aarbit/scavengerhunt-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Makes forbidden actions have clearer responses

Browse Source
This commit is contained in:
aarbit
2026-05-14 22:46:26 -05:00
parent aff0872e38
commit bc1bcf6e8d
2 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/kotlin/net/halfbinary/scavengerhuntapi/error/exception/ForbiddenException.kt
View File

@@ -1,3 +1,3 @@
package net.halfbinary.scavengerhuntapi.error.exception package net.halfbinary.scavengerhuntapi.error.exception
class ForbiddenException(override val message: String): RuntimeException(message) class ForbiddenException: RuntimeException("Access Denied.")

20
src/main/kotlin/net/halfbinary/scavengerhuntapi/service/PhotoService.kt
View File

@@ -72,8 +72,12 @@ class PhotoService(
?: throw NotFoundException("Photo not found") ?: throw NotFoundException("Photo not found")
if (!requestingHunter.isAdmin) { if (!requestingHunter.isAdmin) {
val team = teamService.getTeamForHunterInHunt(huntId, email) val team = try {
if (team.id != teamId) throw ForbiddenException("Access denied") teamService.getTeamForHunterInHunt(huntId, email)
} catch (_: NotFoundException) {
throw ForbiddenException()
}
if (team.id != teamId) throw ForbiddenException()
} }
val submitter = hunterService.getHunterById(photoRecord.hunterId) val submitter = hunterService.getHunterById(photoRecord.hunterId)
@@ -87,9 +91,15 @@ class PhotoService(
if (!requestingHunter.isAdmin) { if (!requestingHunter.isAdmin) {
val submitter = hunterService.getHunterById(photoRecord.hunterId) val submitter = hunterService.getHunterById(photoRecord.hunterId)
val requestingTeam = teamService.getTeamForHunterInHunt(photoRecord.huntId, requestingHunter.email) try {
val submitterTeam = teamService.getTeamForHunterInHunt(photoRecord.huntId, submitter.email) val requestingTeam =
if (requestingTeam.id != submitterTeam.id) throw ForbiddenException("Access denied") teamService.getTeamForHunterInHunt(photoRecord.huntId, requestingHunter.email)
val submitterTeam =
teamService.getTeamForHunterInHunt(photoRecord.huntId, submitter.email)
if (requestingTeam.id != submitterTeam.id) throw ForbiddenException()
} catch (_: NotFoundException) {
throw ForbiddenException()
}
} }
val key = when (version) { val key = when (version) {