Skip to content

Admin‑Configurable Access Denied Message #557

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
vivche wants to merge 4 commits into
base: Development
Choose a base branch
from
Open

Admin‑Configurable Access Denied Message #557

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ab74e73
Feature: Customizable access denied message via Admin Settings; persi…
Dec 30, 2025
a7b07f0
Feature: Customizable access denied message via Admin Settings; persi…
Dec 30, 2025
091af73
Updated default access denied message.
Jan 6, 2026
20b13b3
Merge branch 'Development' into build-from-scratch
paullizer Jan 30, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions application/single_app/functions_settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -258,6 +258,9 @@ def get_settings(use_cosmos=False):
'max_file_size_mb': 150,
'conversation_history_limit': 10,
'default_system_prompt': '',
# Access denied message shown on the home page when a signed-in user lacks required roles
# Default is hard-coded; admins can override via Admin Settings (persisted in Cosmos DB)
'access_denied_message': 'You are logged in but do not have the required permissions to access this application.\nPlease contact an administrator for access.',
Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The default message here differs from the fallback in index.html template (line 65). The index.html fallback says "Please submit a ticket to request access" while this default says "Please contact an administrator for access." This inconsistency means users will see different messages depending on whether settings exist in Cosmos DB. Either both should match, or the fallback in the template should be removed entirely to always use this default.

Suggested change
'access_denied_message': 'You are logged in but do not have the required permissions to access this application.\nPlease contact an administrator for access.',
'access_denied_message': 'You are logged in but do not have the required permissions to access this application.\nPlease submit a ticket to request access.',

Copilot uses AI. Check for mistakes.
'enable_file_processing_logs': True,
'file_processing_logs_timer_enabled': False,
'file_timer_value': 1,
Expand Down
1 change: 1 addition & 0 deletions application/single_app/route_frontend_admin_settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -862,6 +862,7 @@ def is_valid_url(url):
'max_file_size_mb': max_file_size_mb,
'conversation_history_limit': conversation_history_limit,
'default_system_prompt': form_data.get('default_system_prompt', '').strip(),
'access_denied_message': form_data.get('access_denied_message', '').strip(),

# Video file settings with Azure Video Indexer Settings
'video_indexer_endpoint': form_data.get('video_indexer_endpoint', video_indexer_endpoint).strip(),
Expand Down
5 changes: 5 additions & 0 deletions application/single_app/templates/admin_settings.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1427,6 +1427,11 @@ <h5>
<label for="default_system_prompt" class="form-label">Default System Prompt</label>
<textarea class="form-control" id="default_system_prompt" name="default_system_prompt"
rows="5">{{ settings.default_system_prompt }}</textarea>

<div class="mt-3"></div>
<label for="access_denied_message" class="form-label">Access Denied Message</label>
<textarea class="form-control" id="access_denied_message" name="access_denied_message"
rows="3" placeholder="Shown to signed-in users without required roles">{{ settings.access_denied_message }}</textarea>
</div>
</div>
</div>
Expand Down
3 changes: 1 addition & 2 deletions application/single_app/templates/index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,8 +62,7 @@
{% else %}
{% if session.get('user') %}
<p class="lead">
You are logged in but do not have the required permissions to access this application.
Please submit a ticket to request access.
{{ (app_settings.access_denied_message or 'You are logged in but do not have the required permissions to access this application. Please submit a ticket to request access.') | e | replace('\n','<br>') | safe }}
Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The filter chain here has a potential issue with the order of operations. The current chain is: '| e | replace('\n','
') | safe'. This means HTML entities are escaped first (including any literal '
' in the text), then newlines are replaced with '
', then marked as safe. However, since the replacement happens after escaping, any literal '
' typed by the admin will be double-escaped and display as text rather than rendering as a line break. Consider using the 'nl2br' filter if available, or ensure the replacement happens before escaping.

Suggested change
{{ (app_settings.access_denied_message or 'You are logged in but do not have the required permissions to access this application. Please submit a ticket to request access.') | e | replace('\n','<br>') | safe }}
{{ (app_settings.access_denied_message or 'You are logged in but do not have the required permissions to access this application. Please submit a ticket to request access.') | e | nl2br }}

Copilot uses AI. Check for mistakes.
</p>
{% else %}
<div>
Expand Down
Loading