Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use exception class Forbidden to raise 403 errors. #6038

Open
wants to merge 10 commits into
base: develop
Choose a base branch
from
Open
43 changes: 16 additions & 27 deletions backend/api/campaigns/resources.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
from flask_restful import Resource, request, current_app
from schematics.exceptions import DataError

from backend.exceptions import Forbidden
from backend.models.dtos.campaign_dto import CampaignDTO, NewCampaignDTO
from backend.services.campaign_service import CampaignService
from backend.services.organisation_service import OrganisationService
Expand Down Expand Up @@ -115,15 +116,11 @@ def patch(self, campaign_id):
500:
description: Internal Server Error
"""
try:
orgs_dto = OrganisationService.get_organisations_managed_by_user_as_dto(
token_auth.current_user()
)
if len(orgs_dto.organisations) < 1:
raise ValueError("User not a Org Manager")
except ValueError as e:
error_msg = f"CampaignsRestAPI PATCH: {str(e)}"
return {"Error": error_msg, "SubCode": "UserNotPermitted"}, 403
orgs_dto = OrganisationService.get_organisations_managed_by_user_as_dto(
token_auth.current_user()
)
if len(orgs_dto.organisations) < 1:
raise Forbidden(sub_code="USER_NOT_ORG_MANAGER")

try:
campaign_dto = CampaignDTO(request.get_json())
Expand Down Expand Up @@ -179,15 +176,11 @@ def delete(self, campaign_id):
500:
description: Internal Server Error
"""
try:
orgs_dto = OrganisationService.get_organisations_managed_by_user_as_dto(
token_auth.current_user()
)
if len(orgs_dto.organisations) < 1:
raise ValueError("User not a Org Manager")
except ValueError as e:
error_msg = f"CampaignsRestAPI DELETE: {str(e)}"
return {"Error": error_msg, "SubCode": "UserNotPermitted"}, 403
orgs_dto = OrganisationService.get_organisations_managed_by_user_as_dto(
token_auth.current_user()
)
if len(orgs_dto.organisations) < 1:
raise Forbidden(sub_code="USER_NOT_ORG_MANAGER")

campaign = CampaignService.get_campaign(campaign_id)
CampaignService.delete_campaign(campaign.id)
Expand Down Expand Up @@ -268,15 +261,11 @@ def post(self):
500:
description: Internal Server Error
"""
try:
orgs_dto = OrganisationService.get_organisations_managed_by_user_as_dto(
token_auth.current_user()
)
if len(orgs_dto.organisations) < 1:
raise ValueError("User not a Org Manager")
except ValueError as e:
error_msg = f"CampaignsAllAPI POST: {str(e)}"
return {"Error": error_msg, "SubCode": "UserNotPermitted"}, 403
orgs_dto = OrganisationService.get_organisations_managed_by_user_as_dto(
token_auth.current_user()
)
if len(orgs_dto.organisations) < 1:
raise Forbidden(sub_code="USER_NOT_ORG_MANAGER")

try:
campaign_dto = NewCampaignDTO(request.get_json())
Expand Down
34 changes: 13 additions & 21 deletions backend/api/comments/resources.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
from flask_restful import Resource, request, current_app
from schematics.exceptions import DataError

from backend.exceptions import Forbidden
from backend.models.dtos.message_dto import ChatMessageDTO
from backend.models.dtos.mapping_dto import TaskCommentDTO
from backend.services.messaging.chat_service import ChatService
Expand Down Expand Up @@ -53,7 +54,7 @@ def post(self, project_id):
"""
authenticated_user_id = token_auth.current_user()
if UserService.is_user_blocked(authenticated_user_id):
return {"Error": "User is on read only mode", "SubCode": "ReadOnly"}, 403
raise Forbidden(sub_code="USER_BLOCKED")

try:
chat_dto = ChatMessageDTO(request.get_json())
Expand All @@ -67,13 +68,10 @@ def post(self, project_id):
"SubCode": "InvalidData",
}, 400

try:
project_messages = ChatService.post_message(
chat_dto, project_id, authenticated_user_id
)
return project_messages.to_primitive(), 201
except ValueError as e:
return {"Error": str(e).split("-")[1], "SubCode": str(e).split("-")[0]}, 403
project_messages = ChatService.post_message(
chat_dto, project_id, authenticated_user_id
)
return project_messages.to_primitive(), 201

def get(self, project_id):
"""
Expand Down Expand Up @@ -155,13 +153,10 @@ def delete(self, project_id, comment_id):
description: Internal Server Error
"""
authenticated_user_id = token_auth.current_user()
try:
ChatService.delete_project_chat_by_id(
project_id, comment_id, authenticated_user_id
)
return {"Success": "Comment deleted"}, 200
except ValueError as e:
return {"Error": str(e).split("-")[1], "SubCode": str(e).split("-")[0]}, 403
ChatService.delete_project_chat_by_id(
project_id, comment_id, authenticated_user_id
)
return {"Success": "Comment deleted"}, 200


class CommentsTasksRestAPI(Resource):
Expand Down Expand Up @@ -222,7 +217,7 @@ def post(self, project_id, task_id):
"""
authenticated_user_id = token_auth.current_user()
if UserService.is_user_blocked(authenticated_user_id):
return {"Error": "User is on read only mode", "SubCode": "ReadOnly"}, 403
raise Forbidden(sub_code="USER_BLOCKED")

try:
task_comment = TaskCommentDTO(request.get_json())
Expand All @@ -234,11 +229,8 @@ def post(self, project_id, task_id):
current_app.logger.error(f"Error validating request: {str(e)}")
return {"Error": "Unable to add comment", "SubCode": "InvalidData"}, 400

try:
task = MappingService.add_task_comment(task_comment)
return task.to_primitive(), 201
except MappingServiceError:
return {"Error": "Task update failed"}, 403
task = MappingService.add_task_comment(task_comment)
return task.to_primitive(), 201

def get(self, project_id, task_id):
"""
Expand Down
59 changes: 23 additions & 36 deletions backend/api/interests/resources.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
from flask_restful import Resource, current_app, request
from schematics.exceptions import DataError

from backend.exceptions import Forbidden
from backend.models.dtos.interests_dto import InterestDTO
from backend.services.interests_service import InterestService
from backend.services.organisation_service import OrganisationService
Expand All @@ -9,6 +10,7 @@
from sqlalchemy.exc import IntegrityError

INTEREST_NOT_FOUND = "Interest Not Found"
# FLAGGED FOR PERMISSIONS REVIEW


class InterestsAllAPI(Resource):
Expand Down Expand Up @@ -49,15 +51,11 @@ def post(self):
500:
description: Internal Server Error
"""
try:
orgs_dto = OrganisationService.get_organisations_managed_by_user_as_dto(
token_auth.current_user()
)
if len(orgs_dto.organisations) < 1:
raise ValueError("User not a Org Manager")
except ValueError as e:
error_msg = f"InterestsAllAPI POST: {str(e)}"
return {"Error": error_msg, "SubCode": "UserNotPermitted"}, 403
orgs_dto = OrganisationService.get_organisations_managed_by_user_as_dto(
token_auth.current_user()
)
if len(orgs_dto.organisations) < 1:
raise Forbidden(sub_code="USER_NOT_ORG_MANAGER")

try:
interest_dto = InterestDTO(request.get_json())
Expand Down Expand Up @@ -133,15 +131,12 @@ def get(self, interest_id):
500:
description: Internal Server Error
"""
try:
orgs_dto = OrganisationService.get_organisations_managed_by_user_as_dto(
token_auth.current_user()
)
if len(orgs_dto.organisations) < 1:
raise ValueError("User not a Org Manager")
except ValueError as e:
error_msg = f"InterestsRestAPI GET: {str(e)}"
return {"Error": error_msg, "SubCode": "UserNotPermitted"}, 403
# FLAGGED
orgs_dto = OrganisationService.get_organisations_managed_by_user_as_dto(
token_auth.current_user()
)
if len(orgs_dto.organisations) < 1:
raise Forbidden(sub_code="USER_NOT_ORG_MANAGER")

interest = InterestService.get(interest_id)
return interest.to_primitive(), 200
Expand Down Expand Up @@ -191,15 +186,11 @@ def patch(self, interest_id):
500:
description: Internal Server Error
"""
try:
orgs_dto = OrganisationService.get_organisations_managed_by_user_as_dto(
token_auth.current_user()
)
if len(orgs_dto.organisations) < 1:
raise ValueError("User not a Org Manager")
except ValueError as e:
error_msg = f"InterestsRestAPI PATCH: {str(e)}"
return {"Error": error_msg, "SubCode": "UserNotPermitted"}, 403
orgs_dto = OrganisationService.get_organisations_managed_by_user_as_dto(
token_auth.current_user()
)
if len(orgs_dto.organisations) < 1:
raise Forbidden(sub_code="USER_NOT_ORG_MANAGER")

try:
interest_dto = InterestDTO(request.get_json())
Expand Down Expand Up @@ -245,15 +236,11 @@ def delete(self, interest_id):
500:
description: Internal Server Error
"""
try:
orgs_dto = OrganisationService.get_organisations_managed_by_user_as_dto(
token_auth.current_user()
)
if len(orgs_dto.organisations) < 1:
raise ValueError("User not a Org Manager")
except ValueError as e:
error_msg = f"InterestsRestAPI DELETE: {str(e)}"
return {"Error": error_msg, "SubCode": "UserNotPermitted"}, 403
orgs_dto = OrganisationService.get_organisations_managed_by_user_as_dto(
token_auth.current_user()
)
if len(orgs_dto.organisations) < 1:
raise Forbidden(sub_code="USER_NOT_ORG_MANAGER")

InterestService.delete(interest_id)
return {"Success": "Interest deleted"}, 200
23 changes: 7 additions & 16 deletions backend/api/notifications/resources.py
Original file line number Diff line number Diff line change
@@ -1,8 +1,5 @@
from flask_restful import Resource, request
from backend.services.messaging.message_service import (
MessageService,
MessageServiceError,
)
from backend.services.messaging.message_service import MessageService
from backend.services.notification_service import NotificationService
from backend.services.users.authentication_service import token_auth, tm

Expand Down Expand Up @@ -41,13 +38,10 @@ def get(self, message_id):
500:
description: Internal Server Error
"""
try:
user_message = MessageService.get_message_as_dto(
message_id, token_auth.current_user()
)
return user_message.to_primitive(), 200
except MessageServiceError as e:
return {"Error": str(e).split("-")[1], "SubCode": str(e).split("-")[0]}, 403
user_message = MessageService.get_message_as_dto(
message_id, token_auth.current_user()
)
return user_message.to_primitive(), 200

@tm.pm_only(False)
@token_auth.login_required
Expand Down Expand Up @@ -82,11 +76,8 @@ def delete(self, message_id):
500:
description: Internal Server Error
"""
try:
MessageService.delete_message(message_id, token_auth.current_user())
return {"Success": "Message deleted"}, 200
except MessageServiceError as e:
return {"Error": str(e).split("-")[1], "SubCode": str(e).split("-")[0]}, 403
MessageService.delete_message(message_id, token_auth.current_user())
return {"Success": "Message deleted"}, 200


class NotificationsAllAPI(Resource):
Expand Down
11 changes: 3 additions & 8 deletions backend/api/organisations/campaigns.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
from flask_restful import Resource

from backend.exceptions import Forbidden
from backend.services.campaign_service import CampaignService
from backend.services.organisation_service import OrganisationService
from backend.services.users.authentication_service import token_auth
Expand Down Expand Up @@ -63,10 +64,7 @@ def post(self, organisation_id, campaign_id):
)
return {"Success": message}, 200
else:
return {
"Error": "User is not a manager of the organisation",
"SubCode": "UserNotPermitted",
}, 403
raise Forbidden(sub_code="USER_NOT_ORG_MANAGER")

def get(self, organisation_id):
"""
Expand Down Expand Up @@ -149,7 +147,4 @@ def delete(self, organisation_id, campaign_id):
200,
)
else:
return {
"Error": "User is not a manager of the organisation",
"SubCode": "UserNotPermitted",
}, 403
raise Forbidden(sub_code="USER_NOT_ORG_MANAGER")
Loading