From 50006b7b408cce54a2c7f206f24bbdd8859347d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Joel=20P=C3=A9rez=20Izquierdo?= Date: Mon, 14 Apr 2025 10:00:14 +0100 Subject: [PATCH 1/2] Update items.py Change error 400 to error 403 when not enough permissions when requesting items --- backend/app/api/routes/items.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/backend/app/api/routes/items.py b/backend/app/api/routes/items.py index 177dc1e476..3d4e4e07b5 100644 --- a/backend/app/api/routes/items.py +++ b/backend/app/api/routes/items.py @@ -50,7 +50,7 @@ def read_item(session: SessionDep, current_user: CurrentUser, id: uuid.UUID) -> if not item: raise HTTPException(status_code=404, detail="Item not found") if not current_user.is_superuser and (item.owner_id != current_user.id): - raise HTTPException(status_code=400, detail="Not enough permissions") + raise HTTPException(status_code=403, detail="Not enough permissions") return item @@ -83,7 +83,7 @@ def update_item( if not item: raise HTTPException(status_code=404, detail="Item not found") if not current_user.is_superuser and (item.owner_id != current_user.id): - raise HTTPException(status_code=400, detail="Not enough permissions") + raise HTTPException(status_code=403, detail="Not enough permissions") update_dict = item_in.model_dump(exclude_unset=True) item.sqlmodel_update(update_dict) session.add(item) @@ -103,7 +103,7 @@ def delete_item( if not item: raise HTTPException(status_code=404, detail="Item not found") if not current_user.is_superuser and (item.owner_id != current_user.id): - raise HTTPException(status_code=400, detail="Not enough permissions") + raise HTTPException(status_code=403, detail="Not enough permissions") session.delete(item) session.commit() return Message(message="Item deleted successfully") From 03dcab006188ed090126461df6ff8766b1460cc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Joel=20P=C3=A9rez=20Izquierdo?= Date: Mon, 14 Apr 2025 10:04:27 +0100 Subject: [PATCH 2/2] Update test_items.py updated tests --- backend/app/tests/api/routes/test_items.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/backend/app/tests/api/routes/test_items.py b/backend/app/tests/api/routes/test_items.py index c215238a69..49c0151081 100644 --- a/backend/app/tests/api/routes/test_items.py +++ b/backend/app/tests/api/routes/test_items.py @@ -60,7 +60,7 @@ def test_read_item_not_enough_permissions( f"{settings.API_V1_STR}/items/{item.id}", headers=normal_user_token_headers, ) - assert response.status_code == 400 + assert response.status_code == 403 content = response.json() assert content["detail"] == "Not enough permissions" @@ -121,7 +121,7 @@ def test_update_item_not_enough_permissions( headers=normal_user_token_headers, json=data, ) - assert response.status_code == 400 + assert response.status_code == 403 content = response.json() assert content["detail"] == "Not enough permissions" @@ -159,6 +159,6 @@ def test_delete_item_not_enough_permissions( f"{settings.API_V1_STR}/items/{item.id}", headers=normal_user_token_headers, ) - assert response.status_code == 400 + assert response.status_code == 403 content = response.json() assert content["detail"] == "Not enough permissions"