From b20be0f71f3ebc5c1aaf4c80b666275647c6aa84 Mon Sep 17 00:00:00 2001
From: Robert Title <rtitle@broadinstitute.org>
Date: Thu, 5 Sep 2024 10:53:37 -0400
Subject: [PATCH] Use SamException

---
 .../dsde/workbench/leonardo/dao/sam/SamException.scala   | 3 +++
 .../workbench/leonardo/dao/sam/SamServiceInterp.scala    | 9 ++++++++-
 .../dsde/workbench/leonardo/model/LeoException.scala     | 1 -
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/dao/sam/SamException.scala b/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/dao/sam/SamException.scala
index 6feb199ab00..ca4a758be15 100644
--- a/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/dao/sam/SamException.scala
+++ b/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/dao/sam/SamException.scala
@@ -30,6 +30,9 @@ object SamException {
       traceId
     )
 
+  def create(message: String, code: Int, traceId: TraceId): SamException =
+    new SamException(message, code, null, traceId)
+
   /**
    * Extracts a useful message from a Sam client ApiException.
    *
diff --git a/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/dao/sam/SamServiceInterp.scala b/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/dao/sam/SamServiceInterp.scala
index f70971730b0..f3f0fa6266d 100644
--- a/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/dao/sam/SamServiceInterp.scala
+++ b/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/dao/sam/SamServiceInterp.scala
@@ -1,5 +1,6 @@
 package org.broadinstitute.dsde.workbench.leonardo.dao.sam
 
+import akka.http.scaladsl.model.StatusCodes
 import cats.effect.Async
 import cats.mtl.Ask
 import cats.syntax.all._
@@ -182,7 +183,13 @@ class SamServiceInterp[F[_]](apiClientProvider: SamApiClientProvider[F],
     ctx <- ev.ask
     isAuthorized <- isAuthorized(bearerToken, samResourceId, action)
     userEmail <- getUserEmail(bearerToken)
-    _ <- F.raiseWhen(!isAuthorized)(ForbiddenError(userEmail, Some(ctx.traceId)))
+    _ <- F.raiseWhen(!isAuthorized)(
+      SamException.create(
+        s"User $userEmail is not authorized to perform action $action on ${samResourceId.resourceType} ${samResourceId.resourceId}",
+        StatusCodes.Forbidden.intValue,
+        ctx.traceId
+      )
+    )
     _ <- logger.info(ctx.loggingCtx)(
       s"User $userEmail is authorized to $action ${samResourceId.resourceType} ${samResourceId.resourceId}"
     )
diff --git a/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/model/LeoException.scala b/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/model/LeoException.scala
index 420bcb804b7..4a7d2118972 100644
--- a/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/model/LeoException.scala
+++ b/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/model/LeoException.scala
@@ -44,7 +44,6 @@ final case class AuthenticationError(email: Option[WorkbenchEmail] = None, extra
     )
     with NoStackTrace
 
-// TODO fix message
 case class ForbiddenError(email: WorkbenchEmail, traceId: Option[TraceId] = None)
     extends LeoException(
       s"${email.value} is unauthorized. " +