zhoujinsong commented on code in PR #4118:
URL: https://github.com/apache/amoro/pull/4118#discussion_r2993237035
##########
amoro-web/src/utils/request.ts:
##########
@@ -159,18 +159,24 @@ const request: any = function (options:
CustomAxiosRequestConfig) {
}
// not login
if (code === 403) {
- const store = useStore()
- store.updateUserInfo({
- userName: '',
- })
- const currentPath = router.currentRoute.value.path
- if (requestConfig.handleError && currentPath !== '/login' &&
!loginTipShown) {
- message.error(msg || 'need login')
- loginTipShown = true
+ const needLogin = (msg || '').toLowerCase().includes('login')
+ if (needLogin) {
+ const store = useStore()
+ store.updateUserInfo({
Review Comment:
**[Minor] 403 "no permission" errors are silently swallowed**
When a 403 response does _not_ contain the word `"login"` in the message,
the code rejects the promise but the caller's `handleError` branch is never
invoked (because the early return skips the error-display logic). This means
write operations forbidden by RBAC will silently fail from the user's
perspective.
Suggest surfacing the `No permission` message to the user via
`message.error(...)` before rejecting.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
