lib/brief/server/handlers/show.rb in brief-1.7.2 vs lib/brief/server/handlers/show.rb in brief-1.7.3
- old
+ new
@@ -5,18 +5,25 @@
request = options.fetch(:request)
parts = path_args.split("/")
view = parts.shift.to_s.downcase
path = parts.join("/")
- document = briefcase.document_at(path) rescue nil
+ document = begin
+ briefcase.document_at(path)
+ rescue Brief::Repository::InvalidPath
+ :forbidden
+ end
code = 200
content_type = "application/json"
case
when document.nil?
code = 404
body = {error: "Not found"}
+ when document == :forbidden
+ code = 403
+ body = {error: "Access denied." }
when !%w(content rendered details).include?(view)
code = 400
body = {error: "Invalid view: must be content, rendered, details" }
when document && view == "content"
body = document.combined_data_and_content