kalilsn
commented
2 days ago What should we show users when they navigate to a page that they're not authorized to see? IMO this is a good time to add a 403 error page
Open gabestein opened 1 month ago
kalilsn
commented
2 days ago What should we show users when they navigate to a page that they're not authorized to see? IMO this is a good time to add a 403 error page
3mcd
commented
2 days ago @kalilsn I'll update the requirements to reflect a redirect to a new 403 page. I don't think the contents of the page matter that much right now. Sound right?
kalilsn
commented
2 days ago Yeah, I think we can just render the sidebar and some kind of error text in the main page so that users can keep navigating. And we should probably call out the issue where contributors (so anyone who has been invited to fill out a form) can access the workflows and integrations pages in communities they are not a member of.
gabestein
commented
2 days ago Yeah, that seems fine for now. I should also note that @tefkah is working on replacing the sidebar with ShadCN, which will make this easier, so it's fine to just do the errors for now.
kalilsn
commented
2 days ago Out of scope: fixing the issue where contributors can access the workflows and integrations pages for communitiesthey are not a member of.
I meant that should be in scope probably! But if there's another issue that covers it that's great too!
Motivation
So users can only navigate—and see links to—pages that they are capable by way of community membership.
Requirements
Modify pages so that non-community-level admins cannot access:
In addition, modify the pub page such that only community admins and members with explicit pub membership can see or access it.
When a user navigates to a page that they do not have access to, they should be redirected to a new Unauthorized page with generic error text. This page should have the side navigation visible so users can navigate away from the 403 page.
Acceptance Criteria
editCommunitycapability.