empty($user) || $user->guest || $user->id != Identity::active_user()->id) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     $form = Formo::form()
@@ -140,7 +140,7 @@ public function action_change_email() {
     $user_id = $this->request->arg(0, "digit");
     $user = User::lookup($user_id);
     if (empty($user) || $user->guest || $user->id != Identity::active_user()->id) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     $form = Formo::form()