Handling a Violated Authorization Policy
This guide will help you handle a violated Authorization Policy.
When an Authorization Policy is violated, the server by default will return the head
403 Forbidden status code. Alternatively, you can customize the 403 error page, render a
404 Not Found page or redirect the user to a different page. On top of that, you can specify a flash alert message to display.
So that you can follow the steps in this tutorial, you should understand the concept of Authorization Policy. This guide refers to an Authorization Policy created in a previous tutorial (
Handling a violated Authorization Policy is a two-step process:
Step 1: Define redirect or 403 / 404 page display
Define whether you want to redirect the user to another page or display one of the 403 or 404 pages. To redirect the user to a page after violation set the
redirect_to key. For example, to redirect to page
--- name: only_allowed_by_johns redirect_to: /login --- ...
If instead, you would like to render a customized 404 page , set
--- name: only_allowed_by_johns http_status: 404 redirect_to: '' --- ...
The default behavior is equivalent to setting
Step 2: Display alert message
To generate a flash alert message, use the
--- name: only_allowed_by_johns redirect_to: /login flash_alert: Please log in to access this page. --- ...
As with all flash messages, you can access it in Liquid using the