Throw AccessForbiddenException and use GlobalExceptionHadler instead

cBioPortal · Jun 26, 2024 · c27cf33 · c27cf33
1 parent d8e78fb
commit c27cf33
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 3 deletions.
diff --git a/src/main/java/org/cbioportal/service/exception/AccessForbiddenException.java b/src/main/java/org/cbioportal/service/exception/AccessForbiddenException.java
@@ -0,0 +1,7 @@
+package org.cbioportal.service.exception;
+
+public class AccessForbiddenException extends RuntimeException {
+    public AccessForbiddenException(String message) {
+        super(message);
+    }
+}
diff --git a/src/main/java/org/cbioportal/web/PublicVirtualStudiesController.java b/src/main/java/org/cbioportal/web/PublicVirtualStudiesController.java
@@ -6,6 +6,7 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import org.cbioportal.security.VirtualStudyPermissionService;
 import org.cbioportal.service.CancerTypeService;
+import org.cbioportal.service.exception.AccessForbiddenException;
 import org.cbioportal.service.exception.CancerTypeNotFoundException;
 import org.cbioportal.service.util.SessionServiceRequestHandler;
 import org.cbioportal.web.parameter.VirtualStudy;
@@ -94,7 +95,7 @@ public ResponseEntity<VirtualStudy> publishVirtualStudyData(
     ) {
         if (requiredPublisherApiKey.isBlank()
             || !requiredPublisherApiKey.equals(providedPublisherApiKey)) {
-            return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED);
+            throw new AccessForbiddenException("The provided publisher API key is not correct.");
         }
         VirtualStudyData virtualStudyDataToPublish = makeCopyForPublishing(virtualStudyData);
         if (typeOfCancerId != null) {
@@ -130,7 +131,7 @@ public ResponseEntity<VirtualStudy> publishVirtualStudy(
     ) {
         if (requiredPublisherApiKey.isBlank()
             || !requiredPublisherApiKey.equals(providedPublisherApiKey)) {
-            return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED);
+            throw new AccessForbiddenException("The provided publisher API key is not correct.");
         }
         ResponseEntity<VirtualStudy> responseEntity = getVirtualStudyById(id);
         HttpStatusCode statusCode = responseEntity.getStatusCode();
@@ -166,7 +167,7 @@ public ResponseEntity retractVirtualStudy(
     ) {
         if (requiredPublisherApiKey.isBlank()
             || !requiredPublisherApiKey.equals(providedPublisherApiKey)) {
-            return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED);
+            throw new AccessForbiddenException("The provided publisher API key is not correct.");
         }
         ResponseEntity<VirtualStudy> responseEntity = getVirtualStudyById(id);
         HttpStatusCode statusCode = responseEntity.getStatusCode();

diff --git a/src/main/java/org/cbioportal/web/error/GlobalExceptionHandler.java b/src/main/java/org/cbioportal/web/error/GlobalExceptionHandler.java
@@ -162,6 +162,12 @@ public ResponseEntity<ErrorResponse> handleDataAccessTokenProhibitedUserExceptio
         return new ResponseEntity<>(response, HttpStatus.UNAUTHORIZED);
     }
 
+    @ExceptionHandler(AccessForbiddenException.class)
+    public ResponseEntity<ErrorResponse> handleAccessForbiddenException() {
+        ErrorResponse response = new ErrorResponse("The access is forbidden.");
+        return new ResponseEntity<>(response, HttpStatus.UNAUTHORIZED);
+    }
+
     @ExceptionHandler(TokenNotFoundException.class)
     public ResponseEntity<ErrorResponse> handleTokenNotFoundException() {
         ErrorResponse response = new ErrorResponse("Specified token cannot be found");