Part of story #26799 associate a Tuleap project and a GitLab group How to test: if you call either POST or PATCH gitlab_groups, - with a non-existing project ID, you will get a 404 error - with a user that is not git administrator, you will get a 403 error (insteand of 401) No other functional change expected. Notes: 401 error is named "Unauthorized" but would more accurately be named "Unauthenticated" [0]. It really means "Who are you ? I don't know you". Some clients (like our API explorer) will show a login prompt when they get a 401 error code. In our code, we would respond 401 when a user is not Git Administrator, but it is incorrect: they are already logged in, entering their credentials again isn't going to grant them more permissions. In Tuleap terms, code 401 should only be used when a user is anonymous and calls a route that requires logging in. Code 403 is more precise, it means "You don't have permission" [1]. I also took this opportunity to use Faults to represent these "problems". We should try to avoid binding too much our code to Restler's RestExceptions. I know it is not hexagonal architecture, but nonetheless I feel like we are too much coupled to REST in what should be "sort-of domain" code. [0]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/401 [1]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403 Change-Id: I6b10b2d9cbc5cb6017a47d9056f2c0645f987791

+567 −94

Author

Joris MASSON (jmasson) 2022-09-23 11:40

Committer

Joris MASSON (jmasson) 2022-09-26 18:03

Hash 617400c77d167f7a738cdb674f283c4f765ece88

Parent 2297169832ac4c58429fc2a03521a1ac9579d4ee

Reference git #tuleap/stable/617400c77d167f7a738cdb674f283c4f765ece88