Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

CUG access denied response code

Avatar

Avatar
Validate 50
Level 4
Dinu_Arya
Level 4

Likes

38 likes

Total Posts

181 posts

Correct Reply

16 solutions
Top badges earned
Validate 50
Validate 25
Validate 10
Validate 1
Ignite 5
View profile

Avatar
Validate 50
Level 4
Dinu_Arya
Level 4

Likes

38 likes

Total Posts

181 posts

Correct Reply

16 solutions
Top badges earned
Validate 50
Validate 25
Validate 10
Validate 1
Ignite 5
View profile
Dinu_Arya
Level 4

20-02-2018

Hi Team,

I have setup CUG in my local environment. I have created 2 groups and 2 users. I assigned the groups to 2 pages say page1 and page2. Now user1 accessed page1 and after login user1 is redirected to page1. Now the user1 accessed page2. He is getting "Page not found" this might be because of 404 response code. 404 is when the accessed resource (ideally page) is not available. But here it is there but the user (user1) doesn't have access to the page. We would like to display message like "Access Denied/ You don't have permission to access this page" something like this.

How can I differentiate these 2 scenarios?

Please help me in this.

Thanks,

AryA

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,115 likes

Total Posts

3,149 posts

Correct Reply

1,072 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,115 likes

Total Posts

3,149 posts

Correct Reply

1,072 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile
Jörg_Hoh
Employee

20-02-2018

CUG is implemented via groups, that means using the permissions built into the repository itself. As a user you only see the pages which are visible to you, but not the ones which you are denied to see.

That means that the repository will give you the same response (from an API point of view) if

* you want to access a non-existing node

* you want to access a node, which you are not allowed to see.

This is for security reasons.

If you want to give the user a hint, that the permissions are insufficient, you should implement a custom 404 handler, which internally checks which of the both cases are the true reason behind the 404.

Jörg

Answers (0)