workspace icon indicating copy to clipboard operation
workspace copied to clipboard
verified publisher icon arawa

Access error should return a page template and not a json

Open StCyr opened this issue 4 years ago • 3 comments

When a user who is not in GeneralManager group, he has a json page and not a web page from Nextcloud.

To test that :

  1. First, you connect to our dev platform ;
  2. Second, in the users settings, remove me to GeneralManager group ;
  3. Third, use impersonate to impersonate me ;
  4. Then, click on the Workspace button and look at the result ;

I think the Middleware should return a page template.

Doc : https://docs.nextcloud.com/server/21/developer_manual/basics/middlewares.html.

Originally posted by @zak39 in https://github.com/arawa/workspace/pull/22#discussion_r625208137

StCyr avatar May 03 '21 18:05 StCyr

@zak39 I've created an issue for that.

I don't think it's a very urgent issue as this error shouldn't happen: the frontent should not ask the backend to perform operations that the user is not allowed to do. So, the only cases where this error would show up are either a bug in the frontend or a call originating from somewhere else than the frontend.

StCyr avatar May 03 '21 18:05 StCyr

Thanks @StCyr :)

We must find a solution to hide the workspace button in the header and show authorized users only.

But we should create an error page 403 Forbidden (https://developer.mozilla.org/fr/docs/Web/HTTP/Status/403) which forbidden users access to resource.

I agree that this issue is not urgent.

zak39 avatar May 04 '21 07:05 zak39

We must find a solution to hide the workspace button in the header and show authorized users only.

We can use the 'limit to groups" app functionnality:

image

StCyr avatar May 04 '21 09:05 StCyr