fix(project): handle thrown 403 for inaccessible customer in project get#1988
Merged
Merged
Conversation
PR #1956 checked customer.status === 200 to fall back gracefully when the user has access to a project but not the customer it belongs to. That check was never reached: the request interceptor in api_retry.ts overrides the API client's validateStatus with `status < 300`, so a 403 rejects the getCustomer promise instead of returning a response. usePromise then re-threw the error during render and the command failed with a PermissionDenied error. Catch the rejection inside the loader, swallowing only 403 responses and re-throwing everything else, and display "no access" for the customer row. Fixes #1955 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
mittwald-machine
added a commit
that referenced
this pull request
Jul 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Follow-up to #1956, which did not resolve #1955.
mw project getstill failed with aPermissionDeniederror when a user has access to a project but not the customer it belongs to. PR #1956 tried to handle this by checkingcustomer.status === 200and falling back otherwise, but that check is never reached: the request interceptor insrc/lib/apiutil/api_retry.tsoverrides the API client'svalidateStatus: () => truewithstatus < 300(soaxios-retrycan retry access-denied POSTs). As a result a403rejects thegetCustomerpromise rather than returning a response object, andusePromisere-throws it during render — killing the whole command.This change catches the rejection inside the loader, swallowing only
403responses and re-throwing everything else, and rendersno accessfor the customer row when it is inaccessible. The project's own details are always displayed.Fixes #1955
🤖 Generated with Claude Code