Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API requests for an non-existent resources should return 404 #5939

Closed
amrita-shrestha opened this issue Mar 27, 2023 · 2 comments
Closed

API requests for an non-existent resources should return 404 #5939

amrita-shrestha opened this issue Mar 27, 2023 · 2 comments
Labels
Type:Bug

Comments

@amrita-shrestha
Copy link
Contributor

Describe the bug

If a resource doesn't exist then the API request should return a 404
we don't want to expose the existence of resources if a user has no access to them, so we return a 404 Not Found instead of a 403 Forbidden.

Steps

  1. Scenario Outline: user other than the admin tries to add user to a nonexistent group

Expected behavior

Http status code should be 404

Actual behavior

Http status code 401 or 4xx
@amrita-shrestha
Copy link
Contributor Author

discussed in #5742 (comment)

@ScharfViktor ScharfViktor mentioned this issue Mar 30, 2023
Merged
@saw-jan
Copy link
Member

saw-jan commented Jul 18, 2024

Non-admin user trying to add user to non-existent group returns 403 Forbidden 👍
Admin user trying to add user to non-existent group returns 404 Not found 👍

@saw-jan saw-jan closed this as completed Jul 18, 2024
@saw-jan saw-jan mentioned this issue Jul 18, 2024
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type:Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@saw-jan @amrita-shrestha