Details
-
Improvement
-
Resolution: Unresolved
-
High
-
5.4.9
-
None
Description
When a valid user try to login and access an unauthorized resource, and unauthorizedException is thrown to early in the viewController eventListener.
Step to reproduce :
Create a user in member group
Set restricted section to a content accessible on the front office
Login on the frontoffice with the member
try to access your restricted resource --> an UnauthorizedException is raised when loading the dedicated location
Solution : usage of sudo to load the current location
Update (customer support):
Steps to reproduce (detailed):
1. Create the following content structure:
Home Tests (folder)
2. Create a new section called "Test section" and assign it to "Home/Tests";
3. Create a new editor user e.g. "John Smith";
Note: by default, the "editor" role only grants content|read permission to the Standard, Media and Restricted sections, meaning editors don't have access to the new "Test section".
4. Set up the installation in "dev" environment;
5. Go to the frontend, and try to access "example.com/eng/Tests". It is a restricted area, so you will be re-directed to "example.com/eng/login";
6. Login as the new editor user. Since editors have no access to content that belong to the "Test section" section, an error will be displayed:
Access Denied. 403 Forbidden - AccessDeniedHttpException 1 linked Exception: AccessDeniedException »
This message is too vague and should be improved.
Note: with the customer's proposed enhancement, the message is now more accurate:
User does not have access to 'read' 'content' 403 Forbidden - AccessDeniedHttpException 1 linked Exception: UnauthorizedException »