helpers.notAllowed hook

src/controllers/helpers.js

@@ -12,29 +12,35 @@ var meta = require('../meta');
 var helpers = {};
 
 helpers.notAllowed = function(req, res, error) {
-	if (req.uid) {
+	plugins.fireHook('filter:helpers.notAllowed', {
-		if (res.locals.isAPI) {
+		req: req,
-			res.status(403).json({
+		res: res,
-				path: req.path.replace(/^\/api/, ''),
+		error: error
-				loggedIn: !!req.uid, error: error,
+	}, function(err, data) {
-				title: '[[global:403.title]]'
+		if (req.uid) {
-			});
+			if (res.locals.isAPI) {
-		} else {
+				res.status(403).json({
-			res.status(403).render('403', {
+					path: req.path.replace(/^\/api/, ''),
-				path: req.path,
+					loggedIn: !!req.uid, error: error,
-				loggedIn: !!req.uid, error: error,
+					title: '[[global:403.title]]'
-				title: '[[global:403.title]]'
+				});
-			});
+			} else {
-		}
+				res.status(403).render('403', {
-	} else {
+					path: req.path,
-		if (res.locals.isAPI) {
+					loggedIn: !!req.uid, error: error,
-			req.session.returnTo = nconf.get('relative_path') + req.url.replace(/^\/api/, '');
+					title: '[[global:403.title]]'
-			res.status(401).json('not-authorized');
+				});
+			}
 		} else {
-			req.session.returnTo = nconf.get('relative_path') + req.url;
+			if (res.locals.isAPI) {
-			res.redirect(nconf.get('relative_path') + '/login');
+				req.session.returnTo = nconf.get('relative_path') + req.url.replace(/^\/api/, '');
+				res.status(401).json('not-authorized');
+			} else {
+				req.session.returnTo = nconf.get('relative_path') + req.url;
+				res.redirect(nconf.get('relative_path') + '/login');
+			}
 		}
-	}
+	});
 };
 
 helpers.redirect = function(res, url) {