WordPress.org

Make WordPress Core

Opened 13 months ago

Closed 7 months ago

#44833 closed defect (bug) (fixed)

Return a more accurate error message when user cannot perform the requested action

Reported by: desrosj Owned by: desrosj
Milestone: 5.2 Priority: normal
Severity: normal Version: 4.9.6
Component: Privacy Keywords: has-patch commit
Focuses: administration Cc:

Description

When a user attempts to export or erase personal data, the export_others_personal_data and erase_others_personal_data & delete_users capabilities (respectively) are checked for the current user.

If these checks fail, Invalid Request. is returned as an error message. A more accurate error message should be returned that indicates the user does not have the required permission to perform the requested action.

Attachments (3)

44833-error-message.patch (1.1 KB) - added by jplojohn 13 months ago.
44833.diff (1012 bytes) - added by mmuhsin 13 months ago.
44833-updated.diff (1006 bytes) - added by mmuhsin 8 months ago.
Updated error message with a consistent string.

Download all attachments as: .zip

Change History (16)

#1 @jplojohn
13 months ago

  • Keywords has-patch added; needs-patch removed

I have added a patch file which provides more useful error descriptions for the user.

This is my first time contributing - I'm fairly sure this is correct in both code and procedure, but I may have misread the handbook!

@mmuhsin
13 months ago

#2 @mmuhsin
13 months ago

I just submitted a patch. Instead of 'Invalid Request.', I changed the message to read 'Sorry, you do not have permission to perform this task.'.

#3 @idea15
13 months ago

  • Owner set to javorszky
  • Status changed from new to assigned

This ticket was mentioned in Slack in #core-privacy by desrosj. View the logs.


12 months ago

#5 @pento
12 months ago

  • Milestone changed from 4.9.9 to Future Release

This ticket was mentioned in Slack in #core-privacy by webdevlaw. View the logs.


12 months ago

#7 @desrosj
10 months ago

  • Owner changed from javorszky to desrosj

#8 @garrett-eclipse
8 months ago

  • Keywords good-first-bug removed

#9 @garrett-eclipse
8 months ago

  • Keywords needs-testing added

#10 @garrett-eclipse
8 months ago

  • Keywords needs-refresh added; needs-testing removed

Thanks @jplojohn and @mmuhsin for providing patches.

After reviewing the verbiage I would like to suggest the following to match better with existing conventions for these types of messages.

For both permission checks I'd suggest a single consistent string;
Sorry, you are not allowed to perform this action.

If you're able to refresh the patch that's always appreciated.

@mmuhsin
8 months ago

Updated error message with a consistent string.

#11 @mmuhsin
8 months ago

Thanks for the feedback @garrett-eclipse!

I have uploaded a new patch with the string you suggested for both the error messages.

#12 @garrett-eclipse
8 months ago

  • Keywords commit added; needs-refresh removed
  • Milestone changed from Future Release to 5.2

Thanks @mmuhsin I appreciate the quick update. This applies cleanly and looks good. Marking for commit in 5.2

#13 @SergeyBiryukov
7 months ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 44777:

Privacy: Return a more accurate error message when the user cannot perform the requested action.

Props mmuhsin, jplojohn, garrett-eclipse, desrosj.
Fixes #44833.

Note: See TracTickets for help on using tickets.