-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Return 404 from Contents API when items don't exist #10323
Return 404 from Contents API when items don't exist #10323
Conversation
…com:zeripath/gitea into contents-api-should-return-404-on-not-found
If course I now need to fix the tests which expect 500 |
@zeripath now only test-change is left |
|
||
if !CanWriteFiles(ctx.Repo) { | ||
ctx.Error(http.StatusInternalServerError, "DeleteFile", models.ErrUserDoesNotHaveAccessToRepo{ | ||
ctx.Error(http.StatusForbidden, "DeleteFile", models.ErrUserDoesNotHaveAccessToRepo{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I hesitate to think this should maybe kept as StatusInternalServerError
to limit repo discovery.
In case you want to keep StatusForbidden
you need to also update the others requests for consistency.
Like https://github.com/go-gitea/gitea/pull/10323/files#diff-f94444002d94f8c2766292e69cefbee2R466
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you have read only access it should be forbidden status, in case you don't have any access it should be not found status but not internal server error
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In order to get to DeleteFile you have to pass:
m.Delete("", bind(api.DeleteFileOptions{}), repo.DeleteFile)
}, reqRepoWriter(models.UnitTypeCode), reqToken())
}, reqRepoReader(models.UnitTypeCode))
...
}, repoAssignment())
CanWriteFiles does the following in addition:
// CanWriteFiles returns true if repository is editable and user has proper access level.
func CanWriteFiles(r *context.Repository) bool {
return r.Permission.CanWrite(models.UnitTypeCode) && !r.Repository.IsMirror && !r.Repository.IsArchived
}
Therefore HttpStatusForbidden or HttpBadRequest are the correct statuses not 404 nor 500.
@zeripath pleace adjust Tests:
|
@zeripath send fix for this pr: zeripath#3 |
* fix TESTS * leafe a note for fututre
@zeripath sorry missed to remove unused imports: zeripath#4 |
Signed-off-by: Andrew Thornton <art27@cantab.net>
@6543 just fixed it. |
It just takes no end :/ |
It appears the whole test just needs rewriting unfortunately. This is why I prefer declarative tests which say what they're doing - much easier to write, add to and change. |
@zeripath can you apply my latest suggestion and update branch afterwards? |
Co-Authored-By: 6543 <6543@obermui.de>
worked 🎉 - so its ready to merge 🚀 |
Ping LG-TM |
* Return 404 on not exist * swagger update and use git.IsErrNotExist * Handle delete too * Handle delete too x2 * Fix pr 10323 (go-gitea#3) * fix TESTS * leafe a note for fututre * placate golangci-lint Signed-off-by: Andrew Thornton <art27@cantab.net> * Update integrations/api_repo_file_delete_test.go Co-Authored-By: 6543 <6543@obermui.de> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
This may technically be a breaking change but I think the current API is wrong enough that we should be returning 404.