Contrib.social

When access is denied, display the reason

Open on Drupal.org →
Created on 27 October 2021, about 3 years ago
Updated 19 January 2023, almost 2 years ago

Problem/Motivation

An action may define its own access callback, e.g.: in CancelUserAction, it checks that the current user account has access to delete user entities.

Before executing Actions, the ActionProcessor checks the access callback.

Currently, if access is denied (forbidden) then Views Bulk Operations simply displays Access denied.

When returning an "Access Forbidden" (or Neutral) result, it is possible to specify a reason. This reason may help the user to understand why access was forbidden for them. For example, the core File entity can only be updated or deleted by the file owner.

It would be helpful to expose the reason to the person operating Views Bulk Operations, if the reason exists.

Proposed resolution

Modify the Access denied message to Access denied: @reason if the reason exists and is not empty.

Remaining tasks

  1. Write a patch
  2. Review and feedback
  3. RTBC and feedback
  4. Commit and release

User interface changes

None.

API changes

None.

Data model changes

None.

Feature request
Status

Fixed

Version

4.1

Component

Core

Created by

🇨🇦Canada mparker17 UTC-4

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024