app icon indicating copy to clipboard operation
app copied to clipboard
verified publisher icon testomatio

Incorrect error code and message when opening a project without access

Open TetianaKhomenko opened this issue 5 months ago • 4 comments

Describe the bug When attempting to open a Testomat project that my account does not have access to but I'm a member of the Company, the system returns HTTP 404 – "Project Not Found :disappointed_relieved:". This is misleading, as the project does exist, but I simply lack permissions to view it.

Expected behavior is to return HTTP 401 (Unauthorized) or HTTP 403 (Forbidden), along with a clear message indicating that the user needs to request access from an administrator. This will help users quickly understand the reason for the error and take the correct action, instead of assuming the project does not exist.

Steps to Reproduce:

  1. Log in to Testomat with an account that does not have access to a given project
  2. Attempt to open the project URL directly
  3. Observe the error code and message returned

Expected Result: Receive 401 Unauthorized or 403 Forbidden with a message such as:

"You don’t have access to this project. Please contact the manager to request access."

Actual Result:

Received 404 Not Found – "Project Not Found"

TetianaKhomenko avatar Aug 13 '25 14:08 TetianaKhomenko

Issue is still present

  • [x] User has access to Company but not to the project = 403 forbidden should be

Image

  • [x] User doesn't have access to Company + Project = 404 error Not found should be
Image

https://github.com/user-attachments/assets/92fe2aaf-7e44-4c45-affa-be6714cfd076

YanaBaranova0909 avatar Nov 06 '25 09:11 YanaBaranova0909

Please unify: User doesn't have access to Company + Project = 404 error Page Not found should be

  • [x] If user is redirected to the project page: has the old error
Image
  • [x] If user is redirected to the company page: 404 error Not found appears (as expected)
Image
  • [x] User doesn't have access to Company + Project = 404 error Not found should be

https://github.com/user-attachments/assets/af485e0c-49a0-42fd-b585-b3376c2110b5

  • [x] User has access to Company but not to the project = 403 forbidden should be

https://github.com/user-attachments/assets/a2377474-e965-4c07-ab14-7ff199464eb3

YanaBaranova0909 avatar Nov 07 '25 19:11 YanaBaranova0909

https://github.com/testomatio/testomatio/pull/7217#pullrequestreview-3456211219

Fro0z1k avatar Nov 13 '25 07:11 Fro0z1k

No need to return 403 @Fro0z1k when user doesn't have access to Company + Project

Only should be unified, old design for error 404 should not be existed ⬇️

Image

Change it to ⬇️

Image

YanaBaranova0909 avatar Nov 14 '25 13:11 YanaBaranova0909

  • [x] No Access to Project + Company (404)
Image
  • [x] No Access to Company (404)
Image
  • [x] No access Project (but has access to Company) (403)
Image
  • [x] Removed user (404)
Image

YanaBaranova0909 avatar Nov 20 '25 08:11 YanaBaranova0909