I can't decide which route to take when there's a problem.

Let me set the scene, User_A creates a recipe, all other users can read it but they cannot modify it.

In the edit recipe page, which is accessed via:

edit_recipe.php?id={id}

If the user changes the id parameter to a recipe ID that they do not own then they are going to be denied access, here are the two options I can't decide between:

a) Send them to the search page, to search for a recipe - even though it exists.
b) Send them to a permissions denied page.


Things to think about:

The only way they will come to have access denied is if they tweak the URL themselves as there will be no links generated - only people who own the recipe will have modification links shown when looking at a recipe.
My target audience is not the kind to know how to tweak URLs. If the URL is tweaked and the recipe ID doesn't exist in the database they are taken to the search page to look for a recipe.
A is less coding but helpful is good.

What do you think I should do, and why?

Thanks.

i think your best bet is to redirect them to the 'access denied page', coz taking them to the search page leaves the user clueless that why this page came up suddenly... And since u r not displaying them any access denied message/error, they might take it as a bug in your application, which you dont want.. So i think its better if u redirect them to access denied page (and then you can put search options on access denied page, to help the user !)

Had a think myself and I'm going with the helpful way and bringing the rest of the functionality inline to match.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.