Show "Not found" page if user lacks permission for entity (#4143)

Before this change, the user was redirected to the user's startpage, when fetching an entity failed with an http error code of 403 (obviously being the case for non-admin users only, admin users either get the entity or a 404). This results in an infinite redirect loop if the missing or non-permitted entity/resource is the same as the configured start page. With this change, the user is redirected to the already existing "Not found" page previously used to handle nonexisting resources. This also raises the user's attention that the configured start page is inaccessible. Fixes #4117 (cherry picked from commit c89f7d6)
Graylog2 · Sep 13, 2017 · 88efe5e · 88efe5e
1 parent 90a0457
commit 88efe5e
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 2 deletions.
diff --git a/graylog2-web-interface/src/logic/rest/FetchProvider.js b/graylog2-web-interface/src/logic/rest/FetchProvider.js
@@ -71,7 +71,7 @@ export class Builder {
 
         // Redirect to the start page if a user is logged in but not allowed to access a certain HTTP API.
         if (SessionStore.isLoggedIn() && error.status === 403) {
-          history.replaceState(null, Routes.STARTPAGE);
+          history.replaceState(null, Routes.NOTFOUND);
         }
 
         if (error.originalError && !error.originalError.status) {

diff --git a/graylog2-web-interface/src/pages/NotFoundPage.jsx b/graylog2-web-interface/src/pages/NotFoundPage.jsx
@@ -19,7 +19,7 @@ const NotFoundPage = React.createClass({
         <Row className="jumbotron-container">
           <Col mdOffset={2} md={8}>
             <Jumbotron>
-              <h1>404 - Page not found</h1>
+              <h1>Page not found</h1>
               <p>The party gorilla was just here, but had another party to rock.</p>
               <p>Oh, party gorilla! How we miss you! Will we ever see you again?</p>
             </Jumbotron>

diff --git a/graylog2-web-interface/src/routing/AppRouter.jsx b/graylog2-web-interface/src/routing/AppRouter.jsx
@@ -141,6 +141,7 @@ const AppRouter = React.createClass({
             <Route path={Routes.SYSTEM.OVERVIEW} component={SystemOverviewPage} />
             <Route path={Routes.SYSTEM.THREADDUMP(':nodeId')} component={ThreadDumpPage} />
             {pluginRoutes}
+            <Route path={Routes.NOTFOUND} component={NotFoundPage} />
             <Route path="*" component={NotFoundPage} />
           </Route>
         </Route>

diff --git a/graylog2-web-interface/src/routing/Routes.jsx b/graylog2-web-interface/src/routing/Routes.jsx
@@ -43,6 +43,7 @@ PluginStore.exports('routes').forEach((pluginRoute) => {
 
 const Routes = {
   STARTPAGE: '/',
+  NOTFOUND: '/notfound',
   SEARCH: '/search',
   STREAMS: '/streams',
   ALERTS: {