Loris [candidate_profile] Access denied not properly shown to the user.

[candidate_profile] Access denied not properly shown to the user.

Open racostas opened this issue 4 years ago • 3 comments

Describe the bug When a user have access to the info of a given candidate but doesn't have the permission to access the candidate_profile module no error is shown to the user (in place a blank page is shown).

To Reproduce

Make sure the user you're logged doesn't have access to the candidate_profile module.
Request the URL: IP/candidate_profile/DCCID-of-candidate-user-do-have-access (example IP/candidate_profile/300001). (Make sure you have access to candidate 300001).
A blank page is shown to the user. (the console shows the proper 403 error)

What did you expect to happen? A permission denied message displayed to the user.

Sep 10 '20 13:09 racostas

What do you mean "doesn't have the permission to access the candidate_profile module"?

Sep 10 '20 14:09 driusan

Hi @driusan , thanks for addressing this. So far I found only two permissions that could give access to the candidate profile (but my knowledge of permissions is yet a bit limited so could be more): (in de Admin Panel): "Data entry" and "Across all sites access candidate profile".

The issue reported is observed when neither of this permissions is granted to the user.

Thanks.

Sep 10 '20 16:09 racostas

*(in the Admin Panel)

Sep 10 '20 16:09 racostas

Loris Loris copied to clipboard

[candidate_profile] Access denied not properly shown to the user.

Loris
Loris copied to clipboard