fix: surface "Not Permitted" banner on 403 and survive cross-tab sign-out#961
Open
chrischrischris wants to merge 7 commits into
Open
fix: surface "Not Permitted" banner on 403 and survive cross-tab sign-out#961chrischrischris wants to merge 7 commits into
chrischrischris wants to merge 7 commits into
Conversation
…-out Editor previously crashed (permissions.some on undefined) when opening a file the user lacks access to. Now edit.js intercepts the 403 from getDoc, tears down the speculative WS, and shows a non-modal "Not Permitted" auth banner with da-content and the collab actions wrapper marked inert. The shared da-auth-banner gains title/message/buttonLabel/modal options and switches its action to sign-out so users can switch orgs. da-dialog gains a reflected modal property; non-modal mode uses native .show() and adopts a small inner stylesheet (new da-dialog-non-modal.css) into sl-dialog's shadow root so the native <dialog> drops out of UA absolute positioning and the host's fixed/flex centering takes effect. Cross-tab sign-out: attachAuthMonitor now also flips nx-profile's cached _signedIn so the gnav avatar collapses to "Sign in" in tabs that didn't initiate the logout. daFetch's 401 handler treats a missing nx-ims as "already signed out" and falls through to the banner instead of bouncing to /not-found (which was itself bouncing to the IMS sign-in screen). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Gate the sign-in/Not-Permitted modal to Browse and Edit views and leave Home and /apps/ untouched so long-running app tasks survive an org change or cross-tab sign-in while the IMS token is still valid. - Add getAuthView()/isModalView() helpers to classify the current page. - Cross-tab sign-out still collapses the gnav and drops the WS in every tab, but only Browse/Edit get the blocking modal. - Detect in-place token rotation (e.g. an org switch) and re-validate permissions only in Browse/Edit via a non-destructive probe; a 200 is a no-op and a 403 surfaces the Not-Permitted banner. - Skip the cross-tab sign-in reload under /apps/. - Gate the reactive daFetch 401 modal behind isModalView(). Co-authored-by: Cursor <cursoragent@cursor.com>
- Observe in-tab localStorage writes (not just cross-tab storage events) so an org switch on the current page surfaces the Not-Permitted modal there too, without polling. - In Edit, reload when access is restored (200) while the auth banner is showing, so switching back to a permitted org reopens the editor. - Mark da-browse inert under the banner and dim it via :host([inert]), mirroring da-content. Co-authored-by: Cursor <cursoragent@cursor.com>
The Edit re-check already reloaded once access returned while the auth banner was showing; mirror that in Browse so switching back to a permitted org clears the Not-Permitted modal instead of leaving the listing stuck behind it. Co-authored-by: Cursor <cursoragent@cursor.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Editor previously errored (permissions.some on undefined) when opening a file the user lacks access to. Now edit.js intercepts the 403 from getDoc, tears down the speculative WS, and shows a non-modal "Not Permitted" auth banner with da-content and the collab actions wrapper marked inert.
The shared da-auth-banner gains title/message/buttonLabel/modal options and switches its action to sign-out so users can switch orgs. da-dialog gains a reflected modal property; non-modal mode uses native .show() and adopts a small inner stylesheet (new da-dialog-non-modal.css) into sl-dialog's shadow root so the native drops out of UA absolute positioning and the host's fixed/flex centering takes effect.
Cross-tab sign-out: attachAuthMonitor now also flips nx-profile's cached _signedIn so the gnav avatar collapses to "Sign in" in tabs that didn't initiate the logout. daFetch's 401 handler treats a missing nx-ims as "already signed out" and falls through to the banner instead of bouncing to /not-found (which was itself bouncing to the IMS sign-in screen).