From dedf7a671535b69e768c8a27eaaa8ba0cd03eac1 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@designcreateplay.com>
Date: Mon, 29 Sep 2014 12:47:41 -0400
Subject: [PATCH] closed #2087

---
 public/src/ajaxify.js         | 5 +++--
 src/controllers/categories.js | 6 ++++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/public/src/ajaxify.js b/public/src/ajaxify.js
index 7fd621a3ff..380ddd2927 100644
--- a/public/src/ajaxify.js
+++ b/public/src/ajaxify.js
@@ -32,10 +32,11 @@ $(document).ready(function() {
 			if (data) {
 				if (data.status === 404) {
 					return ajaxify.go('404');
-				} else if (data.status === 403) {
+				} else if (data.status === 401) {
 					app.alertError('[[global:please_log_in]]');
-					app.previousUrl = url;
 					return ajaxify.go('login');
+				} else if (data.statuc === 403) {
+					app.alertError('[[error:no-privileges]]');
 				} else if (data.status === 302) {
 					return ajaxify.go(data.responseJSON.slice(1), callback, quiet);
 				}
diff --git a/src/controllers/categories.js b/src/controllers/categories.js
index 2ba1a31817..d62bf385b9 100644
--- a/src/controllers/categories.js
+++ b/src/controllers/categories.js
@@ -11,6 +11,11 @@ var categoriesController = {},
 	meta = require('../meta'),
 	plugins = require('../plugins');
 
+// todo: This might be better placed somewhere else
+var apiToRegular = function(url) {
+	return url.replace(/^\/api/, '');
+};
+
 categoriesController.recent = function(req, res, next) {
 	var uid = req.user ? req.user.uid : 0;
 	var end = (parseInt(meta.config.topicsPerList, 10) || 20) - 1;
@@ -231,6 +236,7 @@ categoriesController.notAllowed = function(req, res) {
 		res.locals.isAPI ? res.json(403, 'not-allowed') : res.status(403).render('403');
 	} else {
 		if (res.locals.isAPI) {
+			req.session.returnTo = apiToRegular(req.url);
 			res.json(401, 'not-authorized');
 		} else {
 			req.session.returnTo = req.url;