Closed jamlung-ri closed 3 months ago
Decision: Anonymous users cannot view other profiles, but logged-in users can see other profiles.
Note: Copy API Token and Edit Profile are actions that you cannot take on another user's profile.
To do:
@snyaggarwal You can go ahead and enable access to view a user profile to all signed in users
Decision: Anonymous users cannot view other profiles, but logged-in users can see other profiles.
Note: Copy API Token and Edit Profile are actions that you cannot take on another user's profile.
To do:
- @paulsonder Update 403 error page to have Sign-in/Registry
Hey @jamlung-ri I have enabled other user's profiles to be viewed in TBv3. This was already allowed in API. 403 should not have Sign-in/Register because 403 comes only when user is authenticated but cannot access specific thing. When they are not authenticated they get 401 and that already has sign-in/register
We seem to be exposing other people's user profiles more in OCLv3. However, OCL only allows you to view your own profile at the moment. We need to think about opening up other people's profiles for viewing.
See gif for example of the issue that we likely want to avoid: