Add forbidden and unautherized to all endpoint swagger docs (#5990)

Co-authored-by: Ruben <vandervalk@geoit.nl>

services/121-service/src/financial-service-providers/financial-service-provider.controller.ts

@@ -114,10 +114,6 @@ export class FinancialServiceProvidersController {
     description: 'FSP attribute created',
     type: FspQuestionEntity,
   })
-  @ApiResponse({
-    status: HttpStatus.FORBIDDEN,
-    description: 'Attribute with given name already exists for given FSP',
-  })
   @ApiResponse({
     status: HttpStatus.NOT_FOUND,
     description: 'No Financial Service Provicer found with given id',

services/121-service/src/guards/authenticated-user.decorator.ts

@@ -1,4 +1,5 @@
-import { SetMetadata } from '@nestjs/common';
+import { applyDecorators, HttpStatus, SetMetadata } from '@nestjs/common';
+import { ApiResponse } from '@nestjs/swagger';
 
 import { PermissionEnum } from '@121-service/src/user/enum/permission.enum';
 
@@ -9,10 +10,20 @@ export interface AuthenticatedUserParameters {
   readonly isGuarded?: boolean;
 }
 
-export const AuthenticatedUser = (
-  parameters?: AuthenticatedUserParameters,
-): ReturnType<typeof SetMetadata> =>
-  SetMetadata('authenticationParameters', {
-    ...parameters,
-    isGuarded: true,
-  });
+export const AuthenticatedUser = (parameters?: AuthenticatedUserParameters) => {
+  return applyDecorators(
+    SetMetadata('authenticationParameters', {
+      ...parameters,
+      isGuarded: true,
+    }),
+    ApiResponse({
+      status: HttpStatus.FORBIDDEN,
+      description:
+        'User does not have the right permission to access this endpoint.',
+    }),
+    ApiResponse({
+      status: HttpStatus.UNAUTHORIZED,
+      description: 'Not authenticated.',
+    }),
+  );
+};

services/121-service/src/notes/notes.controller.ts

@@ -38,10 +38,6 @@ export class NoteController {
     description:
       'Created new note for registration - NOTE: this endpoint is scoped, depending on program configuration it only returns/modifies data the logged in user has access to.',
   })
-  @ApiResponse({
-    status: HttpStatus.UNAUTHORIZED,
-    description: 'No user detectable from cookie or no cookie present',
-  })
   @ApiResponse({
     status: HttpStatus.NOT_FOUND,
     description:

services/121-service/src/programs/fsp-configuration/fsp-configuration.controller.ts

@@ -58,7 +58,6 @@ export class ProgramFspConfigurationController {
       'The programFspConfigurationEntity has been successfully created.',
   })
   @ApiResponse({ status: HttpStatus.BAD_REQUEST, description: 'Bad request.' })
-  @ApiResponse({ status: HttpStatus.FORBIDDEN, description: 'Forbidden.' })
   @Post(':programId/fsp-configuration')
   public async create(
     @Body() programFspConfigurationData: CreateProgramFspConfigurationDto,
@@ -85,7 +84,6 @@ export class ProgramFspConfigurationController {
       'The programFspConfigurationEntity has been successfully updated.',
   })
   @ApiResponse({ status: HttpStatus.BAD_REQUEST, description: 'Bad request.' })
-  @ApiResponse({ status: HttpStatus.FORBIDDEN, description: 'Forbidden.' })
   @Put(':programId/fsp-configuration/:programFspConfigurationId')
   public async update(
     @Body() programFspConfigurationData: UpdateProgramFspConfigurationDto,
@@ -115,7 +113,6 @@ export class ProgramFspConfigurationController {
       'The programFspConfigurationEntity has been successfully updated.',
   })
   @ApiResponse({ status: HttpStatus.BAD_REQUEST, description: 'Bad request.' })
-  @ApiResponse({ status: HttpStatus.FORBIDDEN, description: 'Forbidden.' })
   @Delete(':programId/fsp-configuration/:programFspConfigurationId')
   public async delete(
     @Param('programId', ParseIntPipe)

services/121-service/src/programs/programs.controller.ts

@@ -108,9 +108,6 @@ export class ProgramController {
   @ApiResponse({
     status: HttpStatus.BAD_REQUEST,
   })
-  @ApiResponse({
-    status: HttpStatus.FORBIDDEN,
-  })
   @ApiQuery({
     name: 'importFromKobo',
     required: false,
@@ -200,9 +197,6 @@ You can also leave the body empty.`,
     required: true,
     type: 'integer',
   })
-  @ApiResponse({
-    status: HttpStatus.FORBIDDEN,
-  })
   @Delete(':programId')
   public async delete(
     @Param('programId', ParseIntPipe)

services/121-service/src/registration/registrations.controller.ts

@@ -437,10 +437,6 @@ export class RegistrationsController {
     description:
       'Return registrations that match the exact phone-number - NOTE: this endpoint is scoped, depending on program configuration it only returns/modifies data the logged in user has access to.',
   })
-  @ApiResponse({
-    status: HttpStatus.UNAUTHORIZED,
-    description: 'No user detectable from cookie or no cookie present',
-  })
   @ApiQuery({
     name: 'phonenumber',
     required: true,

services/121-service/src/user/user.controller.ts

@@ -244,10 +244,6 @@ export class UserController {
     description: 'Changed password of user',
     type: UpdateUserDto,
   })
-  @ApiResponse({
-    status: HttpStatus.UNAUTHORIZED,
-    description: 'No user detectable from cookie or no cookie present',
-  })
   public async update(
     @Body() userPasswordData: UpdateUserPasswordDto,
   ): Promise<any> {
@@ -279,10 +275,6 @@ export class UserController {
     status: HttpStatus.OK,
     description: 'User returned',
   })
-  @ApiResponse({
-    status: HttpStatus.UNAUTHORIZED,
-    description: 'No user detectable from cookie or no cookie present',
-  })
   public async findMe(@Req() req): Promise<UserRO> {
     if (!req.user || !req.user.username) {
       const errors = `No user detectable from cookie or no cookie present'`;