How do I configure the 401 error hit when a browser attempts to go to a document URL for which it does not have permission to view?

0
Hi there In our application, we generate downloadable PDFs after a user makes a purchase. Their PDF will contain sensitive information, as such we’ve applied security rules to our generalised fileDocument entity, so that only the currentUser can download that document, meaning that once the session ends, the document can’t be accessed by an anonymous user anymore.  The drawback of this is that, if a user goes to that document’s URL (which is how we provide it to them, our download action defaults to opening in a new tab) for which they don’t have permission, they see a bare bones 401 error. Is it possible to direct users to a custom 404 error page, in the event they try and directly access files in our database that they don’t have permission to see? Right now, all I can think is using a deeplink to handle the request before showing/not showing the document. But the problem with that solution is that the initial time a user gets their doc url, that wouldnt be a deeplink. Cheers
asked
1 answers
1

Create a separate requesthandler for this purpose. Then in the first occasion supply the user with the url that will provide the file and when the file is no longer accessible you can gracefully provide feedback with a redirect to a custom error page.

For some more information on requesthandlers read https://www.mendix.com/blog/requesthandlers-at-your-service/

Also have a look at some of the modules in the appstore like deeplink and open authentication e.g.

answered