liz/PluralKit
liz/PluralKit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(api): 403 instead of 401 on API v1 member routes

Browse Source
This commit is contained in:
spiral 2022-02-05 09:37:18 -05:00
parent 375758206e
commit f13c60a841
No known key found for this signature in database
GPG Key ID: A6059F0CA0E1BD31
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
PluralKit.API/Controllers/v1/MemberController.cs
View File

@ -84,7 +84,7 @@ public class MemberController: ControllerBase
if (member == null) return NotFound("Member not found."); if (member == null) return NotFound("Member not found.");
var res = await _auth.AuthorizeAsync(User, member, "EditMember"); var res = await _auth.AuthorizeAsync(User, member, "EditMember");
if (!res.Succeeded) return Unauthorized($"Member '{hid}' is not part of your system."); if (!res.Succeeded) return StatusCode(StatusCodes.Status403Forbidden, $"Member '{hid}' is not part of your system.");
var patch = MemberPatch.FromJSON(changes); var patch = MemberPatch.FromJSON(changes);
@ -112,7 +112,7 @@ public class MemberController: ControllerBase
if (member == null) return NotFound("Member not found."); if (member == null) return NotFound("Member not found.");
var res = await _auth.AuthorizeAsync(User, member, "EditMember"); var res = await _auth.AuthorizeAsync(User, member, "EditMember");
if (!res.Succeeded) return Unauthorized($"Member '{hid}' is not part of your system."); if (!res.Succeeded) return StatusCode(StatusCodes.Status403Forbidden, $"Member '{hid}' is not part of your system.");
await _repo.DeleteMember(member.Id); await _repo.DeleteMember(member.Id);
return Ok(); return Ok();