Use SamException

DataBiosphere · Sep 5, 2024 · b20be0f · b20be0f
1 parent 407c71a
commit b20be0f
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 2 deletions.
diff --git a/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/dao/sam/SamException.scala b/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/dao/sam/SamException.scala
@@ -30,6 +30,9 @@ object SamException {
       traceId
     )
 
+  def create(message: String, code: Int, traceId: TraceId): SamException =
+    new SamException(message, code, null, traceId)
+
   /**
    * Extracts a useful message from a Sam client ApiException.
    *

diff --git a/.../src/main/scala/org/broadinstitute/dsde/workbench/leonardo/dao/sam/SamServiceInterp.scala b/.../src/main/scala/org/broadinstitute/dsde/workbench/leonardo/dao/sam/SamServiceInterp.scala
@@ -1,5 +1,6 @@
 package org.broadinstitute.dsde.workbench.leonardo.dao.sam
 
+import akka.http.scaladsl.model.StatusCodes
 import cats.effect.Async
 import cats.mtl.Ask
 import cats.syntax.all._
@@ -182,7 +183,13 @@ class SamServiceInterp[F[_]](apiClientProvider: SamApiClientProvider[F],
     ctx <- ev.ask
     isAuthorized <- isAuthorized(bearerToken, samResourceId, action)
     userEmail <- getUserEmail(bearerToken)
-    _ <- F.raiseWhen(!isAuthorized)(ForbiddenError(userEmail, Some(ctx.traceId)))
+    _ <- F.raiseWhen(!isAuthorized)(
+      SamException.create(
+        s"User $userEmail is not authorized to perform action $action on ${samResourceId.resourceType} ${samResourceId.resourceId}",
+        StatusCodes.Forbidden.intValue,
+        ctx.traceId
+      )
+    )
     _ <- logger.info(ctx.loggingCtx)(
       s"User $userEmail is authorized to $action ${samResourceId.resourceType} ${samResourceId.resourceId}"
     )

diff --git a/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/model/LeoException.scala b/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/model/LeoException.scala
@@ -44,7 +44,6 @@ final case class AuthenticationError(email: Option[WorkbenchEmail] = None, extra
     )
     with NoStackTrace
 
-// TODO fix message
 case class ForbiddenError(email: WorkbenchEmail, traceId: Option[TraceId] = None)
     extends LeoException(
       s"${email.value} is unauthorized. " +
-Original file line number
+Diff line change
@@ Expand Up / @@ -30,6 +30,9 @@ object SamException { @@
           traceId
         )
+      def create(message: String, code: Int, traceId: TraceId): SamException =
+        new SamException(message, code, null, traceId)
       /**
        * Extracts a useful message from a Sam client ApiException.
        *
@@ Expand Down @@