fix: [UI] Better error message for permission denied

2020-12-10 23:16:54 +01:00 · 2020-12-10 23:16:54 +01:00 · f5d38bcb3e
parent 255330e5a2
commit f5d38bcb3e
4 changed files with 44 additions and 47 deletions
--- a/app/View/Errors/error400.ctp
+++ b/app/View/Errors/error400.ctp
@ -1,33 +1,39 @@
 <div class="misp-error-container">
-<?php
-if ($message !== 'The request has been black-holed'):
+    <?php
+    if ($message !== 'The request has been black-holed'):
+        ?>
+        <h2><?= $message; ?></h2>
+        <p class="error">
+            <strong><?= __d('cake', 'Error'); ?>: </strong>
+            <?php
+            switch ($error->getCode()) {
+                case 404:
+                    echo __d('cake', 'The requested address %s was not found on this server.', "<strong>'$url'</strong>");
+                    break;
+                case 405:
+                    echo __d('cake', 'You don\'t have permission to access %s.', "<strong>'$url'</strong>");
+                    break;
+            }
+            ?>
+        </p>
+        <?php
+        if (Configure::read('debug') > 0):
+            echo $this->element('exception_stack_trace');
+        endif;
+    else:
+        ?>
+        <h2><?= __('You have tripped the cross-site request forgery protection of MISP');?></h2>
+        <p class="error">
+            <strong><?= __('CSRF error') ?>:</strong>
+            <?= __('This happens usually when you try to resubmit the same form with invalidated CSRF tokens or you had a form open too long and the CSRF tokens simply expired. Just go back to the previous page and refresh the form (by reloading the same url) so that the tokens get refreshed.');?>
+        </p>
+        <p>
+            <?= __('Alternatively, click <a href="%s">here</a> to continue to the start page.', $baseurl);?>
+        </p>
+        <?php
+        if (Configure::read('debug') > 0):
+            echo $this->element('exception_stack_trace');
+        endif;
+    endif;
    ?>
-    <h2><?php echo $message; ?></h2>
-    <p class="error">
-        <strong><?php echo __d('cake', 'Error'); ?>: </strong>
-        <?php printf(
-            __d('cake', 'The requested address %s was not found on this server.'),
-            "<strong>'$url'</strong>"
-        ); ?>
-    </p>
-    <?php
-    if (Configure::read('debug') > 0):
-        echo $this->element('exception_stack_trace');
-    endif;
-else:
-?>
-    <h2><?php echo __('You have tripped the cross-site request forgery protection of MISP');?></h2>
-    <p class="error">
-        <strong><?php echo __('CSRF error');?>:</strong>
-        <?php echo __('This happens usually when you try to resubmit the same form with invalidated CSRF tokens or you had a form open too long and the CSRF tokens simply expired. Just go back to the previous page and refresh the form (by reloading the same url) so that the tokens get refreshed.');?>
-    </p>
-    <p>
-        <?php echo __('Alternatively, click <a href="%s">here</a> to continue to the start page.', $baseurl);?>
-    </p>
-    <?php
-    if (Configure::read('debug') > 0):
-        echo $this->element('exception_stack_trace');
-    endif;
-endif;
-?>
 </div>
--- a/app/View/Errors/error403.ctp
+++ b/app/View/Errors/error403.ctp
@ -1,5 +1,7 @@
+<div class="misp-error-container">
 <h2><?php echo $name; ?></h2>
 <p class="error">
    <strong><?php echo __('Error'); ?>: </strong>
    <?php printf(__('%s', true), "{$message}"); ?>
 </p>
+</div>
--- a/app/View/Errors/error500.ctp
+++ b/app/View/Errors/error500.ctp
@ -1,26 +1,12 @@
-<?php
-/**
- * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
- * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
- *
- * Licensed under The MIT License
- * For full copyright and license information, please see the LICENSE.txt
- * Redistributions of files must retain the above copyright notice.
- *
- * @copyright     Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
- * @link          http://cakephp.org CakePHP(tm) Project
- * @package       app.View.Errors
- * @since         CakePHP(tm) v 0.10.0.1076
- * @license       http://www.opensource.org/licenses/mit-license.php MIT License
- */
-?>
+<div class="misp-error-container">
 <h2><?php echo $message; ?></h2>
 <p class="error">
    <strong><?php echo __d('cake', 'Error'); ?>: </strong>
-    <?php echo __d('cake', 'An Internal Error Has Occurred.'); ?>
+    <?php echo __d('cake', 'An Internal Error Has Occurred. Please try your action again. If the problem persists, please contact administrator.'); ?>
 </p>
 <?php
 if (Configure::read('debug') > 0 ):
    echo $this->element('exception_stack_trace'); 
 endif;
 ?>
+</div>
--- a/app/View/Errors/missing_connection.ctp
+++ b/app/View/Errors/missing_connection.ctp
@ -1,3 +1,4 @@
+<div class="misp-error-container">
 <?php echo __('Missing Database Connection');?>
 <h2><?php echo $name; ?></h2>
 <p class="error">
@ -8,3 +9,5 @@
 if (Configure::read('debug') > 0 ):
    echo $this->element('exception_stack_trace');
 endif;
+?>
+</div>