Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Terminal Package Generates Unnecessary 403 Requests When User Lacks Required Policy #15

Closed
markusguenther opened this issue Jan 3, 2024 · 3 comments
Closed

Terminal Package Generates Unnecessary 403 Requests When User Lacks Required Policy #15

markusguenther opened this issue Jan 3, 2024 · 3 comments

Comments

@markusguenther
Copy link
Sponsor Contributor

Issue Description:

Overview:
The Shel.Neos.Terminal package in Neos currently generates a 403 Forbidden error in the backend when a user lacks the necessary policy. Given that the Terminal button is hidden in such cases, it seems redundant and counterintuitive for the package to trigger this error.

Expected Behavior:
Ideally, when a user does not have the required policy for the Terminal, the package should prevent the generation of a 403 Forbidden request, especially considering that the Terminal button is already hidden in such scenarios.

Steps to Reproduce:

  1. Create a user without the required policy for the Terminal (e.g. Editor).
  2. Log in to the Neos backend.
  3. Observe the network requests, where a 403 Forbidden request is generated by the Shel.Neos.Terminal package.

Actual Result:
The Shel.Neos.Terminal package triggers a 403 Forbidden request even though the Terminal button is appropriately hidden when the user lacks the required policy.

Screenshot 2024-01-03 at 13 29 04

Expected Result:
The package should suppress the generation of a 403 Forbidden request when the user does not have the necessary policy, given that the Terminal button is hidden in such cases.

Additional Information:

Neos version: 7.3
Terminal package version: 1.1
@Sebobo
Copy link
Owner

Sebobo commented Jan 3, 2024

The terminal only shows up when the request succeeds. Do you have a better idea on how to find out from a plugin whether something is allowed?

@markusguenther markusguenther mentioned this issue Jan 3, 2024
Merged
@markusguenther
Copy link
Sponsor Contributor Author

Could resolve one part of the issue, but did not know before that the request is used to know if someone has permissions.
Need to think about it :D

markusguenther added a commit to markusguenther/Shel.Neos.Terminal that referenced this issue Jan 4, 2024
@markusguenther
BUGFIX: Prevent error in console from getCommands
f648b5a 
This update introduces an additional endpoint to verify the user's access to available commands. Since this endpoint is not limited to the Admin or TerminalUser roles, we have implemented a safeguard to handle unsuccessful requests.

Conversely, there is also an extra request to retrieve commands when the user is authorized to manage them.

Fixes: Sebobo#15
@markusguenther markusguenther mentioned this issue Jan 4, 2024
Closed
@markusguenther
Copy link
Sponsor Contributor Author

I am not sure if you like it, but I now have a new command that has permissions for everybody to check if the user has available commands and that returns true or false.

With that approach we save the errors in the console but have one extra request.

@Sebobo Sebobo closed this as completed in d4f2443 Jan 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

BUGFIX: Prevent error in console from getCommands markusguenther/Shel.Neos.Terminal
2 participants
@Sebobo @markusguenther