IHP Api Reference
Safe HaskellNone

IHP.Controller.AccessDenied

Synopsis

Documentation

accessDeniedWhen :: (?context :: ControllerContext) => Bool -> IO () Source #

Stops the action execution with an access denied message (403) when the access condition is True.

Example: Checking a user is the author of a blog post.

action EditPostAction { postId } = do
    post <- fetch postId
    accessDeniedWhen (post.authorId /= currentUserId)

    renderHtml EditView { .. }

This will throw an error and prevent the view from being rendered when the current user is not the author of the post.

accessDeniedUnless :: (?context :: ControllerContext) => Bool -> IO () Source #

Stops the action execution with an access denied message (403) when the access condition is False.

Example: Checking a user is the author of a blog post.

action EditPostAction { postId } = do
    post <- fetch postId
    accessDeniedUnless (post.authorId == currentUserId)

    renderHtml EditView { .. }

This will throw an error and prevent the view from being rendered when the current user is not the author of the post.

handleAccessDeniedFound :: Request -> Respond -> IO ResponseReceived Source #

Renders a 403 access denied response. If a static/403.html exists, that is rendered instead of the IHP access denied page.

renderAccessDenied :: (?context :: ControllerContext) => IO () Source #

Renders an "Access denied" page.

This can be useful e.g. when an entity cannot be accessed:

action ExampleAction = do
    renderAccessDenied

You can override the default access denied page by creating a new file at static/403.html. Then IHP will render that HTML file instead of displaying the default IHP access denied page.