refactor: correct use of 403 http status over 401

hotosm · Jan 11, 2024 · b173063 · b173063
1 parent f5bc926
commit b173063
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 10 deletions.
diff --git a/src/backend/app/auth/roles.py b/src/backend/app/auth/roles.py
@@ -51,7 +51,7 @@ async def super_admin(
 
     if not match:
         log.error(f"User ID {user_id} requested an admin endpoint, but is not admin")
-        raise HTTPException(status_code=401, detail="User must be an administrator")
+        raise HTTPException(status_code=403, detail="User must be an administrator")
 
     return user_data
 
@@ -69,15 +69,15 @@ async def validator(
 
     if not match:
         log.error(f"User ID {user_id} has no access to project ID {project_id}")
-        raise HTTPException(status_code=401, detail="User has no access to project")
+        raise HTTPException(status_code=403, detail="User has no access to project")
 
     if match.role.value < ProjectRole.VALIDATOR.value:
         log.error(
             f"User ID {user_id} does not have validator permission"
             f"for project ID {project_id}"
         )
         raise HTTPException(
-            status_code=401, detail="User is not a validator for this project"
+            status_code=403, detail="User is not a validator for this project"
         )
 
     return user_data
diff --git a/src/backend/app/tasks/tasks_crud.py b/src/backend/app/tasks/tasks_crud.py
@@ -18,7 +18,7 @@
 import base64
 from typing import List
 
-from fastapi import HTTPException, Depends
+from fastapi import Depends, HTTPException
 from geoalchemy2.shape import from_shape
 from geojson import dump
 from loguru import logger as log
@@ -27,15 +27,15 @@
 from sqlalchemy.orm import Session
 from sqlalchemy.sql import text
 
-from app.tasks import tasks_schemas
 from app.central import central_crud
-from app.db import db_models, database
+from app.db import database, db_models
 from app.models.enums import (
     TaskStatus,
     get_action_for_status_change,
     verify_valid_status_update,
 )
 from app.projects import project_crud
+from app.tasks import tasks_schemas
 from app.users import user_crud
 
 
@@ -121,7 +121,7 @@ async def update_task_status(
                 )
                 log.error(msg)
                 raise HTTPException(
-                    status_code=401,
+                    status_code=403,
                     detail=msg,
                 )
 
@@ -321,13 +321,17 @@ async def edit_task_boundary(db: Session, task_id: int, boundary: str):
     return True
 
 
-async def update_task_history(tasks: List[tasks_schemas.TaskBase], db: Session = Depends(database.get_db)):
+async def update_task_history(
+    tasks: List[tasks_schemas.TaskBase], db: Session = Depends(database.get_db)
+):
     def process_history_entry(history_entry):
         status = history_entry.action_text.split()
         history_entry.status = status[5]
 
         if history_entry.user_id:
-            user = db.query(db_models.DbUser).filter_by(id=history_entry.user_id).first()
+            user = (
+                db.query(db_models.DbUser).filter_by(id=history_entry.user_id).first()
+            )
             if user:
                 history_entry.username = user.username
                 history_entry.profile_img = user.profile_img
@@ -338,4 +342,4 @@ def process_history_entry(history_entry):
             for history_entry in task_history:
                 process_history_entry(history_entry)
 
-    return tasks
+    return tasks