Fixed generic permission model to redirect to login page if anonymous user was not granted access

code/HopObject/HopObject.js

@@ -83,6 +83,10 @@ HopObject.prototype.onRequest = function() {
    }
 
    if (!this.getPermission(req.action)) {
+      if (!session.user) {
+         res.message = gettext("Please login first.");
+         res.redirect(res.handlers.site.members.href("login"));
+      }
       res.status = 401;
       res.write(gettext("Sorry, you are not allowed to access this part of the site."));
       res.stop();

code/Members/Members.js

@@ -23,10 +23,6 @@
 //
 
 Members.prototype.getPermission = function(action) {
-   if (!this._parent.getPermission("main")) {
-      return false;
-   }
-
    switch (action) {
       case "login":
       case "logout":
@@ -34,7 +30,13 @@ Members.prototype.getPermission = function(action) {
       case "reset":
       case "salt.js":
       return true;
+   }
       
+   if (!this._parent.getPermission("main")) {
+      return false;
+   }
+
+   switch (action) {
       case "edit":
       case "privileges":
       case "subscriptions":

code/Site/Site.js

@@ -108,7 +108,6 @@ Site.prototype.getPermission = function(action) {
       case "rss.xsl":
       case "search":
       case "stories.xml":
-      case "tags":
       return Site.require(Site.PUBLIC) ||
             (Site.require(Site.RESTRICTED) && 
             Membership.require(Membership.CONTRIBUTOR)) ||