github/directus
1
1
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-04-25 03:00:53 -04:00
Code Issues Packages Projects Releases Wiki Activity

Don't surface forbidden reasoning

Browse Source
This commit is contained in:
rijkvanzanten
2021-03-03 17:33:11 -05:00
parent bac8b9ebab
commit c3dd7023a7
2 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
api/src/exceptions/forbidden.ts
View File

@@ -10,6 +10,13 @@ type Extensions = {
export class ForbiddenException extends BaseException {
constructor(message = `You don't have permission to access this.`, extensions?: Extensions) {
super(message, 403, 'FORBIDDEN', extensions);
super(`You don't have permission to access this.`, 403, 'FORBIDDEN');
/**
* We currently don't show the reason for a forbidden exception in the API output, as that
* has the potential to leak schema information (eg a "No permission" vs "No permission to files"
* would leak that a thing called "files" exists.
* Ref https://github.com/directus/directus/discussions/4368
*/
}
}