[CONFSERVER-9239] "Page not found" (404) is displayed to users without view permissions, should be "Access denied"

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 2.10.3
Affects Version/s: 2.5.5, 2.5.6
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

When a user doesn't have view permission to view a space, he/she receives 404 page when accessing URLs from this space.

This is a bad UI design. Instead an "Access denied" error should be displayed to communicate clearly what the user needs to do to resolve the problem (request for space permissions).

When a user tries access a page with page level restrictions, and this user is not authorized to view the page, an "Access Denied" error is displayed. This is exactly this same behavior that should be used when user doesn't have space level permissions.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

Picture 5.png
24/Mar/2009 12:29 AM
21 kB
CharlesA

is duplicated by

CONFSERVER-7073 Link to restricted pages that don't reveal page space/title - make tinyURLs give 'Page Not Found' if user lacks View permission

Closed

is related to

CONFSERVER-14985 Handling of non-viewable spaces is inconsistent and leaks information

Closed

CONFSERVER-21022 Provide option to return unauthorized message rather than 404 when user does not have permissions for page

Closed

relates to

CONFSERVER-6328 Hide page links when the user lacks permission to view the page

Closed

Assignee:: CharlesA

Reporter:: Igor Minar

Affected customers:: 3 This affects my team

Watchers:: 2 Start watching this issue

Created:: 21/Aug/2007 11:21 PM

Updated:: 11/Oct/2018 9:01 AM

Resolved:: 30/Mar/2009 2:16 AM

Confluence Data Center

Details

Description

Attachments

Attachments

Issue Links

Forms

Activity

People

Dates