From 65662a4f9b7caccb8c2bc0dbb22af477f8b1e42f Mon Sep 17 00:00:00 2001 From: Stanislaw Grams Date: Fri, 13 Feb 2026 08:52:38 +0100 Subject: [PATCH] [fix](trx-frontend-http): return 403 for insufficient permissions, not 401 Fix auth middleware to return correct HTTP status codes: - 401 Unauthorized: No session (not authenticated) - 403 Forbidden: Has session but insufficient role Previously, all auth errors returned 401, which caused the frontend to redirect rx users to login when they tried control endpoints. Now rx users scrolling jog wheel/frequency will get a "Insufficient permissions" hint instead of being redirected to login. Co-Authored-By: Claude Opus 4.6 Signed-off-by: Stanislaw Grams --- .../trx-frontend/trx-frontend-http/src/auth.rs | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/src/trx-client/trx-frontend/trx-frontend-http/src/auth.rs b/src/trx-client/trx-frontend/trx-frontend-http/src/auth.rs index 0666a59..f6979a5 100644 --- a/src/trx-client/trx-frontend/trx-frontend-http/src/auth.rs +++ b/src/trx-client/trx-frontend/trx-frontend-http/src/auth.rs @@ -529,11 +529,19 @@ where } if !access.allows(role) { - // Access denied - return 401/403 + // Access denied return Box::pin(async move { - Err(actix_web::error::ErrorUnauthorized( - "Unauthorized".to_string(), - )) + if role.is_some() { + // Has session but insufficient permissions - 403 Forbidden + Err(actix_web::error::ErrorForbidden( + "Insufficient permissions".to_string(), + )) + } else { + // No session - 401 Unauthorized + Err(actix_web::error::ErrorUnauthorized( + "Authentication required".to_string(), + )) + } }); } }