Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions application/single_app/functions_settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -258,6 +258,9 @@ def get_settings(use_cosmos=False):
'max_file_size_mb': 150,
'conversation_history_limit': 10,
'default_system_prompt': '',
# Access denied message shown on the home page when a signed-in user lacks required roles
# Default is hard-coded; admins can override via Admin Settings (persisted in Cosmos DB)
'access_denied_message': 'You are logged in but do not have the required permissions to access this application.\nPlease contact an administrator for access.',
Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The default message here differs from the fallback in index.html template (line 65). The index.html fallback says "Please submit a ticket to request access" while this default says "Please contact an administrator for access." This inconsistency means users will see different messages depending on whether settings exist in Cosmos DB. Either both should match, or the fallback in the template should be removed entirely to always use this default.

Suggested change
'access_denied_message': 'You are logged in but do not have the required permissions to access this application.\nPlease contact an administrator for access.',
'access_denied_message': 'You are logged in but do not have the required permissions to access this application.\nPlease submit a ticket to request access.',

Copilot uses AI. Check for mistakes.
'enable_file_processing_logs': True,
'file_processing_logs_timer_enabled': False,
'file_timer_value': 1,
Expand Down
1 change: 1 addition & 0 deletions application/single_app/route_frontend_admin_settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -862,6 +862,7 @@ def is_valid_url(url):
'max_file_size_mb': max_file_size_mb,
'conversation_history_limit': conversation_history_limit,
'default_system_prompt': form_data.get('default_system_prompt', '').strip(),
'access_denied_message': form_data.get('access_denied_message', '').strip(),

# Video file settings with Azure Video Indexer Settings
'video_indexer_endpoint': form_data.get('video_indexer_endpoint', video_indexer_endpoint).strip(),
Expand Down
5 changes: 5 additions & 0 deletions application/single_app/templates/admin_settings.html
Original file line number Diff line number Diff line change
Expand Up @@ -1427,6 +1427,11 @@ <h5>
<label for="default_system_prompt" class="form-label">Default System Prompt</label>
<textarea class="form-control" id="default_system_prompt" name="default_system_prompt"
rows="5">{{ settings.default_system_prompt }}</textarea>

<div class="mt-3"></div>
<label for="access_denied_message" class="form-label">Access Denied Message</label>
<textarea class="form-control" id="access_denied_message" name="access_denied_message"
rows="3" placeholder="Shown to signed-in users without required roles">{{ settings.access_denied_message }}</textarea>
</div>
</div>
</div>
Expand Down
3 changes: 1 addition & 2 deletions application/single_app/templates/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -62,8 +62,7 @@
{% else %}
{% if session.get('user') %}
<p class="lead">
You are logged in but do not have the required permissions to access this application.
Please submit a ticket to request access.
{{ (app_settings.access_denied_message or 'You are logged in but do not have the required permissions to access this application. Please submit a ticket to request access.') | e | replace('\n','<br>') | safe }}
Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The filter chain here has a potential issue with the order of operations. The current chain is: '| e | replace('\n','
') | safe'. This means HTML entities are escaped first (including any literal '
' in the text), then newlines are replaced with '
', then marked as safe. However, since the replacement happens after escaping, any literal '
' typed by the admin will be double-escaped and display as text rather than rendering as a line break. Consider using the 'nl2br' filter if available, or ensure the replacement happens before escaping.

Suggested change
{{ (app_settings.access_denied_message or 'You are logged in but do not have the required permissions to access this application. Please submit a ticket to request access.') | e | replace('\n','<br>') | safe }}
{{ (app_settings.access_denied_message or 'You are logged in but do not have the required permissions to access this application. Please submit a ticket to request access.') | e | nl2br }}

Copilot uses AI. Check for mistakes.
</p>
{% else %}
<div>
Expand Down
Loading