[GitHub] [airflow] potiuk commented on issue #12237: 'Access is Denied' errors are for the previous page

[GitBox <gi...@apache.org>]

potiuk commented on issue #12237:
URL: https://github.com/apache/airflow/issues/12237#issuecomment-724597667


   Indeed, that seems like a pretty confusing thing - possibly also something that we can address for 2.0 and I'd be glad to cherry-pick it to 1.10 if (again :) ) this could be an easy fix.
   
   I think this is not the best idea to show details of why there is "access denied" - from a security point of view, showing details of access problem might be a clue for an attacker - but, from earlier discussions - this is not too big of a problem here. The user has already access to the UI so possibly showing at least "which" page the "Access Denied" error is about is not really a big problem. @ryanahamilton @jhtimmins  (since you were working a lot on the permissions recently) -> WDYT? Would that make sense to add some extra information to the "AccessDenied" error to tell at least which resource/page it is about? 
   
   I think improving the "flow" might be quite a bit more difficult and Access Denied might still show up in another page (due to redirections) but at least showing what the "Access Denied" was all about might be a "good-enough" solution.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org