fix(manager): repair error handling when forbidden

RHINENG-12111: 500 HTTP error when requesting api with account without persmissions
RedHatInsights · Sep 27, 2024 · 447cc51 · 447cc51
1 parent a22c03d
commit 447cc51
Showing 1 changed file with 13 additions and 9 deletions.
diff --git a/manager/base.py b/manager/base.py
@@ -19,7 +19,7 @@
 from urllib.parse import unquote
 
 from connexion import context
-from flask import Response
+from connexion.lifecycle import ConnexionResponse
 from peewee import JOIN
 from peewee import SQL
 from peewee import Case
@@ -191,18 +191,22 @@ def auth_admin(x_rh_identity, required_scopes=None):  # pylint: disable=unused-a
     return {"uid": user} if user else None
 
 
-def forbidden_missing_entitlement(exception):  # pylint: disable=unused-argument
+def forbidden_missing_entitlement(request, exception):  # pylint: disable=unused-argument
     """Override default connexion 401 coming from auth() with 403"""
-    return Response(response=json.dumps({"errors": [{"detail": "insights entitlement is missing",
-                                                     "status": "403"}]}),
-                    status=403, mimetype="application/vnd.api+json")
+    return ConnexionResponse(
+        body=json.dumps({"errors": [{"detail": "insights entitlement is missing", "status": "403"}]}),
+        status_code=403,
+        mimetype="application/vnd.api+json"
+    )
 
 
-def forbidden_rbac(exception):  # pylint: disable=unused-argument
+def forbidden_rbac(request, exception):  # pylint: disable=unused-argument
     """Override default connexion 401 coming from auth() with 403"""
-    return Response(response=json.dumps({"errors": [{"detail": exception.message,
-                                                     "status": "403"}]}),
-                    status=403, mimetype="application/vnd.api+json")
+    return ConnexionResponse(
+        body=json.dumps({"errors": [{"detail": exception.message, "status": "403"}]}),
+        status_code=403,
+        mimetype="application/vnd.api+json"
+    )
 
 
 class Request: