RED-6034 - Possible to assign a file to unauthorized users

- change status from 403 to 400
2023-05-04 09:44:57 +03:00 · 2023-05-04 09:44:57 +03:00 · d09da8ea78
commit d09da8ea78
parent 23d49172d5
1 changed files with 2 additions and 1 deletions
--- a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/AccessControlService.java
+++ b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/AccessControlService.java
@ -6,6 +6,7 @@ import org.springframework.stereotype.Service;

 import com.iqser.red.keycloak.commons.KeycloakSecurity;
 import com.iqser.red.service.persistence.management.v1.processor.acl.custom.dossier.DossierACLService;
+import com.iqser.red.service.persistence.management.v1.processor.exception.BadRequestException;
 import com.iqser.red.service.persistence.management.v1.processor.exception.NotAllowedException;
 import com.iqser.red.service.persistence.management.v1.processor.exception.NotFoundException;
 import com.iqser.red.service.persistence.service.v1.api.shared.model.dossiertemplate.dossier.file.WorkflowStatus;
@ -69,7 +70,7 @@ public class AccessControlService {
        var isMember = dossier.getMemberIds().contains(userId);
        var isApprover = dossier.getApproverIds().contains(userId);
        if (!isMember && !isApprover) {
-            throw new NotAllowedException("User must be dossier member or approver.");
+            throw new BadRequestException("User must be dossier member or approver.");
        }
    }