You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A user who attempts to log in but does not have roles assigned or has a roles with no tabs assigned will see only the hung login screen.
Steps to reproduce the behavior:
Create user with no role
log in
Note that on the backend we do correctly classify this as a 403 error but that is not sent to the browser.
WARN auth.PrincipalThreadLocal - getName null
12:39:42.763 INFO util.SecurityLogger - class com.dotcms.cms.login.LoginServiceAPIFactory$LoginServiceImpl : User dotcms.org.2908 has successfully login from IP:-2450-12:39:42.788 INFO util.SecurityLogger - class com.dotmarketing.cms.login.factories.LoginFactory : User test@test.com has sucessfully login from IP:-2451-12:39:42.790 ERROR business.HostAPIImpl - User dotcms.org.2908 does not have permission to host:demo.dotcms.com
12:39:42.799 WARN exception.ForbiddenException - {“error”:“dotcms.api.error.forbidden: User dotcms.org.2908 does not have permission to host:demo.dotcms.com”}
com.dotcms.rest.exception.ForbiddenException: HTTP 403 Forbidden
Expected behavior
A clear message/403 should be returned to user
Desktop (please complete the following information):
OS: [e.g. iOS]
Browser [e.g. chrome, safari]
Version 4.x, 5.x
Additional context
Add any other context about the problem here.
Acceptance Criteria
Match the design
Work in all the supported browsers (don't forget IE11 and iPad)
Multilanguage
Unit test
The text was updated successfully, but these errors were encountered:
This issue has been automatically marked as stale because it has not had activity within the past 90 days. It will be closed in 30 days no further activity occurs. Thank you.
Describe the bug
A user who attempts to log in but does not have roles assigned or has a roles with no tabs assigned will see only the hung login screen.
Steps to reproduce the behavior:
Note that on the backend we do correctly classify this as a 403 error but that is not sent to the browser.
WARN auth.PrincipalThreadLocal - getName null
12:39:42.763 INFO util.SecurityLogger - class com.dotcms.cms.login.LoginServiceAPIFactory$LoginServiceImpl : User dotcms.org.2908 has successfully login from IP:-2450-12:39:42.788 INFO util.SecurityLogger - class com.dotmarketing.cms.login.factories.LoginFactory : User test@test.com has sucessfully login from IP:-2451-12:39:42.790 ERROR business.HostAPIImpl - User dotcms.org.2908 does not have permission to host:demo.dotcms.com
12:39:42.799 WARN exception.ForbiddenException - {“error”:“dotcms.api.error.forbidden: User dotcms.org.2908 does not have permission to host:demo.dotcms.com”}
com.dotcms.rest.exception.ForbiddenException: HTTP 403 Forbidden
Expected behavior
A clear message/403 should be returned to user
Desktop (please complete the following information):
Additional context
Add any other context about the problem here.
Acceptance Criteria
The text was updated successfully, but these errors were encountered: