Merge pull request #79 from kriswillis/master

witoldsz · witoldsz · commit 79cf2bb55cf7 · 2014-09-17T00:05:27.000+02:00
Added support for HTTP 403 responses
diff --git a/README.md b/README.md
@@ -30,6 +30,10 @@ $broadcast. This may be useful, for example if you need to pass through details
 that was logged in. The `authService` will then retry all the requests previously failed due
 to HTTP 401 response.
 
+In the event that a requested resource returns an HTTP 403 response (i.e. the user is 
+authenticated but not authorized to access the resource), the user's request is discarded and 
+the `event:auth-forbidden` message is broadcasted from $rootScope.
+
 ###Typical use case:
 
 * somewhere (some service or controller) the: `$http(...).then(function(response) { do-something-with-response })` is invoked,
diff --git a/src/http-auth-interceptor.js b/src/http-auth-interceptor.js
@@ -44,16 +44,24 @@
    * $http interceptor.
    * On 401 response (without 'ignoreAuthModule' option) stores the request
    * and broadcasts 'event:auth-loginRequired'.
+   * On 403 response (without 'ignoreAuthModule' option) discards the request
+   * and broadcasts 'event:auth-forbidden'.
    */
   .config(['$httpProvider', function($httpProvider) {
     $httpProvider.interceptors.push(['$rootScope', '$q', 'httpBuffer', function($rootScope, $q, httpBuffer) {
       return {
         responseError: function(rejection) {
-          if (rejection.status === 401 && !rejection.config.ignoreAuthModule) {
-            var deferred = $q.defer();
-            httpBuffer.append(rejection.config, deferred);
-            $rootScope.$broadcast('event:auth-loginRequired', rejection);
-            return deferred.promise;
+          if (!rejection.config.ignoreAuthModule) {
+            switch (rejection.status) {
+              case 401:
+                var deferred = $q.defer();
+                httpBuffer.append(rejection.config, deferred);
+                $rootScope.$broadcast('event:auth-loginRequired', rejection);
+                return deferred.promise;
+              case 403:
+                $rootScope.$broadcast('event:auth-forbidden', rejection);
+                break;
+            }
           }
           // otherwise, default behaviour
           return $q.reject(rejection);
