search

eloquence / lib.reviews

A free/libre code and information platform for reviews of anything
Creative Commons Zero v1.0 Universal
165 stars 13 forks source link

Fix error message for "User is not permitted to upload files" #322

Closed maltfield closed 5 months ago

maltfield commented 5 months ago

Bug: Currently if the user doesn't have permission to upload files to lib.reviews, it incorrectly gives the following error

There was a problem completing the requested action, sorry! This may be an Internet connection issue, or a coding error on our end.

Problem

If a user that doesn't have permission to upload a file attempts to upload a file, then the website UI gives them a misleading error message.

But, in fact, if you open the browser debugger then you can see a request to upload the file to https://lib.reviews/api/actions/upload returned a 400 error with the following JSON response

{"message":"Could not perform action.","errors":["User 'maltfield' is not permitted to upload files."]}

Steps to reproduce

  1. Create a new user (by default, it seems, new users don't have upload permission)
  2. Create a new review
  3. Click on the "Rich Text" tab of the Review input textarea
  4. Click the Upload and insert media button
  5. Click Select file
  6. Choose a file
  7. Enter something text into the description input textarea
  8. Check the box that says This file is my own work. I agree to release it under the CC-BY-SA license.
  9. Click Start upload

Solution

If the server returns an error because the user doesn't have permission to upload the files, then the UI should output an error message that very clearly indicates that this is a permission issue.

Ideally, it would literally include the contents of the errors key that's returned by the server. For example, the UI should say

User 'maltfield' is not permitted to upload files.
eloquence commented 5 months ago

Ah, good catch - you're exactly right, by default new users aren't marked as trusted yet, and this is a case that isn't handled yet. Will poke.

BTW, your own account has been marked as trusted for a while, so you should no longer be hitting this.

eloquence commented 5 months ago

I figured it'd be nicer to just hide the button (as we do for the other upload button) until the user is trusted, so they don't try to upload only to be hit by an error message. So that's what I've done for now.