Set Tag Authorization error as 403 error code

datahub-project · Aug 18, 2023 · 5067773 · 5067773
1 parent 0da4478
commit 5067773
Show file tree

Hide file tree

Showing 8 changed files with 11 additions and 34 deletions.
diff --git a/...ql-core/src/main/java/com/linkedin/datahub/graphql/exception/DataHubGraphQLErrorCode.java b/...ql-core/src/main/java/com/linkedin/datahub/graphql/exception/DataHubGraphQLErrorCode.java
@@ -4,7 +4,6 @@ public enum DataHubGraphQLErrorCode {
   BAD_REQUEST(400),
   UNAUTHORIZED(403),
   NOT_FOUND(404),
-  UNAUTHORIZED_TAG_ERROR(405),
   SERVER_ERROR(500);
 
   private final int _code;

diff --git a/...-core/src/main/java/com/linkedin/datahub/graphql/exception/TagAuthorizationException.java b/...-core/src/main/java/com/linkedin/datahub/graphql/exception/TagAuthorizationException.java
diff --git a/...phql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/mutate/AddTagResolver.java b/...phql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/mutate/AddTagResolver.java
@@ -6,7 +6,6 @@
 import com.linkedin.common.urn.Urn;
 import com.linkedin.datahub.graphql.QueryContext;
 import com.linkedin.datahub.graphql.exception.AuthorizationException;
-import com.linkedin.datahub.graphql.exception.TagAuthorizationException;
 import com.linkedin.datahub.graphql.generated.ResourceRefInput;
 import com.linkedin.datahub.graphql.generated.TagAssociationInput;
 import com.linkedin.datahub.graphql.resolvers.mutate.util.LabelUtils;
@@ -37,7 +36,7 @@ public CompletableFuture<Boolean> get(DataFetchingEnvironment environment) throw
     }
 
     if (!LabelUtils.isAuthorizedToAssociateTag(environment.getContext(), tagUrn)) {
-      throw new TagAuthorizationException("Only users granted permission to this tag can assign or remove it");
+      throw new AuthorizationException("Only users granted permission to this tag can assign or remove it");
     }
 
     return CompletableFuture.supplyAsync(() -> {

diff --git a/...hql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/mutate/AddTagsResolver.java b/...hql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/mutate/AddTagsResolver.java
@@ -7,7 +7,6 @@
 import com.linkedin.common.urn.UrnUtils;
 import com.linkedin.datahub.graphql.QueryContext;
 import com.linkedin.datahub.graphql.exception.AuthorizationException;
-import com.linkedin.datahub.graphql.exception.TagAuthorizationException;
 import com.linkedin.datahub.graphql.generated.AddTagsInput;
 import com.linkedin.datahub.graphql.generated.ResourceRefInput;
 import com.linkedin.datahub.graphql.resolvers.mutate.util.LabelUtils;
@@ -46,7 +45,7 @@ public CompletableFuture<Boolean> get(DataFetchingEnvironment environment) throw
 
       tagUrns.forEach((tagUrn) -> {
         if (!LabelUtils.isAuthorizedToAssociateTag(environment.getContext(), tagUrn)) {
-          throw new TagAuthorizationException("Only users granted permission to this tag can assign or remove it");
+          throw new AuthorizationException("Only users granted permission to this tag can assign or remove it");
         }
       });
 

diff --git a/...ore/src/main/java/com/linkedin/datahub/graphql/resolvers/mutate/BatchAddTagsResolver.java b/...ore/src/main/java/com/linkedin/datahub/graphql/resolvers/mutate/BatchAddTagsResolver.java
@@ -4,7 +4,6 @@
 import com.linkedin.common.urn.UrnUtils;
 import com.linkedin.datahub.graphql.QueryContext;
 import com.linkedin.datahub.graphql.exception.AuthorizationException;
-import com.linkedin.datahub.graphql.exception.TagAuthorizationException;
 import com.linkedin.datahub.graphql.generated.BatchAddTagsInput;
 import com.linkedin.datahub.graphql.generated.ResourceRefInput;
 import com.linkedin.datahub.graphql.resolvers.mutate.util.LabelUtils;
@@ -123,7 +122,7 @@ private void validateTags(List<Urn> tagUrns, QueryContext context) {
       LabelUtils.validateLabel(tagUrn, Constants.TAG_ENTITY_NAME, _entityService);
 
       if (!LabelUtils.isAuthorizedToAssociateTag(context, tagUrn)) {
-        throw new TagAuthorizationException("Only users granted permission to this tag can assign or remove it");
+        throw new AuthorizationException("Only users granted permission to this tag can assign or remove it");
       }
     }
   }

diff --git a/.../src/main/java/com/linkedin/datahub/graphql/resolvers/mutate/BatchRemoveTagsResolver.java b/.../src/main/java/com/linkedin/datahub/graphql/resolvers/mutate/BatchRemoveTagsResolver.java
@@ -4,7 +4,6 @@
 import com.linkedin.common.urn.UrnUtils;
 import com.linkedin.datahub.graphql.QueryContext;
 import com.linkedin.datahub.graphql.exception.AuthorizationException;
-import com.linkedin.datahub.graphql.exception.TagAuthorizationException;
 import com.linkedin.datahub.graphql.generated.BatchRemoveTagsInput;
 import com.linkedin.datahub.graphql.generated.ResourceRefInput;
 import com.linkedin.datahub.graphql.resolvers.mutate.util.LabelUtils;
@@ -57,7 +56,7 @@ public CompletableFuture<Boolean> get(DataFetchingEnvironment environment) throw
   private void validateTags(List<Urn> tagUrns, QueryContext context) {
     for (Urn tagUrn : tagUrns) {
       if (!LabelUtils.isAuthorizedToAssociateTag(context, tagUrn)) {
-        throw new TagAuthorizationException("Only users granted permission to this tag can assign or remove it");
+        throw new AuthorizationException("Only users granted permission to this tag can assign or remove it");
       }
     }
   }

diff --git a/...l-core/src/main/java/com/linkedin/datahub/graphql/resolvers/mutate/RemoveTagResolver.java b/...l-core/src/main/java/com/linkedin/datahub/graphql/resolvers/mutate/RemoveTagResolver.java
@@ -5,7 +5,6 @@
 import com.linkedin.common.urn.Urn;
 import com.linkedin.datahub.graphql.QueryContext;
 import com.linkedin.datahub.graphql.exception.AuthorizationException;
-import com.linkedin.datahub.graphql.exception.TagAuthorizationException;
 import com.linkedin.datahub.graphql.generated.ResourceRefInput;
 import com.linkedin.datahub.graphql.generated.TagAssociationInput;
 import com.linkedin.datahub.graphql.resolvers.mutate.util.LabelUtils;
@@ -35,7 +34,7 @@ public CompletableFuture<Boolean> get(DataFetchingEnvironment environment) throw
       throw new AuthorizationException("Unauthorized to perform this action. Please contact your DataHub administrator.");
     }
     if (!LabelUtils.isAuthorizedToAssociateTag(environment.getContext(), tagUrn)) {
-      throw new TagAuthorizationException("Only users granted permission to this tag can assign or remove it");
+      throw new AuthorizationException("Only users granted permission to this tag can assign or remove it");
     }
 
     return CompletableFuture.supplyAsync(() -> {

diff --git a/datahub-web-react/src/app/entity/shared/utils.ts b/datahub-web-react/src/app/entity/shared/utils.ts
@@ -139,19 +139,18 @@ function getGraphqlErrorCode(e) {
 
 export const handleBatchError = (urns, e, defaultMessage) => {
     if (urns.length > 1 && getGraphqlErrorCode(e) === 403) {
+        if (e.message === 'Only users granted permission to this tag can assign or remove it') {
+            return {
+                content: `${e.message}. The bulk edit being performed will not be saved.`,
+                duration: 3,
+            };
+        }
         return {
             content:
                 'Your bulk edit selection included entities that you are unauthorized to update. The bulk edit being performed will not be saved.',
             duration: 3,
         };
     }
-    if (urns.length > 1 && getGraphqlErrorCode(e) === 405) {
-        return {
-            content:
-                'Only users granted permission to this tag can assign or remove it. The bulk edit being performed will not be saved. ',
-            duration: 3,
-        };
-    }
     return defaultMessage;
 };