Allow distinction between no user and no permission in collection access control #6909
Arctomachine
started this conversation in
Feature Requests & Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Currently access field accepts either true (200) or false (403). There is no distinction between random visitor trying to access protected content and verified user trying to access something outside of allowed scope.
No user should be 401.
No permission should be 403.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Status#client_error_responses
Beta Was this translation helpful? Give feedback.
All reactions