Open gabestein opened 2 months ago
What should we show users when they navigate to a page that they're not authorized to see? IMO this is a good time to add a 403 error page
@kalilsn I'll update the requirements to reflect a redirect to a new 403 page. I don't think the contents of the page matter that much right now. Sound right?
Yeah, I think we can just render the sidebar and some kind of error text in the main page so that users can keep navigating. And we should probably call out the issue where contributors (so anyone who has been invited to fill out a form) can access the workflows and integrations pages in communities they are not a member of.
Yeah, that seems fine for now. I should also note that @tefkah is working on replacing the sidebar with ShadCN, which will make this easier, so it's fine to just do the errors for now.
Out of scope: fixing the issue where contributors can access the workflows and integrations pages for communitiesthey are not a member of.
I meant that should be in scope probably! But if there's another issue that covers it that's great too!
@kalilsn sorry I missed that one. @3mcd if this hasn't been done yet, let's add that back to the scope?
Motivation
So users can only navigate—and see links to—pages that they are capable by way of community membership.
Requirements
Modify pages so that non-community-level admins cannot access:
In addition, modify the pub page such that only community admins and members with explicit pub membership can see or access it.
When a user navigates to a page that they do not have access to, they should be redirected to a new Unauthorized page with generic error text. This page should have the side navigation visible so users can navigate away from the 403 page.
Acceptance Criteria
editCommunity
capability.