Opened 6 years ago
Closed 6 years ago
#44833 closed defect (bug) (fixed)
Return a more accurate error message when user cannot perform the requested action
Reported by: | desrosj | Owned by: | desrosj |
---|---|---|---|
Milestone: | 5.2 | Priority: | normal |
Severity: | normal | Version: | 4.9.6 |
Component: | Privacy | Keywords: | has-patch commit |
Focuses: | administration | Cc: |
Description
When a user attempts to export or erase personal data, the export_others_personal_data
and erase_others_personal_data
& delete_users
capabilities (respectively) are checked for the current user.
If these checks fail, Invalid Request.
is returned as an error message. A more accurate error message should be returned that indicates the user does not have the required permission to perform the requested action.
Attachments (3)
Change History (16)
#2
@
6 years ago
I just submitted a patch. Instead of 'Invalid Request.', I changed the message to read 'Sorry, you do not have permission to perform this task.'.
This ticket was mentioned in Slack in #core-privacy by desrosj. View the logs.
6 years ago
This ticket was mentioned in Slack in #core-privacy by webdevlaw. View the logs.
6 years ago
#10
@
6 years ago
- Keywords needs-refresh added; needs-testing removed
Thanks @jplojohn and @mmuhsin for providing patches.
After reviewing the verbiage I would like to suggest the following to match better with existing conventions for these types of messages.
For both permission checks I'd suggest a single consistent string;
Sorry, you are not allowed to perform this action.
If you're able to refresh the patch that's always appreciated.
#11
@
6 years ago
Thanks for the feedback @garrett-eclipse!
I have uploaded a new patch with the string you suggested for both the error messages.
I have added a patch file which provides more useful error descriptions for the user.
This is my first time contributing - I'm fairly sure this is correct in both code and procedure, but I may have misread the handbook!