Makes forbidden actions have clearer responses
This commit is contained in:
@@ -1,3 +1,3 @@
|
||||
package net.halfbinary.scavengerhuntapi.error.exception
|
||||
|
||||
class ForbiddenException(override val message: String): RuntimeException(message)
|
||||
class ForbiddenException: RuntimeException("Access Denied.")
|
||||
|
||||
@@ -72,8 +72,12 @@ class PhotoService(
|
||||
?: throw NotFoundException("Photo not found")
|
||||
|
||||
if (!requestingHunter.isAdmin) {
|
||||
val team = teamService.getTeamForHunterInHunt(huntId, email)
|
||||
if (team.id != teamId) throw ForbiddenException("Access denied")
|
||||
val team = try {
|
||||
teamService.getTeamForHunterInHunt(huntId, email)
|
||||
} catch (_: NotFoundException) {
|
||||
throw ForbiddenException()
|
||||
}
|
||||
if (team.id != teamId) throw ForbiddenException()
|
||||
}
|
||||
|
||||
val submitter = hunterService.getHunterById(photoRecord.hunterId)
|
||||
@@ -87,9 +91,15 @@ class PhotoService(
|
||||
|
||||
if (!requestingHunter.isAdmin) {
|
||||
val submitter = hunterService.getHunterById(photoRecord.hunterId)
|
||||
val requestingTeam = teamService.getTeamForHunterInHunt(photoRecord.huntId, requestingHunter.email)
|
||||
val submitterTeam = teamService.getTeamForHunterInHunt(photoRecord.huntId, submitter.email)
|
||||
if (requestingTeam.id != submitterTeam.id) throw ForbiddenException("Access denied")
|
||||
try {
|
||||
val requestingTeam =
|
||||
teamService.getTeamForHunterInHunt(photoRecord.huntId, requestingHunter.email)
|
||||
val submitterTeam =
|
||||
teamService.getTeamForHunterInHunt(photoRecord.huntId, submitter.email)
|
||||
if (requestingTeam.id != submitterTeam.id) throw ForbiddenException()
|
||||
} catch (_: NotFoundException) {
|
||||
throw ForbiddenException()
|
||||
}
|
||||
}
|
||||
|
||||
val key = when (version) {
|
||||
|
||||
Reference in New Issue
Block a user