From 8f9d53726f0d992993590f1900d7f41d2d8b035c Mon Sep 17 00:00:00 2001
From: Wolfgang Sourdeau <wsourdeau@inverse.ca>
Date: Tue, 26 Aug 2008 17:40:02 +0000
Subject: [PATCH 1/3] Monotone-Parent: 2946be96e24ef28355163488376def0341ef650f
 Monotone-Revision: 57efdfff0ce1c589f0aa7c70ace7f877ffa5d52c

Monotone-Author: wsourdeau@inverse.ca
Monotone-Date: 2008-08-26T17:40:02
Monotone-Branch: ca.inverse.sogo
---
 SoObjects/SOGo/SOGoUserFolder.m             | 43 ++++++++++++++++++---
 UI/Common/Dutch.lproj/Localizable.strings   |  3 ++
 UI/Common/English.lproj/Localizable.strings |  3 ++
 UI/Common/French.lproj/Localizable.strings  |  3 ++
 UI/Common/German.lproj/Localizable.strings  |  3 ++
 UI/Common/Italian.lproj/Localizable.strings |  3 ++
 UI/Common/Spanish.lproj/Localizable.strings |  3 ++
 UI/SOGoUI/GNUmakefile                       |  1 +
 UI/SOGoUI/UIxModuleAccessDenied.h           | 27 +++++++++++++
 UI/SOGoUI/UIxModuleAccessDenied.m           | 27 +++++++++++++
 UI/Templates/UIxModuleAccessDenied.wox      | 18 +++++++++
 11 files changed, 128 insertions(+), 6 deletions(-)
 create mode 100644 UI/SOGoUI/UIxModuleAccessDenied.h
 create mode 100644 UI/SOGoUI/UIxModuleAccessDenied.m
 create mode 100644 UI/Templates/UIxModuleAccessDenied.wox

diff --git a/SoObjects/SOGo/SOGoUserFolder.m b/SoObjects/SOGo/SOGoUserFolder.m
index 0b90f4c0d..3504ebc30 100644
--- a/SoObjects/SOGo/SOGoUserFolder.m
+++ b/SoObjects/SOGo/SOGoUserFolder.m
@@ -27,6 +27,7 @@
 #import <NGObjWeb/NSException+HTTP.h>
 #import <NGObjWeb/SoClassSecurityInfo.h>
 #import <NGObjWeb/SoSecurityManager.h>
+#import <NGObjWeb/WOApplication.h>
 #import <NGObjWeb/WOContext+SoObjects.h>
 #import <NGObjWeb/WORequest.h>
 #import <NGObjWeb/WOResponse.h>
@@ -44,6 +45,8 @@
 #import <Contacts/SOGoContactFolders.h>
 #import <Mailer/SOGoMailAccounts.h>
 
+#import <SOGoUI/UIxComponent.h>
+
 #import "NSArray+Utilities.h"
 #import "NSDictionary+Utilities.h"
 #import "LDAPUserManager.h"
@@ -442,6 +445,26 @@
   return [$(@"SOGoFreeBusyObject") objectWithName: _key inContainer: self];
 }
 
+- (WOResponse *) _moduleAccessDeniedPage
+{
+  WOResponse *response;
+  UIxComponent *page;
+  NSString *content;
+
+  response = [context response];
+  [response setStatus: 403];
+  [response setHeader: @"text/html; charset=utf8"
+	    forKey: @"content-type"];
+  page = [[WOApplication application] pageWithName: @"UIxModuleAccessDenied"
+				      inContext: context];
+//   [page appendToResponse: response
+// 	inContext: context];
+  content = [[page generateResponse] contentAsString];
+  [response appendContentString: content];
+
+  return response;
+}
+
 - (id) lookupName: (NSString *) _key
         inContext: (WOContext *) _ctx
           acquire: (BOOL) _flag
@@ -454,14 +477,22 @@
   if (!obj)
     {
       currentUser = [_ctx activeUser];
-      if ([_key isEqualToString: @"Calendar"]
-	  && [currentUser canAccessModule: _key])
-	obj = [self privateCalendars: @"Calendar" inContext: _ctx];
+      if ([_key isEqualToString: @"Calendar"])
+	{
+	  if ([currentUser canAccessModule: _key])
+	    obj = [self privateCalendars: @"Calendar" inContext: _ctx];
+	  else
+	    obj = [self _moduleAccessDeniedPage];
+	}
       else if ([_key isEqualToString: @"Contacts"])
         obj = [self privateContacts: _key inContext: _ctx];
-      else if ([_key isEqualToString: @"Mail"]
-	       && [currentUser canAccessModule: _key])
-        obj = [self mailAccountsFolder: _key inContext: _ctx];
+      else if ([_key isEqualToString: @"Mail"])
+	{
+	  if ([currentUser canAccessModule: _key])
+	    obj = [self mailAccountsFolder: _key inContext: _ctx];
+	  else
+	    obj = [self _moduleAccessDeniedPage];
+	}
       else if ([_key isEqualToString: @"Preferences"])
         obj = [$(@"SOGoPreferencesFolder") objectWithName: _key
 		inContainer: self];
diff --git a/UI/Common/Dutch.lproj/Localizable.strings b/UI/Common/Dutch.lproj/Localizable.strings
index 236872f14..cad26b5a7 100644
--- a/UI/Common/Dutch.lproj/Localizable.strings
+++ b/UI/Common/Dutch.lproj/Localizable.strings
@@ -40,3 +40,6 @@
      	= "U bent al op deze map geabonneerd!";
 "The user rights cannot be edited for this object!"
         = "De machtigingen kunnen niet worden aangepast voor dit object!";
+
+"You are not allowed to access this module or this system. Please contact your system administrator."
+= "You are not allowed to access this module or this system. Please contact your system administrator.";
diff --git a/UI/Common/English.lproj/Localizable.strings b/UI/Common/English.lproj/Localizable.strings
index 3231c2232..d134dc122 100644
--- a/UI/Common/English.lproj/Localizable.strings
+++ b/UI/Common/English.lproj/Localizable.strings
@@ -41,3 +41,6 @@
      	= "You have already subscribed to that folder!";
 "The user rights cannot be edited for this object!"
         = "The user rights cannot be edited for this object!";
+
+"You are not allowed to access this module or this system. Please contact your system administrator."
+= "You are not allowed to access this module or this system. Please contact your system administrator.";
diff --git a/UI/Common/French.lproj/Localizable.strings b/UI/Common/French.lproj/Localizable.strings
index 86a4d8230..950d8cf2c 100644
--- a/UI/Common/French.lproj/Localizable.strings
+++ b/UI/Common/French.lproj/Localizable.strings
@@ -38,3 +38,6 @@
      	= "Vous êtes déja abonné à ce dossier.";
 "The user rights cannot be edited for this object!"
         = "Les droits sur cet objet ne peuvent pas être édités.";
+
+"You are not allowed to access this module or this system. Please contact your system administrator."
+= "Vous n'êtes pas autorisé à accéder à ce module ou ce système. Veuillez contacter votre administrateur système.";
diff --git a/UI/Common/German.lproj/Localizable.strings b/UI/Common/German.lproj/Localizable.strings
index be0566a40..7e9f23add 100644
--- a/UI/Common/German.lproj/Localizable.strings
+++ b/UI/Common/German.lproj/Localizable.strings
@@ -40,3 +40,6 @@
      	= "Sie haben diesen Ordner bereits abonniert!";
 "The user rights cannot be edited for this object!"
         = "Die Benutzer-Rechte können für dieses Objekt nicht verändert werden!";
+
+"You are not allowed to access this module or this system. Please contact your system administrator."
+= "You are not allowed to access this module or this system. Please contact your system administrator.";
diff --git a/UI/Common/Italian.lproj/Localizable.strings b/UI/Common/Italian.lproj/Localizable.strings
index 67d74e0ce..992998b2a 100644
--- a/UI/Common/Italian.lproj/Localizable.strings
+++ b/UI/Common/Italian.lproj/Localizable.strings
@@ -35,3 +35,6 @@
 "Unable to rename that folder!" = "Impossibile rinominare la cartella!";
 "You have already subscribed to that folder!" 	= "Hai già sottoscritto la cartella!";
 "The user rights cannot be edited for this object!"  = "I permessi di questo oggetto non possono essere modificati!";
+
+"You are not allowed to access this module or this system. Please contact your system administrator."
+= "You are not allowed to access this module or this system. Please contact your system administrator.";
diff --git a/UI/Common/Spanish.lproj/Localizable.strings b/UI/Common/Spanish.lproj/Localizable.strings
index 48d10888d..13373eeb3 100644
--- a/UI/Common/Spanish.lproj/Localizable.strings
+++ b/UI/Common/Spanish.lproj/Localizable.strings
@@ -45,3 +45,6 @@
      	= "Ya se ha suscrito a esta carpeta.";
 "The user rights cannot be edited for this object!"
         = "No es posible modificar los permisos de acceso a este objeto.";
+
+"You are not allowed to access this module or this system. Please contact your system administrator."
+= "You are not allowed to access this module or this system. Please contact your system administrator.";
diff --git a/UI/SOGoUI/GNUmakefile b/UI/SOGoUI/GNUmakefile
index b5d473102..eb688328b 100644
--- a/UI/SOGoUI/GNUmakefile
+++ b/UI/SOGoUI/GNUmakefile
@@ -23,6 +23,7 @@ libSOGoUI_OBJC_FILES +=		\
 	\
 	UIxJSClose.m		\
 	UIxComponent.m		\
+	UIxModuleAccessDenied.m	\
 	SOGoAptFormatter.m	\
 	WOContext+UIx.m		\
 	SOGoACLAdvisory.m \
diff --git a/UI/SOGoUI/UIxModuleAccessDenied.h b/UI/SOGoUI/UIxModuleAccessDenied.h
new file mode 100644
index 000000000..5c5a1378d
--- /dev/null
+++ b/UI/SOGoUI/UIxModuleAccessDenied.h
@@ -0,0 +1,27 @@
+/* UIxModuleAccessDenied.h - this file is part of SOGo
+ *
+ * Copyright (C) 2008 Inverse inc.
+ *
+ * Author: Wolfgang Sourdeau <wsourdeau@inverse.ca>
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ */
+
+#import "UIxComponent.h"
+
+@interface UIxModuleAccessDenied : UIxComponent
+
+@end
diff --git a/UI/SOGoUI/UIxModuleAccessDenied.m b/UI/SOGoUI/UIxModuleAccessDenied.m
new file mode 100644
index 000000000..a050f0344
--- /dev/null
+++ b/UI/SOGoUI/UIxModuleAccessDenied.m
@@ -0,0 +1,27 @@
+/* UIxModuleAccessDenied.m - this file is part of SOGo
+ *
+ * Copyright (C) 2008 Inverse inc.
+ *
+ * Author: Wolfgang Sourdeau <wsourdeau@inverse.ca>
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ */
+
+#import "UIxModuleAccessDenied.h"
+
+@implementation UIxModuleAccessDenied
+
+@end
diff --git a/UI/Templates/UIxModuleAccessDenied.wox b/UI/Templates/UIxModuleAccessDenied.wox
new file mode 100644
index 000000000..fc4952a7e
--- /dev/null
+++ b/UI/Templates/UIxModuleAccessDenied.wox
@@ -0,0 +1,18 @@
+<?xml version="1.0" standalone="yes"?>
+<!DOCTYPE var:component>
+<var:component xmlns="http://www.w3.org/1999/xhtml"
+  xmlns:var="http://www.skyrix.com/od/binding"
+  xmlns:const="http://www.skyrix.com/od/constant"
+  xmlns:uix="OGo:uix"
+  xmlns:label="OGo:label"
+  xmlns:rsrc="OGo:url"
+  className="UIxPageFrame"
+  title="title"
+  const:toolbar="none"
+  const:cssFiles="UIxModuleAccessDenied.css"
+  const:popup="YES">
+  <div id="messageWindow">
+    <var:string label:value="You are not allowed to access this module or this system. Please contact your system administrator."
+      />
+  </div>
+</var:component>

From 0227fd120e08148e3631d7de131796c56c95d8a6 Mon Sep 17 00:00:00 2001
From: Wolfgang Sourdeau <wsourdeau@inverse.ca>
Date: Tue, 26 Aug 2008 17:40:19 +0000
Subject: [PATCH 2/3] Monotone-Parent: 57efdfff0ce1c589f0aa7c70ace7f877ffa5d52c
 Monotone-Revision: 47b9620ce14470cae0697918adc94344f3f07b0e

Monotone-Author: wsourdeau@inverse.ca
Monotone-Date: 2008-08-26T17:40:19
Monotone-Branch: ca.inverse.sogo
---
 ChangeLog | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index a78801b0f..36c74f8b1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2008-08-26  Wolfgang Sourdeau  <wsourdeau@inverse.ca>
+
+	* SoObjects/SOGo/SOGoUserFolder.m ([SOGoUserFolder
+	-lookupName:_keyinContext:_ctxacquire:_flag]): whenever a user has
+	no access to the specified module, a response with code 403 and
+	the content of "UIxModuleAccessDenied" will be generated.
+
+	* UI/SOGoUI/UIxModuleAccessDenied.[hm]: new template module
+	displaying an error message.
+
 2008-08-22  Wolfgang Sourdeau  <wsourdeau@inverse.ca>
 
 	* UI/MailPartViewers/UIxMailRenderingContext.m

From 5876989e1d8c88c53bec812ebe8e9ddf28cfbb3a Mon Sep 17 00:00:00 2001
From: Wolfgang Sourdeau <wsourdeau@inverse.ca>
Date: Tue, 26 Aug 2008 17:42:03 +0000
Subject: [PATCH 3/3] Monotone-Parent: 47b9620ce14470cae0697918adc94344f3f07b0e
 Monotone-Revision: b4d23e0ff0b98727a952a0a09a9cb7e312f3562a

Monotone-Author: wsourdeau@inverse.ca
Monotone-Date: 2008-08-26T17:42:03
Monotone-Branch: ca.inverse.sogo
---
 ChangeLog                              |  11 +++
 UI/MainUI/SOGoRootPage.h               |   3 -
 UI/MainUI/SOGoRootPage.m               |  43 ++++-----
 UI/SOGoUI/UIxComponent.m               |   3 -
 UI/Templates/MainUI/SOGoRootPage.wox   |   6 +-
 UI/Templates/UIxPageFrame.wox          | 109 +++++++++++-----------
 UI/WebServerResources/SOGoRootPage.css |   5 +-
 UI/WebServerResources/SOGoRootPage.js  | 122 +++++++++++++------------
 8 files changed, 148 insertions(+), 154 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 36c74f8b1..ee4e1a04f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
 2008-08-26  Wolfgang Sourdeau  <wsourdeau@inverse.ca>
 
+	* UI/MainUI/SOGoRootPage.m ([SOGoRootPage -setUserName:_value])
+	([SOGoRootPage -userName]): removed accessors, since the
+	corresponding ivar is not used and was removed too.
+
+	* UI/SOGoUI/UIxComponent.m ([-shortUserNameForDisplay]): no longer
+	make use of the "wrongusernamepassword" hack.
+
+	* UI/MainUI/SOGoRootPage.m ([SOGoRootPage -connectAction]): return
+	HTTP code 403 if the username and the password passed in the
+	request are not valid.
+
 	* SoObjects/SOGo/SOGoUserFolder.m ([SOGoUserFolder
 	-lookupName:_keyinContext:_ctxacquire:_flag]): whenever a user has
 	no access to the specified module, a response with code 403 and
diff --git a/UI/MainUI/SOGoRootPage.h b/UI/MainUI/SOGoRootPage.h
index 387e11cd7..045d5d888 100644
--- a/UI/MainUI/SOGoRootPage.h
+++ b/UI/MainUI/SOGoRootPage.h
@@ -26,9 +26,6 @@
 #import <UI/SOGoUI/UIxComponent.h>
 
 @interface SOGoRootPage : UIxComponent
-{
-  NSString *userName;
-}
 
 @end
 
diff --git a/UI/MainUI/SOGoRootPage.m b/UI/MainUI/SOGoRootPage.m
index c47d8c8dc..b41ad202a 100644
--- a/UI/MainUI/SOGoRootPage.m
+++ b/UI/MainUI/SOGoRootPage.m
@@ -46,24 +46,8 @@
 
 @implementation SOGoRootPage
 
-- (void) dealloc
-{
-  [userName release];
-  [super dealloc];
-}
-
 /* accessors */
 
-- (void) setUserName: (NSString *) _value
-{
-  ASSIGNCOPY (userName, _value);
-}
-
-- (NSString *) userName
-{
-  return userName;
-}
-
 - (NSString *) connectURL
 {
   return [NSString stringWithFormat: @"%@connect", [self applicationPath]];
@@ -77,20 +61,27 @@
   WOCookie *authCookie;
   SOGoWebAuthenticator *auth;
   NSString *cookieValue, *cookieString;
+  NSString *userName, *password;
 
   auth = [[WOApplication application]
 	   authenticatorInContext: context];
   request = [context request];
-  response = [self responseWith204];
-  cookieString = [NSString stringWithFormat: @"%@:%@",
-			   [request formValueForKey: @"userName"],
-			   [request formValueForKey: @"password"]];
-  cookieValue = [NSString stringWithFormat: @"basic %@",
-			  [cookieString stringByEncodingBase64]];
-  authCookie = [WOCookie cookieWithName: [auth cookieNameInContext: context]
-			 value: cookieValue];
-  [authCookie setPath: @"/"];
-  [response addCookie: authCookie];
+  userName = [request formValueForKey: @"userName"];
+  password = [request formValueForKey: @"password"];
+  if ([auth checkLogin: userName password: password])
+    {
+      response = [self responseWith204];
+      cookieString = [NSString stringWithFormat: @"%@:%@",
+			       userName, password];
+      cookieValue = [NSString stringWithFormat: @"basic %@",
+			      [cookieString stringByEncodingBase64]];
+      authCookie = [WOCookie cookieWithName: [auth cookieNameInContext: context]
+			     value: cookieValue];
+      [authCookie setPath: @"/"];
+      [response addCookie: authCookie];
+    }
+  else
+    response = [self responseWithStatus: 403];
 
   return response;
 }
diff --git a/UI/SOGoUI/UIxComponent.m b/UI/SOGoUI/UIxComponent.m
index b64b5f02b..0417b4f0e 100644
--- a/UI/SOGoUI/UIxComponent.m
+++ b/UI/SOGoUI/UIxComponent.m
@@ -446,9 +446,6 @@ static BOOL uixDebugEnabled = NO;
 
 - (NSString *) shortUserNameForDisplay
 {
-  if ([context activeUser] == nil)
-    return @"wrongusernamepassword";
-
   return [[context activeUser] login];
 }
 
diff --git a/UI/Templates/MainUI/SOGoRootPage.wox b/UI/Templates/MainUI/SOGoRootPage.wox
index fd37387d3..8e281e830 100644
--- a/UI/Templates/MainUI/SOGoRootPage.wox
+++ b/UI/Templates/MainUI/SOGoRootPage.wox
@@ -7,6 +7,7 @@
   xmlns:const="http://www.skyrix.com/od/constant"
   xmlns:rsrc="OGo:url"
   xmlns:label="OGo:label"
+  const:popup="YES"
   ><var:string var:value="doctype" const:escapeHTML="NO"/>
   <form id="connectForm" var:href="connectURL">
     <div id="loginScreen">
@@ -14,9 +15,8 @@
 	 type="text/javascript">var loginSuffix = '<var:string value="loginSuffix"/>';</script
 	></var:if>
       <img const:alt="*" id="splash" rsrc:src="lori-login.jpg"/><br/><br/>
-      <var:if condition="shortUserNameForDisplay" const:value="wrongusernamepassword"
-      ><p class="error"><var:string label:value="Wrong username or password."/></p>
-      </var:if><label><var:string label:value="Username:"/><br/>
+      <p id="loginErrorMessage"><var:string label:value="Wrong username or password."/></p>
+      <label><var:string label:value="Username:"/><br/>
 	<input class="textField" id="userName" name="userName"
 	  type="text" var:value="userName" /></label><br/>
       <label><var:string label:value="Password:"/><br/>
diff --git a/UI/Templates/UIxPageFrame.wox b/UI/Templates/UIxPageFrame.wox
index 345176b90..3beb3e2cb 100644
--- a/UI/Templates/UIxPageFrame.wox
+++ b/UI/Templates/UIxPageFrame.wox
@@ -41,65 +41,58 @@
 
       <body var:class="bodyClasses"
 	><var:if condition="isCompatibleBrowser"
-	  >
-	  <var:if condition="shortUserNameForDisplay" const:value="anonymous"
-	    const:negate="YES"
-	    ><var:if condition="shortUserNameForDisplay"
-	      const:value="wrongusernamepassword"
-	      const:negate="YES"
-	      ><var:if condition="isPopup" const:negate="YES"
-		><var:if condition="context.isUIxDebugEnabled"
-		  ><div id="logConsole"><!-- space --></div></var:if>
-		<div id="linkBanner" class="linkbanner">
-		  <a id="logoff" var:href="logoffPath"
-		    ><var:string label:value="Disconnect" /></a>
-		  <var:if condition="userHasCalendarAccess">
-		    <var:if condition="isCalendar">
-		      <span class="active"><var:string label:value="Calendar"
-			  /></span>
-		    </var:if>
-		    <var:if condition="isCalendar" const:negate="YES">
-		      <a id="calendarBannerLink"
-			var:href="relativeCalendarPath"
-			><var:string label:value="Calendar" /></a>
-		    </var:if>
-		    |
+	  ><var:if condition="isPopup" const:negate="YES"
+	    ><var:if condition="context.isUIxDebugEnabled"
+	      ><div id="logConsole"><!-- space --></div></var:if>
+	    <div id="linkBanner" class="linkbanner">
+	      <a id="logoff" var:href="logoffPath"
+		><var:string label:value="Disconnect" /></a>
+	      <var:if condition="userHasCalendarAccess">
+		<var:if condition="isCalendar">
+		  <span class="active"><var:string label:value="Calendar"
+		      /></span>
 		  </var:if>
-		  <var:if condition="isContacts">
-		    <span class="active"><var:string label:value="Address Book"
-			/></span>
-		  </var:if>
-		  <var:if condition="isContacts" const:negate="YES">
-		    <a id="contactsBannerLink"
-		      var:href="relativeContactsPath"
-		      ><var:string label:value="Address Book" /></a>
-		  </var:if>
-		  |
-		  <var:if condition="userHasMailAccess">
-		    <var:if condition="isMail">
-		      <span class="active"><var:string label:value="Mail"
-			  /></span>
-		    </var:if>
-		    <var:if condition="isMail" const:negate="YES">
-		      <a id="mailBannerLink" var:href="relativeMailPath"
-			><var:string label:value="Mail" /></a>
-		    </var:if>
-		      |
-		  </var:if>
-		  <a id="preferencesBannerLink"
-		    var:href="relativePreferencesPath"
-		    ><var:string label:value="Preferences" /></a>
-		  <var:if condition="context.isUIxDebugEnabled"
-		    >| <a id="consoleBannerLink"
-		      href="#"><var:string
-			label:value="Log Console (dev.)" /></a
-		      ></var:if>
-		</div>
-	      </var:if
-		><var:component className="UIxToolbar" var:toolbar="toolbar"
-		/>
-	    </var:if></var:if>
-	  
+		<var:if condition="isCalendar" const:negate="YES">
+		  <a id="calendarBannerLink"
+		    var:href="relativeCalendarPath"
+		    ><var:string label:value="Calendar" /></a>
+		</var:if>
+		|
+	      </var:if>
+	      <var:if condition="isContacts">
+		<span class="active"><var:string label:value="Address Book"
+		    /></span>
+	      </var:if>
+	      <var:if condition="isContacts" const:negate="YES">
+		<a id="contactsBannerLink"
+		  var:href="relativeContactsPath"
+		  ><var:string label:value="Address Book" /></a>
+	      </var:if>
+	      |
+	      <var:if condition="userHasMailAccess">
+		<var:if condition="isMail">
+		    <span class="active"><var:string label:value="Mail"
+		      /></span>
+		</var:if>
+		<var:if condition="isMail" const:negate="YES">
+		  <a id="mailBannerLink" var:href="relativeMailPath"
+		    ><var:string label:value="Mail" /></a>
+		</var:if>
+		|
+	      </var:if>
+	      <a id="preferencesBannerLink"
+		var:href="relativePreferencesPath"
+		><var:string label:value="Preferences" /></a>
+	      <var:if condition="context.isUIxDebugEnabled"
+		>| <a id="consoleBannerLink"
+		  href="#"><var:string
+		    label:value="Log Console (dev.)" /></a
+		  ></var:if>
+	    </div>
+	  </var:if
+	    ><var:component className="UIxToolbar" var:toolbar="toolbar"
+	    />
+
 	  <div id="pageContent"><var:component-content/></div>
 
 	  <div id="javascriptSafetyNet"><!-- space --></div>
diff --git a/UI/WebServerResources/SOGoRootPage.css b/UI/WebServerResources/SOGoRootPage.css
index 2709e4799..1228fc9b8 100644
--- a/UI/WebServerResources/SOGoRootPage.css
+++ b/UI/WebServerResources/SOGoRootPage.css
@@ -48,8 +48,9 @@ DIV#loginButton IMG#progressIndicator
   margin-top: 5px;
   margin-left: 5px; }
 
-P.error
-{ color: #f00;
+#loginErrorMessage
+{ display: none;
+  color: #f00;
   text-align: center; }
 
 P.browser
diff --git a/UI/WebServerResources/SOGoRootPage.js b/UI/WebServerResources/SOGoRootPage.js
index 75fb9da6f..3cb8156e5 100644
--- a/UI/WebServerResources/SOGoRootPage.js
+++ b/UI/WebServerResources/SOGoRootPage.js
@@ -1,76 +1,80 @@
 function initLogin() {
-  var date = new Date();
-  date.setTime(date.getTime() - 86400000);
-  document.cookie = ("0xHIGHFLYxSOGo-0.9=discard; path=/"
-		     + "; expires=" + date.toGMTString());
-  var submit = $("submit");
-  submit.observe("click", onLoginClick);
+    var date = new Date();
+    date.setTime(date.getTime() - 86400000);
+    document.cookie = ("0xHIGHFLYxSOGo-0.9=discard; path=/"
+                       + "; expires=" + date.toGMTString());
+    var submit = $("submit");
+    submit.observe("click", onLoginClick);
 
-  var userName = $("userName");
-  userName.focus();
+    var userName = $("userName");
+    userName.focus();
 
-  var image = $("preparedAnimation");
-  image.parentNode.removeChild(image);
+    var image = $("preparedAnimation");
+    image.parentNode.removeChild(image);
 }
 
 function onLoginClick(event) {
-  var userNameField = $("userName");
-  var userName = userNameField.value;
-  var password = $("password").value;
+    var userNameField = $("userName");
+    var userName = userNameField.value;
+    var password = $("password").value;
 
-  if (userName.length > 0) {
-    startAnimation($("loginButton"), $("submit"));
+    if (userName.length > 0) {
+        startAnimation($("loginButton"), $("submit"));
 
-    if (typeof(loginSuffix) != "undefined"
-	&& loginSuffix.length > 0
-	&& !userName.endsWith(loginSuffix))
-      userName += loginSuffix;
-    var url = $("connectForm").getAttribute("action");
-    var parameters = ("userName=" + encodeURI(userName) + "&password=" + encodeURI(password));
-    document.cookie = "";
-    triggerAjaxRequest(url, onLoginCallback, null, parameters,
-		       { "Content-type": "application/x-www-form-urlencoded",
-			 "Content-length": parameters.length,
-			 "Connection": "close" });
-  }
-  else
-    userNameField.focus();
+        if (typeof(loginSuffix) != "undefined"
+            && loginSuffix.length > 0
+            && !userName.endsWith(loginSuffix))
+            userName += loginSuffix;
+        var url = $("connectForm").getAttribute("action");
+        var parameters = ("userName=" + encodeURI(userName) + "&password=" + encodeURI(password));
+        document.cookie = "";
+        triggerAjaxRequest(url, onLoginCallback, null, parameters,
+                           { "Content-type": "application/x-www-form-urlencoded",
+                                   "Content-length": parameters.length,
+                                   "Connection": "close" });
+    }
+    else
+        userNameField.focus();
 
-  preventDefault(event);
+    preventDefault(event);
 }
 
 function onLoginCallback(http) {
-  if (http.readyState == 4) {
-    if (isHttpStatus204(http.status)) {
-      var userName = $("userName").value;
-      if (typeof(loginSuffix) != "undefined"
-          && loginSuffix.length > 0
-          && !userName.endsWith(loginSuffix))
-        userName += loginSuffix;
-      var address = "" + window.location.href;
-      var baseAddress = ApplicationBaseURL + encodeURI(userName);
-      var altBaseAddress;
-      if (baseAddress[0] == "/") {
-        var parts = address.split("/");
-        var hostpart = parts[2];
-        var protocol = parts[0];
-        baseAddress = protocol + "//" + hostpart + baseAddress;
-      }
-      var altBaseAddress;
-      var parts = baseAddress.split("/");
-      parts.splice(3, 0);
-      altBaseAddress = parts.join("/");
+    if (http.readyState == 4) {
+        if (isHttpStatus204(http.status)) {
+            var userName = $("userName").value;
+            if (typeof(loginSuffix) != "undefined"
+                && loginSuffix.length > 0
+                && !userName.endsWith(loginSuffix))
+                userName += loginSuffix;
+            var address = "" + window.location.href;
+            var baseAddress = ApplicationBaseURL + encodeURI(userName);
+            var altBaseAddress;
+            if (baseAddress[0] == "/") {
+                var parts = address.split("/");
+                var hostpart = parts[2];
+                var protocol = parts[0];
+                baseAddress = protocol + "//" + hostpart + baseAddress;
+            }
+            var altBaseAddress;
+            var parts = baseAddress.split("/");
+            parts.splice(3, 0);
+            altBaseAddress = parts.join("/");
 
-      var newAddress;
-      if ((address.startsWith(baseAddress)
-           || address.startsWith(altBaseAddress))
-          && !address.endsWith("/logoff"))
-        newAddress = address;
-      else
-        newAddress = baseAddress;
-      window.location.href = newAddress;
+            var newAddress;
+            if ((address.startsWith(baseAddress)
+                 || address.startsWith(altBaseAddress))
+                && !address.endsWith("/logoff"))
+                newAddress = address;
+            else
+                newAddress = baseAddress;
+            window.location.href = newAddress;
+        }
+        else {
+            var message = $("loginErrorMessage");
+            message.setStyle({ display: "block" });
+        }
     }
-  }
 }
 
 FastInit.addOnLoad(initLogin);