Skip to content

Fix #5435: show permission denied message when 403 on collection mapper#5483

Merged
tdonohue merged 1 commit intoDSpace:mainfrom
guillermo-escire:feature/5435
Apr 15, 2026
Merged

Fix #5435: show permission denied message when 403 on collection mapper#5483
tdonohue merged 1 commit intoDSpace:mainfrom
guillermo-escire:feature/5435

Conversation

@guillermo-escire
Copy link
Copy Markdown
Contributor

@guillermo-escire guillermo-escire commented Apr 14, 2026

References

Fixes #5435

Description

When a user without permission attempts to change a mapped collection, the UI now shows a clear "Permission denied" message instead of a generic error when the backend returns a 403 Forbidden response.

Instructions for Reviewers

List of changes in this PR:

  • Added 403 status code check in showNotifications method in item-collection-mapper.component.ts to differentiate permission errors from other errors
  • Added i18n keys for permission denied messages in en.json5 for both map and remove operations
  • Added new specs to cover the 403 case in both mapCollections and removeMappings

How to test:

  1. Log in as a user without permission to change a mapped collection
  2. Navigate to an item → Administer → Collection Mapper
  3. Attempt to map or remove a collection
  4. Verify the error message now says "Permission denied" instead
    of a generic error message

Checklist

This checklist provides a reminder of what we are going to look for when reviewing your PR. You do not need to complete this checklist prior creating your PR (draft PRs are always welcome).
However, reviewers may request that you complete any actions in this list if you have not done so. If you are unsure about an item in the checklist, don't hesitate to ask. We're here to help!

  • My PR is created against the main branch of code (unless it is a backport or is fixing an issue specific to an older branch).
  • My PR is small in size (e.g. less than 1,000 lines of code, not including comments & specs/tests), or I have provided reasons as to why that's not possible.
  • My PR passes ESLint validation using npm run lint
  • My PR doesn't introduce circular dependencies (verified via npm run check-circ-deps)
  • My PR includes TypeDoc comments for all new (or modified) public methods and classes. It also includes TypeDoc for large or complex private methods.
  • My PR passes all specs/tests and includes new/updated specs or tests based on the Code Testing Guide.
  • My PR aligns with Accessibility guidelines if it makes changes to the user interface.
  • My PR uses i18n (internationalization) keys instead of hardcoded English text, to allow for translations.
  • My PR includes details on how to test it. I've provided clear instructions to reviewers on how to successfully test this fix or feature.
  • If my PR includes new libraries/dependencies (in package.json), I've made sure their licenses align with the DSpace BSD License based on the Licensing of Contributions documentation.
  • If my PR includes new features or configurations, I've provided basic technical documentation in the PR itself.
  • If my PR fixes an issue ticket, I've linked them together.

@lgeggleston lgeggleston added bug authorization related to authorization, permissions or groups 1 APPROVAL pull request only requires a single approval to merge component: Item (Archived) Item display or editing ux User Experience related works testathon Reported by a tester during Community Testathon labels Apr 15, 2026
@lgeggleston lgeggleston moved this to 🙋 Needs Reviewers Assigned in DSpace 10.0 Release Apr 15, 2026
@tdonohue tdonohue added this to the 10.0 milestone Apr 15, 2026
tdonohue
tdonohue approved these changes Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@tdonohue tdonohue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Thanks @guillermo-escire ! I tested and reviewed this today. The bug is fixed and the code looks good.

I also realized this same issue appears to exist in 9.x. So, I'm flagging this for automatic backport to 9.x to fix the issue there as well.

@github-project-automation github-project-automation bot moved this from 🙋 Needs Reviewers Assigned to 👍 Reviewer Approved in DSpace 10.0 Release Apr 15, 2026
@tdonohue tdonohue added the port to dspace-9_x This PR needs to be ported to `dspace-9_x` branch for next bug-fix release label Apr 15, 2026
@tdonohue tdonohue merged commit 2f94d77 into DSpace:main Apr 15, 2026
16 checks passed
@github-project-automation github-project-automation bot moved this from 👍 Reviewer Approved to ✅ Done in DSpace 10.0 Release Apr 15, 2026
@dspace-bot dspace-bot mentioned this pull request Apr 15, 2026
Merged
@dspace-bot
Copy link
Copy Markdown
Contributor

dspace-bot commented Apr 15, 2026

Successfully created backport PR for dspace-9_x:

@tdonohue tdonohue removed the port to dspace-9_x This PR needs to be ported to `dspace-9_x` branch for next bug-fix release label Apr 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tdonohue tdonohue tdonohue approved these changes

Assignees

@guillermo-escire guillermo-escire

Labels

1 APPROVAL pull request only requires a single approval to merge authorization related to authorization, permissions or groups bug component: Item (Archived) Item display or editing testathon Reported by a tester during Community Testathon ux User Experience related works

Projects

DSpace 10.0 Release
Status: ✅ Done

Milestone

10.0

Development

Successfully merging this pull request may close these issues.

Non-user-friendly error message when user without permission attempts to change mapped collection

4 participants

@guillermo-escire @dspace-bot @tdonohue @lgeggleston