From 28ed01ffcc3a7398a5a1b873229001bc3a443c8c Mon Sep 17 00:00:00 2001
From: Sajjad Hasehmian <wolaws@gmail.com>
Date: Wed, 10 Feb 2016 14:22:41 +0330
Subject: [PATCH] 401 for unauthorised request to settings, notifications page
 fixes #714

---
 .../Controller/AuthorizedClientController.php | 30 +++++++++++++++++++
 .../core/src/Forum/ForumServiceProvider.php   |  4 +--
 2 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 framework/core/src/Forum/Controller/AuthorizedClientController.php

diff --git a/framework/core/src/Forum/Controller/AuthorizedClientController.php b/framework/core/src/Forum/Controller/AuthorizedClientController.php
new file mode 100644
index 000000000..86dfe8b2d
--- /dev/null
+++ b/framework/core/src/Forum/Controller/AuthorizedClientController.php
@@ -0,0 +1,30 @@
+<?php
+/*
+ * This file is part of Flarum.
+ *
+ * (c) Toby Zerner <toby.zerner@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Flarum\Forum\Controller;
+
+use Flarum\Core\User;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Flarum\Core\Exception\PermissionDeniedException;
+
+class AuthorizedClientController extends ClientController
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function render(Request $request)
+    {
+        if (!$request->getAttribute('session')->get('user_id')) {
+            throw new PermissionDeniedException;
+        }
+
+        return parent::render($request);
+    }
+}
diff --git a/framework/core/src/Forum/ForumServiceProvider.php b/framework/core/src/Forum/ForumServiceProvider.php
index 8719d1963..75dafe658 100644
--- a/framework/core/src/Forum/ForumServiceProvider.php
+++ b/framework/core/src/Forum/ForumServiceProvider.php
@@ -80,13 +80,13 @@ class ForumServiceProvider extends AbstractServiceProvider
         $routes->get(
             '/settings',
             'settings',
-            $toController('Flarum\Forum\Controller\ClientController')
+            $toController('Flarum\Forum\Controller\AuthorizedClientController')
         );
 
         $routes->get(
             '/notifications',
             'notifications',
-            $toController('Flarum\Forum\Controller\ClientController')
+            $toController('Flarum\Forum\Controller\AuthorizedClientController')
         );
 
         $routes->get(