Add gatekeeper that checks access to entity
|Reported by:||ewinslow||Owned by:|
|Priority:||normal||Milestone:||Near Term Future Release|
Description (last modified by mrclay)
if get_entity() returns FALSE, there are two possibilites:
- The entity does not exist at all
- The entity exists, but is not visible to the user
As it stands, there is no indication which one it is when you visit a protected resource. This has caused great confusion amongst our users. They complain to each other that links are broken when in reality it's because the resource that contains the link is visible but the resource being linked to is not visible. We need a clean way of explaining to the user what the problem is. That is, we need to give either a 404 (broken link) or 403 (access denied) page in the appropriate case.
So I propose entity_gatekeeper():
- When the entity is visible, it returns the entity (makes for a nice shortcut).
- When the entity is not visible, it calls forward and specifies '403' for the "reason" (see #2237).
- When the entity is non-existent, it forwards and specifies '404' for the reason.
Change History (9)
comment:1 Changed 3 years ago by ewinslow
- Summary changed from Add gatekeeper than checks access to entity to Add gatekeeper that checks access to entity
comment:2 Changed 3 years ago by brettp
- Difficulty set to difficult
- Milestone changed from Elgg 1.8 to Elgg 1.9