Sean, much better! You should throw a UserNotFoundException rather than access denied in the case where the user doesn't exist, and just say the user was not found, or maybe the user doesn't exist, rather than doesn't exist *anymore*, because we don't really know whether they ever existed. Though if you really wanted to make that distinction, you could check the deleted column.
Also in the other case, you've added "they have requested to not recieve emails", but I don't think we shouldn't say 'email' there because we also don't know whether their notification preference is email or internal, you just can't send them a message at all. -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. https://bugs.launchpad.net/bugs/503598 Title: reply to messages from deleted users lead to "access denied" page Status in Mahara ePortfolio: Confirmed Bug description: Username: crimson I received this email from a spam message: You have been sent a notification from Mahara ePortfolio System. Message follows: ------------------------------------------------------------------------ Subject: New message from nancy wilson nancy wilson has sent you a message. To view this message, visit http://mahara.org/user/sendmessage.php?id=6530&replyto=879010 ... The issue is that link doesn't work - it gives me access denied: "Access Denied You do not have access to view this page You cannot send this user a message" Also, navigating to http://mahara.org/account/activity/ then clicking on "New message from nancy wilson" then "More...' (same link as above) gives the same issue. _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp