Handling a Violated Authorization Policy

Last edit:  Jan 03, 2019

Contributors:  lemingos diana-lakatos

This guide will help you handle a violated Authorization Policy.

When an Authorization Policy is violated, the server by default will return an empty page with the 403 Forbidden status code. You can redirect the user to a different page or display an alert message.

Requirements

So that you can follow the steps in this tutorial, you should understand the concept of Authorization Policy. This guide refers to an Authorization Policy created in a previous tutorial (only_allowed_by_johns).

Steps

Handling a violated Authorization Policy is a two-step process:

Step 1: Redirect user to a page

To redirect user to a page after violation set the redirect_to key. For example, to redirect to page /login:


---
name: only_allowed_by_johns
redirect_to: /login
---
...

Step 2: Display alert message

To generate flash alert message on the page that you defined as redirect_to, use the flash_alert property:

---
name: only_allowed_by_johns
redirect_to: /login
flash_alert: Please login to access this page.
---
...

As with normal flash messages, you can access it in Liquid using the {} variable.

Questions?

We are always happy to help with any questions you may have. Check out our Help page, or contact us.