generalize authentication handling

Signed-off-by: Florian Pritz <bluewind@xinu.at>

1 files changed, 10 insertions, 12 deletions

diff --git a/application/models/muser.php b/application/models/muser.php
index ffcc5f6b3..fb8abad8b 100644
--- a/application/models/muser.php
+++ b/application/models/muser.php
@@ -160,14 +160,14 @@ class Muser extends CI_Model {
 		$have = array_search($session_level, $this->access_levels);
 
 		if ($wanted === false || $have === false) {
-			show_error("Failed to determine access level");
+			throw new \exceptions\PublicApiException("api/invalid-accesslevel", "Failed to determine access level");
 		}
 
 		if ($have >= $wanted) {
-			return true;
+			return;
 		}
 
-		show_error("Access denied: Access level too low", 403);
+		throw new \exceptions\InsufficientPermissionsException("api/insufficient-permissions", "Access denied: Access level too low");
 	}
 
 	function require_access($wanted_level = "full")
@@ -184,17 +184,15 @@ class Muser extends CI_Model {
 			return $this->check_access_level($wanted_level);
 		}
 
-		if (!stateful_client()) {
-			show_error("Not authenticated. FileBin requires you to have an account, please go to the homepage for more information.\n", 401);
+		if (stateful_client()) {
+			// desktop clients get redirected to the login form
+			$this->require_session();
+			if (!$this->session->userdata("flash:new:uri")) {
+				$this->session->set_flashdata("uri", $this->uri->uri_string());
+			}
 		}
 
-		// desktop clients get redirected to the login form
-		$this->require_session();
-		if (!$this->session->userdata("flash:new:uri")) {
-			$this->session->set_flashdata("uri", $this->uri->uri_string());
-		}
-		redirect('user/login');
-		exit();
+		throw new \exceptions\NotAuthenticatedException("api/not-authenticated", "Not authenticated. FileBin requires you to have an account, please go to the homepage for more information.");
 	}
 
 	function username_exists($username)