dataverse icon indicating copy to clipboard operation
dataverse copied to clipboard
verified publisher icon IQSS

Incorrect API error response when forbidden

Open qqmyers opened this issue 1 year ago • 0 comments

What steps does it take to reproduce the issue? Discovered in code review of #10299: https://github.com/IQSS/dataverse/blob/develop/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java#L604 and probably https://github.com/IQSS/dataverse/blob/82585f91e2a4367b284350c2b8923387a507685e/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java#L797 result in 401/Unauthorized error codes rather than (the correct) 403/Forbidden.

  • When does this issue occur? ~Any API call resulting in a PermissionException in the underlying command when the user does not have sufficient permission.

Which version of Dataverse are you using? v6.1

qqmyers avatar Feb 23 '24 15:02 qqmyers