Improve API error messages when using is_default field on taxonomy resources
#5147
Conversation
…fault field on taxonomy resources
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎ 1 Skipped Deployment
|
|
Test summaryRun details
This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Cloud |
| detail = { | ||
| "error": "user does not have permission to modify", |
There was a problem hiding this comment.
This was the main issue - this error message couldn't be overridden with anything more relevant to more specific types of 403 errors.
| "resource_type": resource_type, | ||
| "fides_key": fides_key, | ||
| } | ||
| super().__init__(status.HTTP_403_FORBIDDEN, detail=detail) | ||
|
|
||
|
|
||
| class ForbiddenIsDefaultTaxonomyError(ForbiddenError): |
There was a problem hiding this comment.
Added this as an explicit way to encapsulate these types of "is default" logic errors and provide a more useful message.
| self, | ||
| resource_type: str, | ||
| fides_key: str, | ||
| action: str = "modify", |
There was a problem hiding this comment.
This overcomplicates it a bit so that the error message says either "cannot modify", "cannot create", "cannot delete", etc.. I only did this as a bit of Python practice, to be honest.
| error_message: str = None, | ||
| ) -> None: | ||
| error = ( | ||
| error_message or f"cannot {action} a resource where 'is_default' is true" |
There was a problem hiding this comment.
The error_message or <template string> allows providing an explicit error_message argument here. I use that in one place where the error is actually more subtle- we prevent the ability to modify is_default on a resource that already exists.
tests/ctl/core/test_api.py
Outdated
| print(f"result object: {result}") | ||
| print(f"result json: {result.json()}") |
There was a problem hiding this comment.
Doh, should have removed these. Going to wait for the tests to finish running in CI, then will delete.
| error = ( | ||
| error_message or f"cannot {action} a resource where 'is_default' is true" | ||
| ) | ||
| super().__init__( |
There was a problem hiding this comment.
OK good, thanks. This was a bit of Python practice 👍
|
Test summaryRun details
This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Cloud |
Description Of Changes
Today we throw a generic 403 error for a variety of edits which make it look like the user is lacking sufficient permissions, but in reality it is that they are forbidden from editing the
is_defaultfield on a resource (e.g.DataUse,DataCategory).Current Error Message
For example, we had a user report this unexpected error: they called the
/api/v1/data_category/upsertAPI with this body:Which returns this error:
New Error Message
As you can see above, the message is confusing - the error actually isn't that the user is lacking permission, it's that the user is trying to create a resource with
is_default: true, which we never allow.With this change, the error looks like this instead:
There are some slight variations on those messages for deleting/editing/etc.
Code Changes
ForbiddenIsDefaultTaxonomyErrorerror type with more user-friendly error messagestest_api.pyintegration tests to assert on better error messagesForbiddenIsDefaultTaxonomyErrorerror in the various code paths that were throwing generic 403s due tois_defaultrejectionsSteps to Confirm
Pre-Merge Checklist
[ ] documentation complete, PR opened in fidesdocs[ ] documentation issue created in fidesdocs[ ] if there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registryCHANGELOG.md[ ] For API changes, the Postman collection has been updated[ ] Ensure that your downrev is up to date with the latest revision onmain[ ] Ensure that yourdowngrade()migration is correct and works[ ] If a downgrade migration is not possible for this change, please call this out in the PR description!