fix: clearer plugin 404 / access errors at the registry boundary#95
Merged
Conversation
Legacy v5 plugins ship the schema as plugin.json#processingConfigSchema, which the v5→registry migration packs verbatim — so v6's API returned 404 on /plugin-config-schema for every migrated plugin. Fall back to plugin.json when the standalone file is absent, give the 404 a descriptive body, and notify on non-404 fetch errors so the page no longer fails silently. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
A superadmin can pick any plugin in the create-processing wizard, but the registry then 404s the artefact download for owners that aren't on its privateAccess list. lib-express collapses the AxiosRequestError to 500, leaving the user with no actionable feedback. - Skip the registry fetch in both validateFullProcessing and prepareProcessing when the processing has no config: a no-config / inactive processing can now be created even if the owner lacks plugin access, landing in the same broken state the UI already handles for deleted plugins (pluginBroken banner). - Translate registry errors at the boundary in ensurePluginAndReadSchema: 403 -> "Le compte X n'a pas accès au plugin Y.", 404 -> "Le plugin Y est introuvable dans le registre.", everything else -> 502. Pairs with registry 38217ee, which makes the download route return 403 (no access) instead of 404 (filtered) so the owner name surfaces in the processings API message. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Turns opaque 500s from the registry boundary into actionable 403/404 responses, and lets a superadmin still create a processing for an owner who has no plugin access (it lands in the existing broken-plugin state instead of failing the POST).
What changed:
ensurePluginAndReadSchemanow translates registry errors at the boundary (lib-express/error-handlerwas collapsing everyAxiosRequestErrorto 500): 403 →Le compte X n'a pas accès au plugin Y., 404 →Le plugin Y est introuvable dans le registre., anything else → 502.prepareProcessingshort-circuits when the processing has no config — there's nothing to prepare, and skipping the registry fetch lets a no-config / inactive processing be created even when the owner lacks plugin access. Same broken-state UX the UI already handles for deleted plugins via thepluginBrokenbanner.GET /:id/plugin-config-schemanow returns a descriptive 404 body instead of empty when the plugin ships no schema (covers v5 legacy plugins where the schema lives inplugin.json#processingConfigSchema, now read as a fallback).configSchemaFetch.errorsurfaces non-404 fetch errors as a toast (configSchemaFetchError/Échec du chargement du schéma de configuration du plugin).Why: a superadmin can list every registry artefact regardless of
privateAccess, so the create-processing wizard let them pick a plugin and pair it with an owner that had no access — and the POST then 500'd with no actionable message. Pairs with registry38217ee(0.5.1), which makes the/:id/downloadroute return 403 instead of 404 when the caller's account isn't onprivateAccess, so the owner name surfaces in the processings-side message.Regression risks:
prepareProcessingis no longer called on bare create (config absent). Any plugin whoseprepare()had side effects independent of the config would silently stop running until the first config-bearing PATCH. The known plugins all key off the config, but worth a sanity check against your plugin set.internalError(5xx branch), but ops will lean on logs rather than the body when the registry itself is broken.configSchemaFetchErrortoast now fires whenever an admin opens a processing whose owner lacks plugin access. Probably what you want — flagging anyway.