Skip to content

Commit 9fe3a4d

Browse files
jpizquierdojpizquierdo
authored
🐛Update items.py to return status code 403 in case of insufficient permissions (#1543)
1 parent a45258f commit 9fe3a4d

File tree

2 files changed

+6
-6
lines changed

2 files changed

+6
-6
lines changed

backend/app/api/routes/items.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ def read_item(session: SessionDep, current_user: CurrentUser, id: uuid.UUID) ->
5050
if not item:
5151
raise HTTPException(status_code=404, detail="Item not found")
5252
if not current_user.is_superuser and (item.owner_id != current_user.id):
53-
raise HTTPException(status_code=400, detail="Not enough permissions")
53+
raise HTTPException(status_code=403, detail="Not enough permissions")
5454
return item
5555

5656

@@ -83,7 +83,7 @@ def update_item(
8383
if not item:
8484
raise HTTPException(status_code=404, detail="Item not found")
8585
if not current_user.is_superuser and (item.owner_id != current_user.id):
86-
raise HTTPException(status_code=400, detail="Not enough permissions")
86+
raise HTTPException(status_code=403, detail="Not enough permissions")
8787
update_dict = item_in.model_dump(exclude_unset=True)
8888
item.sqlmodel_update(update_dict)
8989
session.add(item)
@@ -103,7 +103,7 @@ def delete_item(
103103
if not item:
104104
raise HTTPException(status_code=404, detail="Item not found")
105105
if not current_user.is_superuser and (item.owner_id != current_user.id):
106-
raise HTTPException(status_code=400, detail="Not enough permissions")
106+
raise HTTPException(status_code=403, detail="Not enough permissions")
107107
session.delete(item)
108108
session.commit()
109109
return Message(message="Item deleted successfully")

backend/tests/api/routes/test_items.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ def test_read_item_not_enough_permissions(
6060
f"{settings.API_V1_STR}/items/{item.id}",
6161
headers=normal_user_token_headers,
6262
)
63-
assert response.status_code == 400
63+
assert response.status_code == 403
6464
content = response.json()
6565
assert content["detail"] == "Not enough permissions"
6666

@@ -121,7 +121,7 @@ def test_update_item_not_enough_permissions(
121121
headers=normal_user_token_headers,
122122
json=data,
123123
)
124-
assert response.status_code == 400
124+
assert response.status_code == 403
125125
content = response.json()
126126
assert content["detail"] == "Not enough permissions"
127127

@@ -159,6 +159,6 @@ def test_delete_item_not_enough_permissions(
159159
f"{settings.API_V1_STR}/items/{item.id}",
160160
headers=normal_user_token_headers,
161161
)
162-
assert response.status_code == 400
162+
assert response.status_code == 403
163163
content = response.json()
164164
assert content["detail"] == "Not enough permissions"

0 commit comments

Comments
 (0)