Define only what is allowed for column restrictions

2 files changed, 10 insertions, 9 deletions

diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php
index 45cf39a5..34b9c8cc 100644
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@@ -16,18 +16,19 @@ class AppController extends Base
      * Forbidden page
      *
      * @access public
-     * @param  bool $withoutLayout
+     * @param  bool   $withoutLayout
+     * @param  string $message
      */
-    public function accessForbidden($withoutLayout = false)
+    public function accessForbidden($withoutLayout = false, $message = '')
     {
         if ($this->request->isAjax()) {
-            $this->response->json(array('message' => 'Access Forbidden'), 403);
+            $this->response->json(array('message' => $message ?: t('Access Forbidden')), 403);
+        } else {
+            $this->response->html($this->helper->layout->app('app/forbidden', array(
+                'title' => t('Access Forbidden'),
+                'no_layout' => $withoutLayout,
+            )));
         }
-
-        $this->response->html($this->helper->layout->app('app/forbidden', array(
-            'title' => t('Access Forbidden'),
-            'no_layout' => $withoutLayout,
-        )));
     }
 
     /**
diff --git a/app/Controller/BoardAjaxController.php b/app/Controller/BoardAjaxController.php
index 5e771fd6..cc3b846e 100644
--- a/app/Controller/BoardAjaxController.php
+++ b/app/Controller/BoardAjaxController.php
@@ -36,7 +36,7 @@ class BoardAjaxController extends BaseController
         );
 
         if (! $canMoveTask) {
-            throw new AccessForbiddenException("You don't have the permission to move this task");
+            throw new AccessForbiddenException(e("You don't have the permission to move this task"));
         }
 
         $result =$this->taskPositionModel->movePosition(