revert PUT API changes; attempt to fix test

broadinstitute · Sep 11, 2024 · 20c89c9 · 20c89c9
1 parent b5a0f34
commit 20c89c9
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 7 deletions.
diff --git a/src/main/scala/org/broadinstitute/dsde/agora/server/business/PermissionBusiness.scala b/src/main/scala/org/broadinstitute/dsde/agora/server/business/PermissionBusiness.scala
@@ -127,11 +127,6 @@ class PermissionBusiness(permissionsDataSource: PermissionsDataSource) {
           batchEntityPermission(entity, requester, listAccessControl) map { _ =>
             EntityAccessControl(entity, listAccessControl, None)
           } recover {
-            // For unauthorized access return entity information that was already in the request and empty ACLs values.
-            // This meets previous response expectations, keeps response schema similar to POST API and fixes the
-            // issue mentioned in https://broadworkbench.atlassian.net/browse/WX-1764.
-            case aeae: AgoraEntityAuthorizationException =>
-              EntityAccessControl(entity, Seq.empty[AccessControl], Some(aeae.getMessage))
             case e:Exception =>
               EntityAccessControl(entity, listAccessControl, Some(e.getMessage))
           }

diff --git a/...est/scala/org/broadinstitute/dsde/agora/server/webservice/PermissionIntegrationSpec.scala b/...est/scala/org/broadinstitute/dsde/agora/server/webservice/PermissionIntegrationSpec.scala
@@ -370,7 +370,9 @@ class PermissionIntegrationSpec extends AnyFlatSpec with ScalatestRouteTest with
           val stubEntity = AgoraEntity(agoraEntity2.namespace, agoraEntity2.name, agoraEntity2.snapshotId)
           val found = entityAclList.find(_.entity.toShortString == stubEntity.toShortString)
           assert(found.isDefined, "second")
-          assertResult(Set(owner2.get), "second") {found.get.entity.managers.toSet}
+          assert(found.get.entity.managers.isEmpty, "second") // since user doesn't have permission they shouldn't see additional information about method
+          assert(found.get.message.isDefined, "second")
+          assert(found.get.message.get.contains("Authorization exception for user"), "second")
         }
         // check third - it doesn't exist in the db
         {
@@ -434,7 +436,8 @@ class PermissionIntegrationSpec extends AnyFlatSpec with ScalatestRouteTest with
           val stubEntity = AgoraEntity(agoraEntity2.namespace, agoraEntity2.name, agoraEntity2.snapshotId)
           val found = entityAclList.find(_.entity.toShortString == stubEntity.toShortString)
           assert(found.isDefined, "second")
-          assertResult(Some(true)) {found.get.entity.public}
+          assert(found.get.entity.public.isEmpty, "second") // since user doesn't have permission they shouldn't see additional information about method
+          assert(found.get.message.get.contains("Authorization exception for user"), "second")
         }
         // check third - it doesn't exist in the db
         {