Skip to content

Redirect unauthorized users from instance creation and align /check-name access checks #6109

New issue
New issue
Open
Open
Redirect unauthorized users from instance creation and align /check-name access checks#6109
Labels
taskA piece of work that isn't necessarily tied to a specific Epic or Story.
@cstns

Description

@cstns
cstns
opened on Oct 8, 2025

Description

Context
Users without permission to create an instance in any application can open the instance creation form by accessing the create URL. They should be blocked and redirected.

Related gap: /check-name validates only team access and ignores application context, so users with application create rights but without team rights get false negatives on name availability.

Acceptance criteria

  • Unauthorized users (no create permission in the targeted application) cannot access the instance creation form.
  • Direct navigation to the form redirects to a safe page with a clear authorization message.
  • API and UI guardrails are consistent: front end hides/blocks entry points based on effective permissions.
  • /check-name enforces both application and team context:
    • Users with application create rights but lacking team rights receive an authorization error, not a misleading “name unavailable”.
    • Users with proper application + team rights receive accurate availability results.
  • Authorization outcomes are covered by tests: redirect behavior, API 403s, and positive/negative /check-name cases.

Epic/Story

No response

Have you provided an initial effort estimate for this issue?

I have provided an initial effort estimate

Metadata

Metadata

Assignees

No one assigned

    Labels

    taskA piece of work that isn't necessarily tied to a specific Epic or Story.

    Type

    No type

    Projects

    ☁️ Product Planning

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions