Umbraco-CMS icon indicating copy to clipboard operation
Umbraco-CMS copied to clipboard

V16: Adds a state for "forbidden" for entities that return 403 (Access denied)

Open iOvergaard opened this issue 10 months ago • 3 comments

This pull request introduces enhancements to error handling and user feedback mechanisms in the Umbraco.Web.UI.Client project. Specifically, it improves localization support for error messages across multiple languages, refines the handling of forbidden and not-found states, and adds new UI components to display these states. Below is a breakdown of the most important changes:

Screenshots

📄 Document not found

image

👤 User group not found (base entity)

image

How to test

Verify forbidden:

  1. Create a user in a group that does not have access to certain nodes
  2. Log in to that user and click on the nodes
  3. You should see a "forbidden" message

Verify not found:

  1. Go to any document or entity
  2. Change the GUID in the URL
  3. You should see a "not found" message

Changes

Localization Enhancements

  • Added localized strings for forbidden and not-found error messages in Danish (src/assets/lang/da.ts) [1] [2] German (src/assets/lang/de.ts) [3] [4] and English (src/assets/lang/en.ts) [5] [6].

Error Handling Improvements

  • Updated UmbTryExecuteController to handle additional HTTP error statuses (400, 401, 403, 404) gracefully without displaying notifications, allowing the UI to manage these errors. (src/packages/core/resources/try-execute/try-execute.controller.ts).

UI Components for Error States

  • Introduced a new umb-route-forbidden component to display a "Forbidden" message for restricted routes. (src/packages/core/router/route/forbidden/route-forbidden.element.ts).
  • Added umb-entity-detail-forbidden component to show a "Forbidden" message for restricted entity details. (src/packages/core/workspace/entity-detail/global-components/entity-detail-forbidden.element.ts).

Workspace Context Updates

  • Enhanced UmbEntityDetailWorkspaceContextBase to manage forbidden states using a new forbidden state manager. (src/packages/core/workspace/entity-detail/entity-detail-workspace-base.ts) [1] [2] [3] [4].
  • Updated workspace editor components (entity-detail-workspace-editor.element.ts and document-workspace-editor.element.ts) to render forbidden states and adjust routing accordingly. (src/packages/core/workspace/entity-detail/global-components/entity-detail-workspace-editor.element.ts) [1] [2] and (src/packages/documents/documents/workspace/document-workspace-editor.element.ts) [3] [4] [5].

Routing Adjustments

  • Exported the new umb-route-forbidden component in the router index file to integrate with routing logic. (src/packages/core/router/route/index.ts).

iOvergaard avatar Jun 13 '25 14:06 iOvergaard

Note: One interesting finding is that base entities (those using the base view, such as users, groups, data-types, etc.) handle "not found" - and now also "forbidden" - as Lit states (@state()), whereas documents handle it as routes. There are certain advantages to both; handling it through the router allows us to lazyload those elements from the 'router' package, however, handling it as states is a little easier since we are using Lit anyway. The router is not the most stable way if, say, we forget to remove the forbidden route again.

iOvergaard avatar Jun 13 '25 14:06 iOvergaard

Azure Static Web Apps: Your stage site is ready! Visit it here: https://victorious-ground-017b08103-19557.westeurope.6.azurestaticapps.net

github-actions[bot] avatar Jun 13 '25 15:06 github-actions[bot]

Azure Static Web Apps: Your stage site is ready! Visit it here: https://victorious-ground-017b08103-19557.westeurope.6.azurestaticapps.net

github-actions[bot] avatar Jun 13 '25 16:06 github-actions[bot]

Azure Static Web Apps: Your stage site is ready! Visit it here: https://victorious-ground-017b08103-19557.westeurope.6.azurestaticapps.net

github-actions[bot] avatar Jun 25 '25 07:06 github-actions[bot]

Azure Static Web Apps: Your stage site is ready! Visit it here: https://victorious-ground-017b08103-19557.westeurope.6.azurestaticapps.net

github-actions[bot] avatar Jun 26 '25 10:06 github-actions[bot]

Azure Static Web Apps: Your stage site is ready! Visit it here: https://victorious-ground-017b08103-19557.westeurope.6.azurestaticapps.net

github-actions[bot] avatar Jun 26 '25 10:06 github-actions[bot]