Skip to content

Commit

Permalink
refactor: [#615] new authorization error for guest users
Browse files Browse the repository at this point in the history
  • Loading branch information
mario-nt committed Aug 5, 2024
1 parent d8b3ee2 commit f38b628
Show file tree
Hide file tree
Showing 6 changed files with 16 additions and 8 deletions.
6 changes: 6 additions & 0 deletions src/errors.rs
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,11 @@ pub enum ServiceError {
#[display(fmt = "Unauthorized action.")]
UnauthorizedAction,

#[display(
fmt = "Unauthorized actions for guest users. Try logging in to check if you have permission to perform the action"
)]
UnauthorizedActionForGuests,

#[display(fmt = "This torrent already exists in our database.")]
InfoHashAlreadyExists,

Expand Down Expand Up @@ -301,6 +306,7 @@ pub fn http_status_code_for_service_error(error: &ServiceError) -> StatusCode {
ServiceError::InvalidCategory => StatusCode::BAD_REQUEST,
ServiceError::InvalidTag => StatusCode::BAD_REQUEST,
ServiceError::UnauthorizedAction => StatusCode::FORBIDDEN,
ServiceError::UnauthorizedActionForGuests => StatusCode::UNAUTHORIZED,
ServiceError::InfoHashAlreadyExists => StatusCode::BAD_REQUEST,
ServiceError::CanonicalInfoHashAlreadyExists => StatusCode::CONFLICT,
ServiceError::OriginalInfoHashAlreadyExists => StatusCode::CONFLICT,
Expand Down
4 changes: 3 additions & 1 deletion src/services/authorization.rs
Original file line number Diff line number Diff line change
Expand Up @@ -80,11 +80,13 @@ impl Service {
let enforcer = self.casbin_enforcer.enforcer.read().await;

let authorize = enforcer
.enforce((role, action))
.enforce((&role, action))
.map_err(|_| ServiceError::UnauthorizedAction)?;

if authorize {
Ok(())
} else if role == UserRole::Guest {
Err(ServiceError::UnauthorizedActionForGuests)
} else {
Err(ServiceError::UnauthorizedAction)
}
Expand Down
4 changes: 2 additions & 2 deletions tests/e2e/web/api/v1/contexts/category/contract.rs
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ async fn it_should_not_allow_adding_a_new_category_to_unauthenticated_users() {
})
.await;

assert_eq!(response.status, 403);
assert_eq!(response.status, 401);
}

#[tokio::test]
Expand Down Expand Up @@ -194,5 +194,5 @@ async fn it_should_not_allow_guests_to_delete_categories() {
})
.await;

assert_eq!(response.status, 403);
assert_eq!(response.status, 401);
}
4 changes: 2 additions & 2 deletions tests/e2e/web/api/v1/contexts/tag/contract.rs
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ async fn it_should_not_allow_adding_a_new_tag_to_unauthenticated_users() {
})
.await;

assert_eq!(response.status, 403);
assert_eq!(response.status, 401);
}

#[tokio::test]
Expand Down Expand Up @@ -174,5 +174,5 @@ async fn it_should_not_allow_guests_to_delete_tags() {

let response = client.delete_tag(DeleteTagForm { tag_id }).await;

assert_eq!(response.status, 403);
assert_eq!(response.status, 401);
}
4 changes: 2 additions & 2 deletions tests/e2e/web/api/v1/contexts/torrent/contract.rs
Original file line number Diff line number Diff line change
Expand Up @@ -442,7 +442,7 @@ mod for_guests {

let response = client.upload_torrent(form.into()).await;

assert_eq!(response.status, 403);
assert_eq!(response.status, 401);
}

#[tokio::test]
Expand All @@ -462,7 +462,7 @@ mod for_guests {

let response = client.delete_torrent(&test_torrent.file_info_hash()).await;

assert_eq!(response.status, 403);
assert_eq!(response.status, 401);
}
}

Expand Down
2 changes: 1 addition & 1 deletion tests/e2e/web/api/v1/contexts/user/contract.rs
Original file line number Diff line number Diff line change
Expand Up @@ -231,6 +231,6 @@ mod banned_user_list {

let response = client.ban_user(Username::new(registered_user.username.clone())).await;

assert_eq!(response.status, 403);
assert_eq!(response.status, 401);
}
}

0 comments on commit f38b628

Please sign in to comment.