Page MenuHomePhabricator

Grant permission errors where the user has the right but the app does not have the grant are unclear
Open, Needs TriagePublic

Description

When a user tries to perform some action via OAuth or bot passwords and has the required right, but the OAuth consumer / bot does not have the corresponding grant, they get the standard "You do not have the permissions needed to carry out this action" message. This is confusing, especially when the error is about some non-obvious right.

Not easy to fix since the whole permission system is based in getting the list of rights the user has, and rights without a grant get filtered out early on. The permission manager could probably store a list of such "deactivated" rights, though.

Vaguely related to T180888: All permission checks should be able to return a custom error message.

Event Timeline

Tgr created this task.Jul 14 2019, 2:19 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 14 2019, 2:19 PM