Help Desk

Incorrect Response on No Permission

  • Posts: 3 Topics: 3
    | Permalink

    Scenario: User has no permission to edit their own events. When they click on “Events > Community: My Events” they will see links to the events they’ve submitted that are not yet published. If they click the “view” link the site returns the “404:Not Found” response page. This should instead be “403:Denied” response with a page explaining the user doesn’t have permission to edit the page.

    The link below is to our testing server. We currently are bypassing the problem simply by allowing the users to edit their own events as I believe that’s what the client wants to do anyway.

    Posts: 18146 Topics: 17 Answers: 973
    | Permalink

    I don’t disagree, but on the flip side this would seem to parallel WordPress’s own behaviour where a subscriber (or even an unauthenticated user) attempts to access a draft. They will see a 404 error, typically, whereas an admin will be able to view it.

    Where possible we do tend to follow the same path as WordPress but – again – I can see your point. What I’d recommend in this case is posting this as a feature request on our UserVoice page, as we’d love to see if others feel this is important or have other views on the subject.

    Thanks!

    Posts: 18146 Topics: 17 Answers: 973
    | Permalink

    Hi! It’s been a while so I’m going to go ahead and close this thread (and so it will no longer be monitored by staff). If we can help with anything else, though, please don’t hesitate to create new threads as needed. Thanks!