#2375 closed enhancement (fixed)
Permission denied page should mention logging in if not logged in.
| Reported by: | Owned by: | Remy Blank | |
|---|---|---|---|
| Priority: | normal | Milestone: | 1.0 |
| Component: | general | Version: | 0.9 |
| Severity: | normal | Keywords: | |
| Cc: | Branch: | ||
| Release Notes: |
Improved permission denied error message |
||
| API Changes: | |||
| Internal Changes: | |||
Description
There are many privileges I revoke from anonymous but grant to authenticated.
Permission Denied TICKET_CREATE privileges are required to perform this operation
When a user is not logged in and encounters the permission denied page it is not obvious that the person could log in and attempt to view the page.
Currently, not all users in my organization are trained to use Trac, however we have a single-sign-on setup and Apache/Trac supports that. Thus all users in my organization can log in to trac.
When a new user comes to trac (and I point them at /newticket or something) they get a permission denied message and don't know what to do next. Instead, maybe we could have a message that looks like:
Permission Denied TICKET_CREATE privileges are required to perform this operation You are not logged in, please :login: and try again.
And with the 2nd attempt (if it still fails), present the message that the user logged in does not have the required ACL. Something like:
Permission Denied TICKET_CREATE privileges are required to perform this operation Your login, $REMOTE_USER, does not have the required permissions. [perhaps list the permissions granted here as well]
Attachments (1)
Change History (8)
comment:1 by , 19 years ago
| Milestone: | → 0.9.2 |
|---|
comment:2 by , 19 years ago
| Milestone: | 0.9.3 → 1.0 |
|---|
by , 19 years ago
A hacked error.cs file that kind of implements the required functionality. It's nowhere near perfect, but it's mildly functional.
comment:3 by , 19 years ago
I just attached a modified error.cs file. You can dump it in the templates folder of your configuration and it will override the default. It's based on the 0.9.4 version from the distribution, and trys to give the user hints about what they can do.
This is the first time I've looked at Clearsilver/Python, so the results aren't pretty. Take it and hack it however you like if you think it's useful.
comment:5 by , 14 years ago
| Milestone: | triaging → 0.13 |
|---|---|
| Owner: | changed from to |
The first part (asking to login) has been implemented in [7494], released in 0.11.2 (and discussed in comment:16:ticket:5340).
We could also improve the error message as suggested in the second part.
comment:6 by , 14 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
A slightly better error message for permission errors has been committed in [10322].
comment:7 by , 13 years ago
| Release Notes: | modified (diff) |
|---|
let me toss in a milestone and you guys can change it from there…