From a71cd641dca03972215dae0092091718bc528e7e Mon Sep 17 00:00:00 2001
From: Yisroel Baum <yisroel.d.baum@gmail.com>
Date: Sun, 3 May 2026 16:33:44 +0300
Subject: [PATCH 1/2] add tests for forbidden and not found text

---
 cypress/e2e/userText.cy.js | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/cypress/e2e/userText.cy.js b/cypress/e2e/userText.cy.js
index f26cc61..2318f07 100644
--- a/cypress/e2e/userText.cy.js
+++ b/cypress/e2e/userText.cy.js
@@ -55,4 +55,23 @@ describe('The user text detail page', () => {
             expect(response.status).to.eq(403)
         })
     })
+
+    it('non-owner sees forbidden message when viewing another user text', () => {
+        cy.loginAsSecondUser()
+        cy.intercept('GET', '/api/texts/0').as('getText')
+        cy.visit('/texts/0')
+        cy.wait('@getText')
+        cy.get('#text-detail').should(
+            'contain',
+            "You don't have permission to view this text"
+        )
+    })
+
+    it('user sees not found for non-existent text', () => {
+        cy.loginAsUser()
+        cy.intercept('GET', '/api/texts/999').as('getText')
+        cy.visit('/texts/999')
+        cy.wait('@getText')
+        cy.get('#text-detail').should('contain', 'Text not found')
+    })
 })

From b5040fff141b2aa4e1f575a5425bef1423253b6e Mon Sep 17 00:00:00 2001
From: Yisroel Baum <yisroel.d.baum@gmail.com>
Date: Sun, 3 May 2026 16:33:46 +0300
Subject: [PATCH 2/2] handle forbidden and not found errors on text page

---
 public/js/text.js | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/public/js/text.js b/public/js/text.js
index 90221d2..2b021d0 100644
--- a/public/js/text.js
+++ b/public/js/text.js
@@ -4,8 +4,24 @@ document.addEventListener('DOMContentLoaded', () => {
     const textId = window.location.pathname.split('/').pop();
 
     fetch('/api/texts/' + textId, { credentials: 'same-origin' })
-        .then(res => res.json())
-        .then(text => {
+        .then(function (res) {
+            if (!res.ok) {
+                if (res.status === 403) {
+                    const message = document.createElement('p');
+                    message.textContent =
+                        "You don't have permission to view this text";
+                    document.getElementById('text-detail').appendChild(message);
+                } else if (res.status === 404) {
+                    const message = document.createElement('p');
+                    message.textContent = 'Text not found';
+                    document.getElementById('text-detail').appendChild(message);
+                }
+                return;
+            }
+            return res.json();
+        })
+        .then(function (text) {
+            if (!text) return;
             const h1 = document.createElement('h1');
             h1.textContent = text.name;
             document.getElementById('text-detail').appendChild(h1);