Last modified: 2014-04-16 21:00:40 UTC
When I make a report public, get the url, make it private, then access the URL, I get a 404 Not Found page with the following text: Not Found The requested URL /static/public/11092.json was not found on this server. Apache/2.2.22 (Ubuntu) Server at metrics-staging.wmflabs.org Port 80 The status code should be a 403 (Access Denied) otherwise it is impossible for the user to tell what it going on.
Prioritization and scheduling of this bug is tracked on Mingle card https://wikimedia.mingle.thoughtworks.com/projects/analytics/cards/cards/1546
Actually I think a 403 will be more confusing. A 403 implies that you need some kind of credential that you do not have but that is not the case, the resource just does not exist. I think this points to a UX issue. The public link should not give you a 404 in any case. If the report exists should link to it. If it doesn't clicking should likely display an overlay that says "report is to available yet, it is scheduled to be run at such and such date"
404 is fine by me, as a 403 would leak the information that the given id refers to an existing (private) report (!=file). If the report is truely private, we should to leak information about its existence.
Convinced -- closing.