You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What feature do you want to improve?
We currently filter the report forms we display as available actions in the actionbar to the ones that the user is authorized to see (via the context.permissions property in the forms document).
With #6401, we also filter the create contact forms in a similar manner.
However, if a user accesses the form (be it contact or report form) by typing a valid URL that opens said form, we have no mechanism in place to authorize this action.
Describe the improvement you'd like
We could display an error screen, similar to the ones where the form fails to load, informing the user they're not authorized to complete the action.
Describe alternatives you've considered
Alternatively we could redirect the user to a "valid" page directly, and show a popup.
Additional context
We could, potentially, also apply this to edits (both of contacts AND reports).
The text was updated successfully, but these errors were encountered:
We could, potentially, also apply this to edits (both of contacts AND reports).
I think it should also apply to edits. Additionally, we should display an error if the user doesn't have the can_edit permission as in this issue: #6215
What feature do you want to improve?
We currently filter the report forms we display as available actions in the actionbar to the ones that the user is authorized to see (via the
context.permissions
property in the forms document).With #6401, we also filter the create contact forms in a similar manner.
However, if a user accesses the form (be it contact or report form) by typing a valid URL that opens said form, we have no mechanism in place to authorize this action.
Describe the improvement you'd like
We could display an error screen, similar to the ones where the form fails to load, informing the user they're not authorized to complete the action.
Describe alternatives you've considered
Alternatively we could redirect the user to a "valid" page directly, and show a popup.
Additional context
We could, potentially, also apply this to edits (both of contacts AND reports).
The text was updated successfully, but these errors were encountered: