Should other response than 403 be used for forbidden access due to db problem #331
Labels
db
Issues related to database connection, migration or data models
enhancement
Improvements in term of performance or behaviour
investigate
Issue or new component that needs further exploration
question
Milestone
Comments
fmigneault
added
enhancement
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Searching for
HTTPForbiddenin the code, we can find quite a lot of references to this error being raised in case of errors related to database access (eg: failing to fetch user groups of a user, although the user is valid an authorized).This error code can be misleading as the user is technically allowed access to the resource in these kind of situations, but cannot do anything to address it as the problem is internal. Due to this, it would be better to return an 500 code.
On the other hand, 500 errors have been very useful to indicate that something odd happened in Magpie's implementation. Therefore, these error messages should be even further improved to explicitly indicate the kind of 500 error. Probably an additional keyword indicating "error-type" in the response content could be integrated in handlers: https://github.com/Ouranosinc/Magpie/blob/master/magpie/api/exception.py
The text was updated successfully, but these errors were encountered: