See www.zabbix.com for the official Zabbix site.

Docs/specs/ZBX-6093

From Zabbix.org
Jump to: navigation, search

Inconsistent messages when trying to access a forbidden page

ZBX-6093

Status: 1.2

Owner: Jelisejev (talk)

Summary

When trying to access a page that the user has no permission to, different error messages are displayed in different cases. They should be unified.

Specification

If the user has no permission to access some page, the "no permission" error must be rendered as a red block on an empty background. The frontend header and footer must be hidden.

If the user has no permission to some object, the message must be rendered as a red line together with the header and footer.

Details

  • If the user is not logged in and guest access is disabled
    • the header of the message must be You are not logged in.
    • a single "Login" button must be displayed and lead to the login page
    • the error text must read

You must login to view this page.
If you think this message is wrong, please consult your administrators about getting the necessary permissions.

  • If the user is logged in when he sees the message
    • if the user is logged in as guest, the "Login" button must be displayed and lead to the login page
    • the "Go to dashboard" button must be displayed and lead to the dashboard
    • the header of the message must be Access denied.
    • the error text must read

Your are logged in as %username%. You have no permissions to access this page.
If you think this message is wrong, please consult your administrators about getting the necessary permissions.

  • When trying to access a forbidden object the error text must read:
ERROR: No permissions to referred object or it does not exist!

Translation changes

Strings added

3 new strings will be added:

  • Access denied.
  • Your are logged in as %1$s. You have no permissions to access this page.
  • Go to dashboard.

Test cases

  • The error is correctly rendered for logged in users
  • The error is correctly rendered for not logged in users when guest access is disabled
  • The error is correctly rendered on the setup.php page
  • The error is correctly rendered when trying to access a forbidden host

ChangeLog

  • v1.1
    • added more details on how buttons should be displayed in each case
  • v1.2
    • the "Switch user" button must not be displayed
    • the "Login" button must be displayed only for guests
    • the name of the user in the message must be highlighted in bold