New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Terminal Package Generates Unnecessary 403 Requests When User Lacks Required Policy #15
Comments
The terminal only shows up when the request succeeds. Do you have a better idea on how to find out from a plugin whether something is allowed? |
Could resolve one part of the issue, but did not know before that the request is used to know if someone has permissions. |
This update introduces an additional endpoint to verify the user's access to available commands. Since this endpoint is not limited to the Admin or TerminalUser roles, we have implemented a safeguard to handle unsuccessful requests. Conversely, there is also an extra request to retrieve commands when the user is authorized to manage them. Fixes: Sebobo#15
I am not sure if you like it, but I now have a new command that has permissions for everybody to check if the user has available commands and that returns true or false. With that approach we save the errors in the console but have one extra request. |
Issue Description:
Overview:
The Shel.Neos.Terminal package in Neos currently generates a 403 Forbidden error in the backend when a user lacks the necessary policy. Given that the Terminal button is hidden in such cases, it seems redundant and counterintuitive for the package to trigger this error.
Expected Behavior:
Ideally, when a user does not have the required policy for the Terminal, the package should prevent the generation of a 403 Forbidden request, especially considering that the Terminal button is already hidden in such scenarios.
Steps to Reproduce:
Actual Result:
The Shel.Neos.Terminal package triggers a 403 Forbidden request even though the Terminal button is appropriately hidden when the user lacks the required policy.
Expected Result:
The package should suppress the generation of a 403 Forbidden request when the user does not have the necessary policy, given that the Terminal button is hidden in such cases.
Additional Information:
The text was updated successfully, but these errors were encountered: