PLUTO-43 /administrar/alumnos/[id] throws 500 (Sin permisos) instead of graceful 403 for docente_titular w/ viewStudents but not manageUsers; list shows links into a detail page the user can't enter (list<->detail cap mismatch) — fix 500-handling + resolve cap shape

PLUTO-43 · pluto

/administrar/alumnos/[id] throws 500 (Sin permisos) instead of graceful 403 for docente_titular w/ viewStudents but not manageUsers; list shows links into a detail page the user can't enter (list<->detail cap mismatch) — fix 500-handling + resolve cap shape

No sub-items.

No questions.

2026-06-12T01:50:47.229Z · created · wi-cli-venus
2026-06-12T02:00:51.495Z · completed · wi-cli-venus

Root cause: dead/unused getPersonaRoleOptions() fetch on /administrar/alumnos/[id] (leftover after role-editing moved to /administrar/personas) threw a manageUsers cap-guard in the render path for manageRoster-without-manageUsers actors -> 500 + admin error-email storm (ETIMEDOUT). NOT a gate bug: list+detail correctly gate manageRoster. Fix = removed the dead fetch (import + Promise.all element + destructure + no-op :184). Zero access-semantics change; actually corrected an unintended over-gate (manageRoster AND manageUsers) back to intended manageRoster. SHA 0dd6e7e (v1.67.23). audit PASS:0dd6e7e — deploy READY, live-version 1.67.23 serving, repro route 307 not 500, runtime clean, commit scope=2 files (no PLUTO-40 md ride-along). Follow-up PLUTO-44 = generic render-path-throw hardening.