| Safe Haskell | None |
|---|---|
| Language | Haskell2010 |
IHP.Controller.AccessDenied
Synopsis
- accessDeniedWhen :: (?context :: ControllerContext) => Bool -> IO ()
- accessDeniedUnless :: (?context :: ControllerContext) => Bool -> IO ()
- handleAccessDeniedFound :: Request -> Respond -> IO ResponseReceived
- buildAccessDeniedResponse :: IO Response
- renderAccessDenied :: (?context :: ControllerContext) => IO ()
Documentation
accessDeniedWhen :: (?context :: ControllerContext) => Bool -> IO () Source #
Stops the action execution with an access denied message (403) when the access condition is True.
Example: Checking a user is the author of a blog post.
action EditPostAction { postId } = do
post <- fetch postId
accessDeniedWhen (post.authorId /= currentUserId)
renderHtml EditView { .. }This will throw an error and prevent the view from being rendered when the current user is not the author of the post.
accessDeniedUnless :: (?context :: ControllerContext) => Bool -> IO () Source #
Stops the action execution with an access denied message (403) when the access condition is False.
Example: Checking a user is the author of a blog post.
action EditPostAction { postId } = do
post <- fetch postId
accessDeniedUnless (post.authorId == currentUserId)
renderHtml EditView { .. }This will throw an error and prevent the view from being rendered when the current user is not the author of the post.
handleAccessDeniedFound :: Request -> Respond -> IO ResponseReceived Source #
Renders a 403 access denied response. If a static/403.html exists, that is rendered instead of the IHP access denied page.
renderAccessDenied :: (?context :: ControllerContext) => IO () Source #
Renders an "Access denied" page.
This can be useful e.g. when an entity cannot be accessed:
action ExampleAction = do
renderAccessDeniedYou can override the default access denied page by creating a new file at static/403.html. Then IHP will render that HTML file instead of displaying the default IHP access denied page.