mhoppa commented on a change in pull request #4059: return 403 when unauthorized user assigns/deletes ds required capability URL: https://github.com/apache/trafficcontrol/pull/4059#discussion_r341685615
########## File path: traffic_ops/traffic_ops_golang/deliveryservice/deliveryservices_required_capabilities.go ########## @@ -219,22 +219,51 @@ func (rc *RequiredCapability) getCapabilities(tenantIDs []int) ([]tc.DeliverySer // Delete implements the api.CRUDer interface. func (rc *RequiredCapability) Delete() (error, error, int) { authorized, err := rc.isTenantAuthorized() - if err != nil { - return nil, errors.New("checking tenant: " + err.Error()), http.StatusInternalServerError - } else if !authorized { + if !authorized { return errors.New("not authorized on this tenant"), nil, http.StatusForbidden + } else if err != nil { + return nil, fmt.Errorf("checking authorization for existing DS ID: %s" + err.Error()), http.StatusInternalServerError + } + + // Check if the Delivery Service is associated with the Required Capability + statusCode, err := rc.exists() + if err != nil { + return err, nil, statusCode } return api.GenericDelete(rc) } +// exists checks to see if a required capability is assigned to a delivery service +func (rc *RequiredCapability) exists() (int, error) { Review comment: Is this not caught by https://github.com/apache/trafficcontrol/blob/master/traffic_ops/traffic_ops_golang/api/generic_crud.go#L169? is this just to clean up the error message? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services