Skip to content

Backport: Fix redirect loop when authenticated user is lacking permissions #1386

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nscuro merged 1 commit into from
Nov 16, 2025
Merged

Backport: Fix redirect loop when authenticated user is lacking permissions #1386

nscuro merged 1 commit into from
Nov 16, 2025

Conversation

@nscuro
Copy link
Member

@nscuro nscuro commented Nov 16, 2025

After successful login, users are redirected to the dashboard. The dashboard requires the VIEW_PORTFOLIO permission, and redirects back to the login page if that permission is not present. This could lead to redirect loops for users who lack the permission.

Display a popup instead that informs the user about the lack of permissions to proceed.

Description

Fixes redirect loop when authenticated user is lacking permissions.

Addressed Issue

Relates to DependencyTrack/dependency-track#5098
Backports #1380

Additional Details

N/A

Checklist

@nscuro @sahibamittal
Fix redirect loop when authenticated user is lacking permissions
cba1478 
After successful login, users are redirected to the dashboard. The dashboard requires the `VIEW_PORTFOLIO` permission, and redirects back to the login page if that permission is not present. This could lead to redirect loops for users who lack the permission.

Display a popup instead that informs the user about the lack of permissions to proceed.

Relates to DependencyTrack/dependency-track#5098
Backports DependencyTrack/hyades-frontend#308

Co-authored-by: Sahiba Mittal <sahiba.mittal@citi.com>
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro nscuro added this to the 4.13.6 milestone Nov 16, 2025
@nscuro nscuro added the defect Something isn't working label Nov 16, 2025
@owasp-dt-bot
Copy link

owasp-dt-bot commented Nov 16, 2025

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@nscuro nscuro merged commit 8402ce6 into DependencyTrack:4.13.x Nov 16, 2025
4 checks passed
@nscuro nscuro deleted the backport-pr-1380 branch November 16, 2025 17:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

defect Something isn't working

Projects

None yet

Milestone

4.13.6

Development

Successfully merging this pull request may close these issues.

2 participants

@nscuro @owasp-dt-bot