Show descriptive error message instead of generic 403 for unauthorised page actions

Created on 10 July 2025, 6 days ago

Overview

Currently, when a user with the Content Editor role attempts to perform unauthorized actions (such as creating, editing, duplicating, deleting, or renaming XB Pages)—for which they do not have the required permissions—the system displays a generic 403 error page. Instead, a more descriptive and user-friendly error message should be shown to clearly indicate the lack of permissions for the attempted action.

Steps to Reproduce

Ensure the Content Editor role has the following permissions:
- Assigned:
  - Create new Article
  - Edit any Article (even if admin-created)
- Not assigned:
  - Edit XB Page
  - Create new Page
  - Duplicate Page
  - Delete Page
Log in as a user with the Content Editor role.
Attempt the following actions on XB Pages (for which the user does not have permission):
- Visit XB Article node
- Click on page navigation
Result: A generic 403 error is displayed.

Proposed resolution

User interface changes

🐛 Bug report

Status

Active

Version

0.0

Component

… to be triaged

Created by

mayur-sose

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @mayur-sose
Comment 6 days ago →
🇧🇪Belgium wim leers Ghent 🇧🇪🇪🇺
Interesting find! That seems to have been overlooked in ✨ Create React Permission Utilities Active .

Needs more investigating, because it's currently still pretty confusing. But the steps to reproduce in the issue summary should suffice. Thanks!

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024