Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device. Atlassian cookies and tracking notice, (opens new window)
The UI should avoid making this call if it knows (due to the absence of the necessary permission) that the request will fail. (One reason is that it saves the user from seeing a frightening popup) – instead, the message in the right pane ("Sorry - your user permissions do not allow access to this page.") should be the only indication that something is wrong.
Oh, no need – I can just do the permission checking, and issue the message for the right pane, in the top-level component.
Mike Taylor April 26, 2017 at 2:34 PM
First try: protecting the <Route> component inside <IfPermission>. That works, but of course it prevents the route being interpreted at all, so that the right pane doesn't display the "you don't have permission" message.
Instead, I think I am going to need to introduce a wrapper component whose only job is to check the permission, then render either the no-perms message of the real <ViewUser>.
Mike Taylor April 26, 2017 at 9:25 AM
This is how we handle other permission-failure avoidances in the Users module:
The permission
users.item.getis required in order to fetch details of an individual user, as is required at URLs such as http://localhost:3000/users/view/31CD3EF0-F17F-4B31-9FEE-B4FBC44B61EE/verner?filters=active.Active%2Cactive.Inactive&sort=Active which causes Stripes to GET http://localhost:9130/users/31CD3EF0-F17F-4B31-9FEE-B4FBC44B61EEThe UI should avoid making this call if it knows (due to the absence of the necessary permission) that the request will fail. (One reason is that it saves the user from seeing a frightening popup) – instead, the message in the right pane ("Sorry - your user permissions do not allow access to this page.") should be the only indication that something is wrong.