I can't decide which route to take when there's a problem.
Let me set the scene, User_A creates a recipe, all other users can read it but they cannot modify it.
In the edit recipe page, which is accessed via:
If the user changes the id parameter to a recipe ID that they do not own then they are going to be denied access, here are the two options I can't decide between:
a) Send them to the search page, to search for a recipe - even though it exists.
b) Send them to a permissions denied page.
Things to think about:
The only way they will come to have access denied is if they tweak the URL themselves as there will be no links generated - only people who own the recipe will have modification links shown when looking at a recipe.
My target audience is not the kind to know how to tweak URLs. If the URL is tweaked and the recipe ID doesn't exist in the database they are taken to the search page to look for a recipe.
A is less coding but helpful is good.
What do you think I should do, and why?