Skip to content

🐛Update items.py to return status code 403 in case of insufficient permissions #1543

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

🐛Update items.py to return status code 403 in case of insufficient permissions #1543

wants to merge 2 commits into from
+6 −6

Conversation

jpizquierdo
Copy link
Contributor

Change error 400 to error 403 when not enough permissions when requesting items. I think it is better a 403 than a 400 (bad request).

@jpizquierdo
Update items.py
50006b7 
Change error 400 to error 403 when not enough permissions when requesting items
@jpizquierdo
Update test_items.py
03dcab0 
updated tests
YuriiMotov
YuriiMotov approved these changes Sep 3, 2025
View reviewed changes
Copy link

@YuriiMotov YuriiMotov left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

For users we already return status code 403

full-stack-fastapi-template/backend/app/api/routes/users.py

Lines 168 to 172 in 8af907c

if not current_user.is_superuser:
raise HTTPException(
status_code=403,
detail="The user doesn't have enough privileges",
)

@jpizquierdo, thanks!

I think we don't need to change frontend to reflect these changes right now - users only see items they have access to, so they will not be able to send invalid request.

But in general we should probably discuss the way 403 errors are handled by frontend. For now UI will remove the access token and ask user to login.

@YuriiMotov YuriiMotov changed the title 🐛Update items.py "not enough permission" from error code 400 to error code 403 🐛Update items.py to return status code 403 in case of insufficient permissions Sep 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@YuriiMotov YuriiMotov YuriiMotov approved these changes

+1 more reviewer

@Chikimuras Chikimuras Chikimuras approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
refactor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jpizquierdo @Chikimuras @YuriiMotov @alejsdev