Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds more detailed error messages and codes to base permissions #3148

Merged
merged 2 commits into from
Mar 23, 2023
Merged

Adds more detailed error messages and codes to base permissions #3148

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f030bed
Adds more detailed error messages and codes to base permissions
mvilanova Mar 23, 2023
bee2da5
Merge remote-tracking branch 'origin/master' into enhancement/base-pe…
mvilanova Mar 23, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 19 additions & 8 deletions src/dispatch/auth/permissions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

from fastapi import HTTPException
from starlette.requests import Request
from starlette.status import HTTP_403_FORBIDDEN
from starlette.status import HTTP_403_FORBIDDEN, HTTP_404_NOT_FOUND

from dispatch.enums import UserRoles, Visibility
from dispatch.auth.service import get_current_user
Expand Down Expand Up @@ -47,8 +47,19 @@ def has_required_permissions(self, request: Request) -> bool:

"""

error_msg = [{"msg": "You don't have permission to access or modify this resource."}]
status_code = HTTP_403_FORBIDDEN
org_error_msg = [{"msg": "Organization not found. Please, contact your Dispatch admin."}]
org_error_code = HTTP_404_NOT_FOUND

user_error_msg = [{"msg": "User not found. Please, contact your Dispatch admin"}]
user_error_code = HTTP_404_NOT_FOUND

user_role_error_msg = [
{
"msg": "Your user doesn't have permissions to create, update, or delete this resource. Please, contact your Dispatch admin."
}
]
user_role_error_code = HTTP_403_FORBIDDEN

role = None

@abstractmethod
Expand All @@ -71,17 +82,17 @@ def __init__(self, request: Request):
)

if not organization:
raise HTTPException(status_code=self.status_code, detail=self.error_msg)
raise HTTPException(status_code=self.org_error_code, detail=self.org_error_msg)

user = get_current_user(request=request)

if not user:
raise HTTPException(status_code=self.status_code, detail=self.error_msg)
raise HTTPException(status_code=self.user_error_code, detail=self.user_error_msg)

self.role = user.get_organization_role(organization.slug)

if not self.has_required_permissions(request):
raise HTTPException(status_code=self.status_code, detail=self.error_msg)
raise HTTPException(
status_code=self.user_role_error_code, detail=self.user_role_error_msg
)


class PermissionsDependency(object):
Expand Down