403 error in access denied views #119
Comments
|
I've been able to test it manually, I can't get the response status code in selenium, same has also been a concern of few others at this stackoverflow answer |
|
@jayesh92 Is there a link to the tests that you are running? |
|
@willingc , https://github.com/jayesh92/vms/blob/master/vms/shift/tests/test_viewVolunteerShift.py#L57 |
|
@tapasweni-pathak I agree with Jayesh on this. It may be better to display a no rights page similar to the way no admin rights is displayed now in case of unauthorized access to admin views. A couple of test situations (A volunteer accessing another volunteer's view and an admin accessing a volunteer view) are failing due to this. |
|
@smarshy Sure. Please go ahead and raise an issue. I'll tag it as enhancement. After this I'll close this. One more thing, it is fine if admin accesses a volunteer view. Volunteer accessing other volunteer's view is not correct. |
|
@tapasweni-pathak Is it okay then for the admin to access all volunteer pages - list sign up, volunteer profile, report? Because right now, the following events happen when the admin tries to access volunteer pages- The error page shows up as the user has no volunteer and related object is not existing. Shouldn't there be a no rights page in those cases? |
|
@willingc @vubo @Nerdylicious @rosariorobinson What should be the ideal behavior here? |
|
Please use the issue template |
I was writing tests as I found that for many views like
shift/view_volunteer_shiftsin cases where one volunteer tries to access another volunteer's shifts, It raises a 403 error due the code on https://github.com/systers/vms/blob/develop/vms/shift/views.py#L598 . What this does this is that it just sets-up a 403 status code in response header and the user gets a blank page and status code can be seen if we open the console.Shouldn't we be sending a proper Access Denied page instead of just the error code ?
The text was updated successfully, but these errors were encountered: