/**
  * Register that we've had a permission failure trying to view the given page
  *
  * This will redirect to a login page.
  * If you don't provide a messageSet, a default will be used.
  *
  * @param Controller $controller The controller that you were on to cause the permission
  *                               failure.
  * @param string|array $messageSet The message to show to the user. This
  *                                 can be a string, or a map of different
  *                                 messages for different contexts.
  *                                 If you pass an array, you can use the
  *                                 following keys:
  *                                   - default: The default message
  *                                   - alreadyLoggedIn: The message to
  *                                                      show if the user
  *                                                      is already logged
  *                                                      in and lacks the
  *                                                      permission to
  *                                                      access the item.
  *
  * The alreadyLoggedIn value can contain a '%s' placeholder that will be replaced with a link
  * to log in.
  * @return SS_HTTPResponse
  */
 public static function permissionFailure($controller = null, $messageSet = null)
 {
     self::set_ignore_disallowed_actions(true);
     if (!$controller) {
         $controller = Controller::curr();
     }
     if (Director::is_ajax()) {
         $response = $controller ? $controller->getResponse() : new SS_HTTPResponse();
         $response->setStatusCode(403);
         if (!Member::currentUser()) {
             $response->setBody(_t('ContentController.NOTLOGGEDIN', 'Not logged in'));
             $response->setStatusDescription(_t('ContentController.NOTLOGGEDIN', 'Not logged in'));
             // Tell the CMS to allow re-aunthentication
             if (CMSSecurity::enabled()) {
                 $response->addHeader('X-Reauthenticate', '1');
             }
         }
         return $response;
     }
     // Prepare the messageSet provided
     if (!$messageSet) {
         if ($configMessageSet = static::config()->get('default_message_set')) {
             $messageSet = $configMessageSet;
         } else {
             $messageSet = array('default' => _t('Security.NOTEPAGESECURED', "That page is secured. Enter your credentials below and we will send " . "you right along."), 'alreadyLoggedIn' => _t('Security.ALREADYLOGGEDIN', "You don't have access to this page.  If you have another account that " . "can access that page, you can log in again below.", "%s will be replaced with a link to log in."));
         }
     }
     if (!is_array($messageSet)) {
         $messageSet = array('default' => $messageSet);
     }
     $member = Member::currentUser();
     // Work out the right message to show
     if ($member && $member->exists()) {
         $response = $controller ? $controller->getResponse() : new SS_HTTPResponse();
         $response->setStatusCode(403);
         //If 'alreadyLoggedIn' is not specified in the array, then use the default
         //which should have been specified in the lines above
         if (isset($messageSet['alreadyLoggedIn'])) {
             $message = $messageSet['alreadyLoggedIn'];
         } else {
             $message = $messageSet['default'];
         }
         // Somewhat hackish way to render a login form with an error message.
         $me = new Security();
         $form = $me->LoginForm();
         $form->sessionMessage($message, 'warning');
         Session::set('MemberLoginForm.force_message', 1);
         $loginResponse = $me->login();
         if ($loginResponse instanceof SS_HTTPResponse) {
             return $loginResponse;
         }
         $response->setBody((string) $loginResponse);
         $controller->extend('permissionDenied', $member);
         return $response;
     } else {
         $message = $messageSet['default'];
     }
     Session::set("Security.Message.message", $message);
     Session::set("Security.Message.type", 'warning');
     Session::set("BackURL", $_SERVER['REQUEST_URI']);
     // TODO AccessLogEntry needs an extension to handle permission denied errors
     // Audit logging hook
     $controller->extend('permissionDenied', $member);
     return $controller->redirect(Config::inst()->get('SilverStripe\\Security\\Security', 'login_url') . "?BackURL=" . urlencode($_SERVER['REQUEST_URI']));
 }