VARASYS/ZDDC
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ZDDC/zddc/internal/handler/errors.go
ZDDC b4a33aa9b3 feat(http): include missing_verb in ACL-deny 403 bodies 
ACL-deny sites now write a JSON body naming the missing verb so the
client-side toast can render "you need <verb> here" and offer
elevation (the path-scoped /.profile/access?path= reports whether
elevation would unlock the verb).

Body shape:
  {"error": "Forbidden", "missing_verb": "w"}

New helper writeForbidden(w, action) in errors.go, applied at the
four primary ACL-deny gates:
  - directory.go (list, action=read)
  - fileapi.go (file CRUD; action varies per request)
  - tablehandler.go (table read)
  - archivehandler.go (existence-leak guard, treated as read)

Other 403 sites (no authenticated principal, planreview detail
errors) keep their plain-text bodies — "missing_verb" doesn't apply
there. Existing clients that read the body as text see the JSON
string instead of "Forbidden\n"; no client in this repo parses the
body for content, so it's a non-breaking change in practice.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-21 08:14:49 -05:00

54 lines
1.8 KiB
Go
Raw Blame History

package handler
import (
"encoding/json"
"net/http"
"codeberg.org/VARASYS/ZDDC/zddc/internal/policy"
)
// writeForbidden emits a 403 JSON response naming the missing verb. Used
// at every ACL-deny site so the client-side toast can render a specific
// "you need <verb> here" message and offer elevation when the path-scoped
// /.profile/access?path= reports a would_elevate_grant covering that verb.
//
// Body shape:
//
// {"error": "Forbidden", "missing_verb": "w"}
//
// Existing clients that read the body as text see the JSON string instead
// of "Forbidden\n" — both are diagnostic-only display strings, no client
// in this repo parses the previous plain-text body for content. Used in
// place of `http.Error(w, "Forbidden", http.StatusForbidden)` exclusively
// for ACL-deny cases. Other 403 conditions (no authenticated principal,
// existence-leak guards, etc.) keep the plain-text variant since
// "missing_verb" doesn't apply to them.
func writeForbidden(w http.ResponseWriter, action string) {
verb := verbForAction(action)
body, _ := json.Marshal(map[string]string{
"error": "Forbidden",
"missing_verb": verb,
})
w.Header().Set("Content-Type", "application/json; charset=utf-8")
w.WriteHeader(http.StatusForbidden)
_, _ = w.Write(body)
}
// verbForAction maps a policy.Action constant to its single-character
// verb. Mirrors policy.actionVerb but emits the wire-format letter
// rather than the bitmask, so the JSON body carries "r"/"w"/"c"/"d"/"a"
// — the same alphabet the listing's `verbs` field uses.
func verbForAction(action string) string {
switch action {
case policy.ActionWrite:
return "w"
case policy.ActionCreate:
return "c"
case policy.ActionDelete:
return "d"
case policy.ActionAdmin:
return "a"
default:
return "r"
}
}
Reference in a new issue View git blame Copy permalink