You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Visiting a cloudscribe administrative page when unauthenticated returns a 302 and redirects to the login page e.g. /account/login?ReturnUrl=%2Fsiteadmin
Visiting a cloudscribe administrative page when authenticated but without correct permissions returns a 302 and redirects to the Access Denied page e.g. /account/accessdenied?ReturnUrl=%2Fsiteadmin
If we take the behaviour for the administrative pages as desirable, then we should make SimpleContent CMS pages/posts behave the same way. If the visited URL exists, and user is unauthenticated, we should 302 to login page with returnurl. If user is authenticated with insufficient privileges, we should 302 to the Access Denied page.
The text was updated successfully, but these errors were encountered:
Visiting a SimpleContent page that you don't have permissions for returns a 404 "Page not found". This seems undesirable - it should be 401 or 403 or a 302 redirect to login page (see debates on e.g. https://stackoverflow.com/questions/3297048/403-forbidden-vs-401-unauthorized-http-responses ).
Visiting a cloudscribe administrative page when unauthenticated returns a 302 and redirects to the login page e.g. /account/login?ReturnUrl=%2Fsiteadmin
Visiting a cloudscribe administrative page when authenticated but without correct permissions returns a 302 and redirects to the Access Denied page e.g. /account/accessdenied?ReturnUrl=%2Fsiteadmin
If we take the behaviour for the administrative pages as desirable, then we should make SimpleContent CMS pages/posts behave the same way. If the visited URL exists, and user is unauthenticated, we should 302 to login page with returnurl. If user is authenticated with insufficient privileges, we should 302 to the Access Denied page.
The text was updated successfully, but these errors were encountered: