Avoiding endless loop if user not 'System Admin' when editing configu…

…ration #39

* Plugin will now respond with error message saying user must be 'System Admin'
* Redirecting to login will just cause an endless loop

CHANGELOG.md

@@ -3,6 +3,7 @@
 Changelog of Pull Request Notifier for Stash.
 
 ## 1.18
+* Avoiding endless loop if user not 'System Admin' when editing configuration
 * Triggers can be named. To make it easier to keep track of them in large installations.
 * Building against latest Stash version (3.11.1) using latest Atlassian Maven Plugin Suite version (6.0.3)
 

src/main/java/se/bjurr/prnfs/admin/AdminServlet.java

@@ -1,5 +1,7 @@
 package se.bjurr.prnfs.admin;
 
+import static javax.servlet.http.HttpServletResponse.SC_FORBIDDEN;
+
 import java.io.IOException;
 import java.net.URI;
 
@@ -29,11 +31,12 @@ public AdminServlet(UserManager userManager, LoginUriProvider loginUriProvider,
  public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
   UserProfile user = userManager.getRemoteUser(request);
   if (user == null) {
-   redirectToLogin(request, response);
+   response.sendRedirect(loginUriProvider.getLoginUri(getUri(request)).toASCIIString());
    return;
   }
   if (!userManager.isSystemAdmin(user.getUserKey())) {
-   redirectToLogin(request, response);
+   response.sendError(SC_FORBIDDEN, "Only 'System Admin':s are allowed to edit configuration "
+     + loginUriProvider.getLoginUri(getUri(request)).toASCIIString());
    return;
   }
   response.setContentType("text/html;charset=utf-8");
@@ -48,8 +51,4 @@ private URI getUri(HttpServletRequest request) {
   }
   return URI.create(builder.toString());
  }
-
- private void redirectToLogin(HttpServletRequest request, HttpServletResponse response) throws IOException {
-  response.sendRedirect(loginUriProvider.getLoginUri(getUri(request)).toASCIIString());
- }
 }