OpenRailAssociation · hamz2a · Dec 24, 2024 · Dec 24, 2024
diff --git a/editoast/openapi.yaml b/editoast/openapi.yaml
@@ -4133,7 +4133,7 @@ components:
           type: string
           enum:
           - editoast:authz:DbError
-    EditoastAuthorizationErrorUnauthenticated:
+    EditoastAuthorizationErrorForbidden:
       type: object
       required:
       - type
@@ -4147,11 +4147,11 @@ components:
         status:
           type: integer
           enum:
-          - 401
+          - 403
         type:
           type: string
           enum:
-          - editoast:authz:Unauthenticated
+          - editoast:authz:Forbidden
     EditoastAuthorizationErrorUnauthorized:
       type: object
       required:
@@ -4166,7 +4166,7 @@ components:
         status:
           type: integer
           enum:
-          - 403
+          - 401
         type:
           type: string
           enum:
@@ -4665,7 +4665,7 @@ components:
       - $ref: '#/components/schemas/EditoastAttachedErrorTrackNotFound'
       - $ref: '#/components/schemas/EditoastAuthorizationErrorAuthError'
       - $ref: '#/components/schemas/EditoastAuthorizationErrorDbError'
-      - $ref: '#/components/schemas/EditoastAuthorizationErrorUnauthenticated'
+      - $ref: '#/components/schemas/EditoastAuthorizationErrorForbidden'
       - $ref: '#/components/schemas/EditoastAuthorizationErrorUnauthorized'
       - $ref: '#/components/schemas/EditoastAuthzErrorAuthz'
       - $ref: '#/components/schemas/EditoastAuthzErrorDriver'

@@ -104,7 +104,7 @@ async fn list_user_roles(
         .await
         .map_err(AuthorizationError::from)?
     {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     let authorizer = auth.authorizer()?;
@@ -142,7 +142,7 @@ async fn grant_roles(
         .await
         .map_err(AuthorizationError::from)?
     {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     let mut authorizer = auth.authorizer()?;
@@ -174,7 +174,7 @@ async fn strip_roles(
         .await
         .map_err(AuthorizationError::from)?
     {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     let mut authorizer = auth.authorizer()?;

@@ -63,7 +63,7 @@ async fn get(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
     let conn = &mut db_pool.get().await?;
     let doc = Document::retrieve_or_fail(conn, document_id, || DocumentErrors::NotFound {
@@ -108,7 +108,7 @@ async fn post(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
     let content_type = content_type.to_string();
 
@@ -151,7 +151,7 @@ async fn delete(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
     let conn = &mut db_pool.get().await?;
     Document::delete_static_or_fail(conn, document_id, || DocumentErrors::NotFound {

@@ -66,7 +66,7 @@ async fn list(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
     let mut conn = db_pool.get().await?;
     Ok(Json(ElectricalProfileSet::list_light(&mut conn).await?))
@@ -92,7 +92,7 @@ async fn get(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
     let conn = &mut db_pool.get().await?;
     let ep_set = ElectricalProfileSet::retrieve_or_fail(conn, electrical_profile_set_id, || {
@@ -131,7 +131,7 @@ async fn get_level_order(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
     let conn = &mut db_pool.get().await?;
     let ep_set = ElectricalProfileSet::retrieve_or_fail(conn, electrical_profile_set_id, || {
@@ -163,7 +163,7 @@ async fn delete(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
     let conn = &mut db_pool.get().await?;
     let deleted = ElectricalProfileSet::delete_static(conn, electrical_profile_set_id).await?;
@@ -201,7 +201,7 @@ async fn post_electrical_profile(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
     let ep_set = ElectricalProfileSet::changeset()
         .name(ep_set_name.name)

@@ -77,7 +77,7 @@ async fn attached(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     let mut conn = db_pool.get().await?;

@@ -97,7 +97,7 @@ async fn list_auto_fixes(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     let conn = &mut db_pool.get().await?;

@@ -142,7 +142,7 @@ async fn delimited_area(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     // Retrieve the infra

@@ -85,7 +85,7 @@ async fn edit<'a>(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     // TODO: lock for update
@@ -140,7 +140,7 @@ pub async fn split_track_section<'a>(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     info!(

@@ -86,7 +86,7 @@ async fn list_errors(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     let (page, page_size) = pagination_params

@@ -55,7 +55,7 @@ async fn get_line_bbox(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     let line_code: i32 = line_code.try_into().unwrap();

@@ -138,7 +138,7 @@ async fn refresh(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     // Use a transaction to give scope to infra list lock
@@ -214,7 +214,7 @@ async fn list(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     let settings = pagination_params
@@ -310,7 +310,7 @@ async fn get(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     let infra_id = infra.infra_id;
@@ -356,7 +356,7 @@ async fn create(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     let infra: Changeset<Infra> = infra_form.into();
@@ -392,7 +392,7 @@ async fn clone(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     let conn = &mut db_pool.get().await?;
@@ -437,7 +437,7 @@ async fn delete(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     if Infra::fast_delete_static(db_pool.get().await?, infra_id).await? {
@@ -482,7 +482,7 @@ async fn put(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     let infra_cs: Changeset<Infra> = patch.into();
@@ -518,7 +518,7 @@ async fn get_switch_types(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     let conn = &mut db_pool.get().await?;
@@ -559,7 +559,7 @@ async fn get_speed_limit_tags(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     let conn = &mut db_pool.get().await?;
@@ -603,7 +603,7 @@ async fn get_voltages(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     let include_rolling_stock_modes = param.include_rolling_stock_modes;
@@ -637,7 +637,7 @@ async fn get_all_voltages(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     let voltages = Infra::get_all_voltages(&mut db_pool.get().await?).await?;
@@ -673,7 +673,7 @@ async fn lock(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     set_locked(infra.infra_id, true, db_pool).await?;
@@ -700,7 +700,7 @@ async fn unlock(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     set_locked(infra.infra_id, false, db_pool).await?;
@@ -731,7 +731,7 @@ async fn load(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     let infra_id = path.infra_id;

@@ -67,7 +67,7 @@ async fn get_objects(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     let infra_id = infra_id_param.infra_id;

@@ -111,7 +111,7 @@ async fn pathfinding_view(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     // Parse and check input

@@ -63,7 +63,7 @@ async fn get_railjson(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     let infra_id = infra.infra_id;
@@ -182,7 +182,7 @@ async fn post_railjson(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     if railjson.version != RAILJSON_VERSION {

@@ -75,7 +75,7 @@ async fn get_routes_from_waypoint(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     let conn = &mut db_pool.get().await?;
@@ -159,7 +159,7 @@ async fn get_routes_track_ranges(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     let db_pool = db_pool.clone();
@@ -224,7 +224,7 @@ async fn get_routes_nodes(
         .await
         .map_err(AuthorizationError::AuthError)?;
     if !authorized {
-        return Err(AuthorizationError::Unauthorized.into());
+        return Err(AuthorizationError::Forbidden.into());
     }
 
     let infra = Infra::retrieve_or_fail(&mut db_pool.get().await?, params.infra_id, || {