Currently when user has access violation on website we're redirecting him/her to the "no_permission" template. There are several side effects from this approach:
- user no longer sees url of the page which caused access violation
- the HTTP response code is now 200 instead of 401
Solution
Proposing to show "No Permission" page inline instead of redirecting to it.
- create "kUrlManager::show401" method (similar to "kUrlManager::show404", but will be using "No Permission" template and sending "401" HTTP response code)
- change top part (that configures redirect) of "kRequestManager::processPermissionError" method to:
- use "kUrlManager::show401" method
- get "$event" redirect params and do a SetVar on them right away (since no redirect will be happening)
- change top part (that configures redirect) of "kDBEventHandler::_processItemLoadingError" method to use "kUrlManager::show401" method
- change part (that configures no permission redirect) of "kPermissionsHeleper::getPermissionTemplate" method to:
- use "kUrlManager::show401" method
- doing SetVar right away instead of setting keys into "$redirect_params" array