From 58df91c0f8f91329cff506e8c363f83fca76d733 Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kjetil.orbekk@gmail.com>
Date: Tue, 20 Jun 2017 07:11:13 -0400
Subject: Add error handling for unauthorized page access.

---
 src/render/mod.rs | 26 ++++++++++++++++++++++++--
 src/server.rs     | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+), 2 deletions(-)

diff --git a/src/render/mod.rs b/src/render/mod.rs
index ad87b18..5df4c10 100644
--- a/src/render/mod.rs
+++ b/src/render/mod.rs
@@ -30,7 +30,7 @@ impl Renderer {
             }
             None => {
                 box_html! {
-                a(href=self.get_url("login")) {  // TODO Get base url from context
+                a(href=self.get_url("login")) {
                     : "Log in"
                 }
             }
@@ -105,7 +105,6 @@ impl Renderer {
         }
     }
 
-
     fn unit_table<'a>(&'a self, units: &'a [&unit::Unit]) -> Box<RenderBox + 'a> {
         box_html! {
             table {
@@ -144,4 +143,27 @@ impl Renderer {
             }
         })
     }
+
+    pub fn unauthorized(&self) -> String {
+        self.render_in_page(box_html! {
+            h1 {
+                : "Permission Denied"
+            }
+            @ if let Some(ref v) = self.user {
+                p {
+                    : "You are logged in as ";
+                    : v;
+                    : ", but you cannot access this page.";
+                }
+            } else {
+                p {
+                    : "Please ";
+                    a(href=self.get_url("login")) { 
+                        : "log in"
+                    }
+                    : " to access this page.";
+                }
+            }
+        })
+    }
 }
diff --git a/src/server.rs b/src/server.rs
index 6fb534d..760c7ab 100644
--- a/src/server.rs
+++ b/src/server.rs
@@ -21,6 +21,8 @@ use rusqlite::Connection;
 use db;
 use auth;
 use url;
+use std::fmt;
+use std::error::Error;
 
 #[derive(Debug)]
 pub struct Context {
@@ -42,6 +44,28 @@ struct Login {
     user: String,
 }
 
+#[derive(Debug)]
+enum SystemdError {
+    Unauthorized,
+}
+impl fmt::Display for SystemdError {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        match *self {
+            SystemdError::Unauthorized => write!(f, "Not authorized")
+        }
+    }
+}
+impl Error for SystemdError {
+    fn description(&self) -> &str {
+        match *self {
+            SystemdError::Unauthorized => "unauthorized",
+        }
+    }
+    fn cause(&self) -> Option<&Error> {
+        None
+    }
+}
+
 impl iron_sessionstorage::Value for Login {
     fn get_key() -> &'static str {
         "login"
@@ -200,6 +224,14 @@ fn static_file(r: &mut Request) -> IronResult<Response> {
     })
 }
 
+fn test(r: &mut Request) -> IronResult<Response> {
+    let renderer = make_renderer(r)?;
+    Err(IronError::new(SystemdError::Unauthorized,
+                       (status::Unauthorized,
+                        Header(ContentType::html()),
+                        renderer.unauthorized())))
+}
+
 pub fn serve(context: Context, state: State, port: u16) -> HttpResult<Listening> {
     // TODO: Use a real secret.
     let secret = b"secret2".to_vec();
@@ -210,6 +242,7 @@ pub fn serve(context: Context, state: State, port: u16) -> HttpResult<Listening>
         logout: get "/logout" => logout,
         details: get "/status/:unit" => unit_status,
         journal: get "/journal/:unit" => journal,
+        test: get "/test" => test,
         css: get "/static/:file" => static_file,
     );
     let mut chain = Chain::new(router);
-- 
cgit v1.2.3