Incorrect Response on No Permission
Scenario: User has no permission to edit their own events. When they click on “Events > Community: My Events” they will see links to the events they’ve submitted that are not yet published. If they click the “view” link the site returns the “404:Not Found” response page. This should instead be “403:Denied” response with a page explaining the user doesn’t have permission to edit the page.
The link below is to our testing server. We currently are bypassing the problem simply by allowing the users to edit their own events as I believe that’s what the client wants to do anyway.
I don’t disagree, but on the flip side this would seem to parallel WordPress’s own behaviour where a subscriber (or even an unauthenticated user) attempts to access a draft. They will see a 404 error, typically, whereas an admin will be able to view it.
Where possible we do tend to follow the same path as WordPress but – again – I can see your point. What I’d recommend in this case is posting this as a feature request on our UserVoice page, as we’d love to see if others feel this is important or have other views on the subject.
The topic ‘Incorrect Response on No Permission’ is closed to new replies.