Github user mike-jumper commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/179#discussion_r134768825
--- Diff:
guacamole/src/main/webapp/app/settings/directives/guacSettingsPreferences.js ---
@@ -192,6 +192,9 @@
angular.module('settings').directive('guacSettingsPreferences', [function guacSe
$scope.canChangePassword =
PermissionSet.hasUserPermission(permissions,
PermissionSet.ObjectPermissionType.UPDATE,
username);
+ })
+ .error(function permissionsFailed(error) {
+ $scope.canChangePassword = false;
--- End diff --
The more I think on this, the more I think that 404 response is indeed the
correct response, and that what you have here is the most correct approach. My
original thoughts were to modify the REST API to ensure that the authenticated
user can always be queried, but if an extension does not expose data at all,
even data related to the authenticated user, 404 is really exactly what should
be seen. It's the client-side which needs to be modified to properly understand
and deal with that response. So ... looks good.
My only concern with these changes as they stand is that absolutely all
errors from the REST API here will be interpreted as successful indications
that the user lacks permission.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
