Item1664: oops not generated on non existent topic
Priority: Low
Current State: Closed
Released In: 2.0.0
Target Release: major
However, when a topic is nonexistent, non-authorised user will not see an oops message, but will see a
Topic 'NameOfTopic' does not exist including WebLinks. Is this expected?
When viewing an existent topic in a restricted web, non-authorised users will see an oops message - as expected.
Confirming this. We "leak" that topic exist by denying existing topics in a view restricted web, but reveal that missing topics are missing. We should return an oops for any topic, missing or present, when the view restriction on the web would deny access and the topic is not overriding view permission.
--
GeorgeClark - 29 Dec 2014