From d09da8ea78d14bbca15521ab82413217c26fb3be Mon Sep 17 00:00:00 2001 From: devplant Date: Thu, 4 May 2023 09:44:57 +0300 Subject: [PATCH] RED-6034 - Possible to assign a file to unauthorized users - change status from 403 to 400 --- .../management/v1/processor/service/AccessControlService.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/AccessControlService.java b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/AccessControlService.java index cd75b6e65..4a8e2a394 100644 --- a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/AccessControlService.java +++ b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/AccessControlService.java @@ -6,6 +6,7 @@ import org.springframework.stereotype.Service; import com.iqser.red.keycloak.commons.KeycloakSecurity; import com.iqser.red.service.persistence.management.v1.processor.acl.custom.dossier.DossierACLService; +import com.iqser.red.service.persistence.management.v1.processor.exception.BadRequestException; import com.iqser.red.service.persistence.management.v1.processor.exception.NotAllowedException; import com.iqser.red.service.persistence.management.v1.processor.exception.NotFoundException; import com.iqser.red.service.persistence.service.v1.api.shared.model.dossiertemplate.dossier.file.WorkflowStatus; @@ -69,7 +70,7 @@ public class AccessControlService { var isMember = dossier.getMemberIds().contains(userId); var isApprover = dossier.getApproverIds().contains(userId); if (!isMember && !isApprover) { - throw new NotAllowedException("User must be dossier member or approver."); + throw new BadRequestException("User must be dossier member or approver."); } }