Details
-
Improvement
-
Resolution: Unresolved
-
Low
-
4.5.0, 4.6.0, 4.7.0
-
None
-
None
Description
When accessing hidden nodes on a frontend siteaccess, a KERNEL_ACCESS_DENIED error is generated (kernel error 1).
However, the correct error should actually be KERNEL_NOT_AVAILABLE (error 3):
The reasoning is that, ( even as a logged in Administrator user ), access to hidden nodes is not controlled by user permissions or limitations,
but by the ShowHiddenNodes ini setting.
So, for example, redirecting the user to a login page will have no practical effect (object will still not be available).
Fixing this will also make it possible to customize the error pages with different HTTP status codes in error.ini (for example with 404 Not Found).
Steps to reproduce:
- Create an article and then hide it.
- As anonymous, try to access the article URL in the frontend.
- An "access denied" page will be displayed.
- Login as Administrator
- Try to access the article once more
- An "access denied" page will still be displayed (without login form).