Users without the permission to view a group were given a 404 if the
group did not exist, but a 403 if it existed but they lacked
permission. This change includes a quick fix to return a 404 if the
user does not have the ability to view a group.
I'm considering adding a keyword argument to user_has_permission where the caller can indicate whether the function being accessed is secret and that a 404 should be returned rather than a 403. Any thoughts on that?
Users without the permission to view a group were given a 404 if the group did not exist, but a 403 if it existed but they lacked permission. This change includes a quick fix to return a 404 if the user does not have the ability to view a group.
I'm considering adding a keyword argument to user_has_permission where the caller can indicate whether the function being accessed is secret and that a 404 should be returned rather than a 403. Any thoughts on that?