Incorrect Error for Add an Update to Unpublished Project #39
Comments
|
The issue is that we are using the same error message for all non valid update attempts. This should be able to be changed with the new Django 1.4 custom error handlers. We should have different errors for "not connected" & not published |
ghost
assigned 
At the moment the project.connected_to_user also handles the published verification status. We should probably just throw 404s for all unpublished project pages and remove the check in connected_to user(). . #39
|
We should consider to throw 404s on all non published project pages. It's feels very odd that non published projects still can be seen if you know the url. |
|
Confirmed by the Partner Team: They often send field partners the link for them to preview and advise on changes that need to be made to projects. So conclusion: We should look at only allowing the URLs for unpublished projects to be viewable by logged in linked users - but once we know exactly how this works, we need to feedback to Partner Team along with release date for their process changes to be implemented. |
|
Addition from Thomas: Error should probably be 550 instead. Permission denied. |
|
I guess he was thinking about a 403, but get the point. Django 1.4s custom error handlers enables us to provide more fine grained http errors. We should honour the http codes as much as possible, it will make it easier to in the future hook up caches or http accelerators. |
- Removed the published status check out from project.connected_to_user() - Added a draft notice at the top for a users own unpublished projects . #39
|
Should this issue go into the 2.1.1 release if there is need for an extended period to inform partners of the new "draft" functionallity? |
|
I think there is enough time to inform now, even if we push to test next week, we have time to sort out procedures. Do we know now how it will work? |
|
Works like this: I still need to make a custom error message for the issue that started this change - better message in add update. Got a bit side tracked by the "draft" feature :-) |
|
Received a 403 error on http://test.akvo.org/rsr/project/588/ when not logged in - should be a 404 according to the above. Awaiting testing for the signed in user, problem with the API key requirement from Tasypie authentication changes. |
|
Unpublished & not connected or not signed in I get a 404 at http://test.akvo.org/rsr/project/588/. Are you sure you're not signed in (signing in to the admin will sign you in to the main site - so it's easy to get confused when changing publishing states in the admin)? I did get a 403 when signed in and not connected to the project. Maybe both cases should be a 403 to be strict about http codes. Not really sure to be honest. |
|
Yup - you're right - I did sign out of the admin for this, but it turns out I signed out of the live admin and not the test one.... |
|
This developed feature is in multiple parts. A change has been made to make unpublished projects in RSR only visible to those who are logged in to RSR AND are connected to the project. This moves the functionality in line with what most people expect - unpublished means that it is not public. If you are not logged into RSR at all, then when you view an unpublished project such as project 599 then you are presented with a 404 Error - page does not exist. If you are logged into RSR, but are not connected to the project then you are presented with a 403 Error - forbidden access. If you are logged in and connected to an unpublished project, then you are able to access the page, but this displays clearly that the project is not live. |
|
Addition: If you try to add an update to an unpublished project that you are connected to, you receive the 403 Error - forbidden access. This is correct functionality - further customisation of error messages is not simple, and not needed now. |
If you try to add an update to a project which is not published, you are told that you can only add updates to projects which you are linked to:
https://www.dropbox.com/s/9w2eaqw1neubbfk/Screen%20Shot%202012-06-25%20at%2016.02.36%20PM.png
This should be changed to something more accurate: "You can post updates to this project as it is not published yet" or something more generic: "This project is currently not accepting updates - please contact your Organisation Administrator for details".
The text was updated successfully, but these errors were encountered: