Show clearer message when no project access [#467]

rundeck · Nov 7, 2011 · 251f65b · 251f65b
1 parent f0c91fa
commit 251f65b
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 2 deletions.
diff --git a/rundeckapp/grails-app/conf/ProjectSelectFilters.groovy b/rundeckapp/grails-app/conf/ProjectSelectFilters.groovy
@@ -58,7 +58,7 @@ public class ProjectSelectFilters {
          * on first user login, set the session.project if it is not set, to the last user project selected, or
          * to the first project in the available list 
          */
-        projectSelection(controller: 'framework', action: '(createProject|selectProject|projectSelect|(create|save|check|edit|view)ResourceModelConfig)',invert:true) {
+        projectSelection(controller: 'framework', action: '(createProject|selectProject|projectSelect|noProjectAccess|(create|save|check|edit|view)ResourceModelConfig)',invert:true) {
             before = {
                 if (request.api_version || request.is_api_req) {
                     //only default the project if not an api request
@@ -108,7 +108,11 @@ public class ProjectSelectFilters {
                     }
                     session.project = selected
                     if (!selected) {
-                        redirect(action: 'createProject', controller: 'framework')
+                        if (!frameworkService.authorizeApplicationResourceTypeAll(fw, 'project', ['create'])) {
+                            redirect(action: 'noProjectAccess', controller: 'framework')
+                        }else{
+                            redirect(action: 'createProject', controller: 'framework')
+                        }
                         return false
                     }
                 }

diff --git a/rundeckapp/grails-app/controllers/FrameworkController.groovy b/rundeckapp/grails-app/controllers/FrameworkController.groovy
@@ -52,6 +52,14 @@ class FrameworkController  {
         response.setHeader(Constants.X_RUNDECK_ACTION_UNAUTHORIZED_HEADER, request.error)
         render(template: fragment ? '/common/errorFragment' : '/common/error', model: [:])
     }
+
+    def noProjectAccess = {
+        response.setStatus(403)
+        request.title = "Unauthorized"
+        request.error = "No authorized access to projects. Contact your administrator."
+        response.setHeader(Constants.X_RUNDECK_ACTION_UNAUTHORIZED_HEADER, request.error)
+        return render(template:  '/common/error', model: [:])
+    }
     /**
      * This action returns a json object informing about whether the user is authorized
      * to run scripts in the current project context.