New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Show "Not found" page if user lacks permission for entity. #4139

Merged
merged 1 commit into from Sep 12, 2017

Conversation

Projects
None yet
2 participants
@dennisoelkers
Member

dennisoelkers commented Sep 12, 2017

Description

Motivation and Context

Before this change, the user was redirected to the user's startpage,
when fetching an entity failed with an http error code of 403 (obviously
being the case for non-admin users only, admin users either get the
entity or a 404). This results in an infinite redirect loop if the
missing or non-permitted entity/resource is the same as the configured
start page.

With this change, the user is redirected to the already existing "Not
found" page previously used to handle nonexisting resources. This also
raises the user's attention that the configured start page is
inaccessible.

This change should also be merged into master.

Fixes #4117.

How Has This Been Tested?

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
Show "Not found" page if user lacks permission for entity.
Before this change, the user was redirected to the user's startpage,
when fetching an entity failed with an http error code of 403 (obviously
being the case for non-admin users only, admin users either get the
entity or a 404). This results in an infinite redirect loop if the
missing or non-permitted entity/resource is the same as the configured
start page.

With this change, the user is redirected to the already existing "Not
found" page previously used to handle nonexisting resources. This also
raises the user's attention that the configured start page is
inaccessible.

Fixes #4117.
@joschi

joschi approved these changes Sep 12, 2017

@joschi joschi self-assigned this Sep 12, 2017

@joschi joschi merged commit 4824e52 into 2.3 Sep 12, 2017

5 checks passed

ci-web-linter Jenkins build graylog-pr-linter-check 1895 has succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
graylog-project/pr Jenkins build graylog-project-pr-snapshot 427 has succeeded
Details
license/cla Contributor License Agreement is signed.
Details

@joschi joschi deleted the issue-4117 branch Sep 12, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment