Fix error code 400 instead of 403 in api tests

intuitem · Feb 26, 2024 · c26e14b · c26e14b
1 parent 54dc9eb
commit c26e14b
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 15 deletions.
diff --git a/backend/app_tests/api/test_utils.py b/backend/app_tests/api/test_utils.py
@@ -509,21 +509,22 @@ def create_object(
                     response.status_code == user_perm_expected_status
                 ), f"{verbose_name} can be created without permission" if response.status_code == status.HTTP_201_CREATED else f"Creating {verbose_name.lower()} should give a status {user_perm_expected_status}"
 
-            for key, value in build_params.items():
-                if key == "attachment":
-                    # Asserts that the value file name is present in the JSON response
-                    assert (
-                        value.name.split("/")[-1].split(".")[0] in response.json()[key]
-                    ), f"{verbose_name} {key.replace('_', ' ')} returned by the API after object creation don't match the provided {key.replace('_', ' ')}"
-                else:
-                    assert (
-                        response.json()[key] == value
-                    ), f"{verbose_name} {key.replace('_', ' ')} returned by the API after object creation don't match the provided {key.replace('_', ' ')}"
+            if not (fails or user_perm_fails):
+                for key, value in build_params.items():
+                    if key == "attachment":
+                        # Asserts that the value file name is present in the JSON response
+                        assert (
+                            value.name.split("/")[-1].split(".")[0] in response.json()[key]
+                        ), f"{verbose_name} {key.replace('_', ' ')} returned by the API after object creation don't match the provided {key.replace('_', ' ')}"
+                    else:
+                        assert (
+                            response.json()[key] == value
+                        ), f"{verbose_name} {key.replace('_', ' ')} returned by the API after object creation don't match the provided {key.replace('_', ' ')}"
 
-            # Checks that the object was created in the database
-            assert (
-                object.objects.filter(id=response.json()["id"]).exists()
-            ), f"{verbose_name} created with the API are not saved in the database"
+                # Checks that the object was created in the database
+                assert (
+                    object.objects.filter(id=response.json()["id"]).exists()
+                ), f"{verbose_name} created with the API are not saved in the database"
 
             # Uses the API endpoint to assert that the created object is accessible
             response = authenticated_client.get(url)

diff --git a/backend/core/serializers.py b/backend/core/serializers.py
@@ -5,6 +5,7 @@
 from iam.models import *
 
 from rest_framework import serializers
+from rest_framework.exceptions import PermissionDenied
 from django.contrib.auth import get_user_model
 from django.db import models
 from core.serializer_fields import FieldsRelatedField
@@ -36,7 +37,7 @@ def create(self, validated_data: Any):
             folder=folder,
         )
         if not can_create_in_folder:
-            raise serializers.ValidationError(
+            raise PermissionDenied(
                 {
                     "folder": "You do not have permission to create objects in this folder"
                 }