isAuthorized

Yesod/Dispatch.hs

@@ -176,14 +176,18 @@ toWaiApp' y segments env = do
                     (urlRenderOverride y u)
     rr <- parseWaiRequest env session'
     onRequest y rr
-    let ya = case eurl of
+    ya <-
-                Left _ -> runHandler (errorHandler y NotFound)
+      case eurl of
-                                      render
+        Left _ -> return $ runHandler (errorHandler y NotFound)
-                                      Nothing
+                          render
-                                      id
+                          Nothing
-                                      y
+                          id
-                                      id
+                          y
-                Right url -> quasiDispatch site
+                          id
+        Right url -> do
+            auth <- isAuthorized y url
+            case auth of
+                Nothing -> return $ quasiDispatch site
                                 render
                                 url
                                 id
@@ -191,6 +195,14 @@ toWaiApp' y segments env = do
                                 id
                                 (badMethodApp method)
                                 method
+                Just msg ->
+                    return $ runHandler
+                                (errorHandler y $ PermissionDenied msg)
+                                render
+                                (Just url)
+                                id
+                                y
+                                id
     let eurl' = either (const Nothing) Just eurl
     let eh er = runHandler (errorHandler y er) render eurl' id y id
     (s, hs, ct, c, sessionFinal) <- unYesodApp ya eh rr types

Yesod/Handler.hs

@@ -361,7 +361,7 @@ badMethod = do
 
 -- | Return a 403 permission denied page.
 permissionDenied :: Failure ErrorResponse m => m a
-permissionDenied = failure PermissionDenied
+permissionDenied = failure $ PermissionDenied "Permission denied"
 
 -- | Return a 400 invalid arguments page.
 invalidArgs :: Failure ErrorResponse m => [(ParamName, String)] -> m a
@@ -408,7 +408,7 @@ getStatus :: ErrorResponse -> W.Status
 getStatus NotFound = W.Status404
 getStatus (InternalError _) = W.Status500
 getStatus (InvalidArgs _) = W.Status400
-getStatus PermissionDenied = W.Status403
+getStatus (PermissionDenied _) = W.Status403
 getStatus (BadMethod _) = W.Status405
 
 getRedirectStatus :: RedirectType -> W.Status

Yesod/Internal.hs

@@ -14,7 +14,7 @@ data ErrorResponse =
       NotFound
     | InternalError String
     | InvalidArgs [(String, String)]
-    | PermissionDenied
+    | PermissionDenied String
     | BadMethod String
     deriving (Show, Eq)
 

Yesod/Yesod.hs

@@ -82,6 +82,14 @@ class Yesod a where
     urlRenderOverride :: a -> Routes a -> Maybe String
     urlRenderOverride _ _ = Nothing
 
+    -- | Determine is a request is authorized or not.
+    --
+    -- Return 'Nothing' is the request is authorized, 'Just' a message if
+    -- unauthorized. If authentication is required, you should use a redirect;
+    -- the Auth helper provides this functionality automatically.
+    isAuthorized :: a -> Routes a -> IO (Maybe String)
+    isAuthorized _ _ = return Nothing
+
 -- | Apply the default layout ('defaultLayout') to the given title and body.
 applyLayout :: Yesod master
             => String -- ^ title
@@ -130,9 +138,11 @@ defaultErrorHandler NotFound = do
 |]
   where
     pathInfo = W.pathInfo
-defaultErrorHandler PermissionDenied =
+defaultErrorHandler (PermissionDenied msg) =
     applyLayout' "Permission Denied" $ [$hamlet|
-%h1 Permission denied|]
+%h1 Permission denied
+%p $cs.msg$
+|]
 defaultErrorHandler (InvalidArgs ia) =
     applyLayout' "Invalid Arguments" $ [$hamlet|
 %h1 Invalid Arguments

yesod.cabal

@@ -1,5 +1,5 @@
 name:            yesod
-version:         0.2.0
+version:         0.2.1
 license:         BSD3
 license-file:    LICENSE
 author:          Michael Snoyman <michael@snoyman.com>