From a0227cad69aff9486fba1d7b2a19e6da97450100 Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sat, 10 Sep 2016 23:12:38 -0400
Subject: Define only what is allowed for column restrictions

---
 app/Controller/AppController.php | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

(limited to 'app/Controller/AppController.php')

diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php
index 45cf39a5..34b9c8cc 100644
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@@ -16,18 +16,19 @@ class AppController extends Base
      * Forbidden page
      *
      * @access public
-     * @param  bool $withoutLayout
+     * @param  bool   $withoutLayout
+     * @param  string $message
      */
-    public function accessForbidden($withoutLayout = false)
+    public function accessForbidden($withoutLayout = false, $message = '')
     {
         if ($this->request->isAjax()) {
-            $this->response->json(array('message' => 'Access Forbidden'), 403);
+            $this->response->json(array('message' => $message ?: t('Access Forbidden')), 403);
+        } else {
+            $this->response->html($this->helper->layout->app('app/forbidden', array(
+                'title' => t('Access Forbidden'),
+                'no_layout' => $withoutLayout,
+            )));
         }
-
-        $this->response->html($this->helper->layout->app('app/forbidden', array(
-            'title' => t('Access Forbidden'),
-            'no_layout' => $withoutLayout,
-        )));
     }
 
     /**
-- 
cgit v1.2.3