mhoppa commented on a change in pull request #4059: return 403 when
unauthorized user assigns/deletes ds required capability
URL: https://github.com/apache/trafficcontrol/pull/4059#discussion_r341685615
##########
File path:
traffic_ops/traffic_ops_golang/deliveryservice/deliveryservices_required_capabilities.go
##########
@@ -219,22 +219,51 @@ func (rc *RequiredCapability) getCapabilities(tenantIDs
[]int) ([]tc.DeliverySer
// Delete implements the api.CRUDer interface.
func (rc *RequiredCapability) Delete() (error, error, int) {
authorized, err := rc.isTenantAuthorized()
- if err != nil {
- return nil, errors.New("checking tenant: " + err.Error()),
http.StatusInternalServerError
- } else if !authorized {
+ if !authorized {
return errors.New("not authorized on this tenant"), nil,
http.StatusForbidden
+ } else if err != nil {
+ return nil, fmt.Errorf("checking authorization for existing DS
ID: %s" + err.Error()), http.StatusInternalServerError
+ }
+
+ // Check if the Delivery Service is associated with the Required
Capability
+ statusCode, err := rc.exists()
+ if err != nil {
+ return err, nil, statusCode
}
return api.GenericDelete(rc)
}
+// exists checks to see if a required capability is assigned to a delivery
service
+func (rc *RequiredCapability) exists() (int, error) {
Review comment:
Is this not caught by
https://github.com/apache/trafficcontrol/blob/master/traffic_ops/traffic_ops_golang/api/generic_crud.go#L169?
is this just to clean up the error message?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
