Vote #74209
未完了Improve returned HTTP status code for requests for account/show
0%
説明
I noticed this behavior while reviewing #6688.
User Miriam Blumenstein (id: 43592) is watching the issue. Clicking through to account/show leads to a 404 - The page you were trying to access doesn't exist or has been removed., which lets me think the user has been deleted. Nonetheless is the user still (rendered as) a watcher of the issue and still proposed as a watcher of objects (in 'search for watchers' dialog).
I tried to reproduce this on m.redmine.org but was not successful.
journals
Actually this user is absolutely not deleted. It's just that non-admin users are not allowed to view all users:
source:/tags/2.3.2/app/controllers/users_controller.rb#L68
Maybe a 403 would be more appropriate.
--------------------------------------------------------------------------------
Jean-Philippe Lang wrote:
> Actually this user is absolutely not deleted. It's just that non-admin users are not allowed to view all users:
> source:/tags/2.3.2/app/controllers/users_controller.rb#L68
>
> Maybe a 403 would be more appropriate.
I suggest that when the user is active, should return a 403 response instead.
If the user is not active, still return 404
--------------------------------------------------------------------------------
Jean-Philippe Lang wrote:
> Actually this user is absolutely not deleted. It's just that non-admin users are not allowed to view all users:
> source:/tags/2.3.2/app/controllers/users_controller.rb#L68
Thanks for this info! I wasn't aware of these conditions at all and I obviously failed to check the corresponding controller action before posting :-/
OT: this new (to me) info sheds a new light on #11724...
William Li wrote:
> Jean-Philippe Lang wrote:
> > [...]
> >
> > Maybe a 403 would be more appropriate.
>
> I suggest that when the user is active, should return a 403 response instead.
> If the user is not active, still return 404
I tend to agree with William on this but I am not sure whether or not a 404 is the best option when a user is locked (in contrast to a user who is registered but no activated).
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
related_issues
relates,Closed,18128,Make User profile 404 rendering more consistent (and speed up Users#show API)