diff --git a/backend/src/baserow/core/registries.py b/backend/src/baserow/core/registries.py
index c480a84ed..86bf7afc0 100644
--- a/backend/src/baserow/core/registries.py
+++ b/backend/src/baserow/core/registries.py
@@ -12,6 +12,7 @@ from rest_framework.serializers import Serializer
from baserow.contrib.database.constants import IMPORT_SERIALIZED_IMPORTING
from baserow.core.utils import ChildProgressBuilder
+from baserow_enterprise.exceptions import SubjectTypeNotExist
from .exceptions import (
ApplicationTypeAlreadyRegistered,
@@ -628,6 +629,7 @@ class SubjectTypeRegistry(Registry[SubjectType], ModelRegistryMixin):
"""
name = "subject"
+ does_not_exist_exception_class = SubjectTypeNotExist
def get_serializer(self, model_instance, **kwargs) -> Serializer:
"""
diff --git a/enterprise/backend/src/baserow_enterprise/api/role/views.py b/enterprise/backend/src/baserow_enterprise/api/role/views.py
index 1b54e0a55..8eb2fd312 100644
--- a/enterprise/backend/src/baserow_enterprise/api/role/views.py
+++ b/enterprise/backend/src/baserow_enterprise/api/role/views.py
@@ -84,12 +84,26 @@ class RoleAssignmentsView(APIView):
"ERROR_REQUEST_BODY_VALIDATION",
]
),
+ 404: get_error_schema(
+ [
+ "ERROR_SCOPE_DOES_NOT_EXIST",
+ "ERROR_GROUP_DOES_NOT_EXIST",
+ "ERROR_OBJECT_SCOPE_TYPE_DOES_NOT_EXIST",
+ "ERROR_SUBJECT_TYPE_DOES_NOT_EXIST",
+ "ERROR_ROLE_DOES_NOT_EXIST",
+ ]
+ ),
},
)
@map_exceptions(
{
+ GroupDoesNotExist: ERROR_GROUP_DOES_NOT_EXIST,
UserNotInGroup: ERROR_USER_NOT_IN_GROUP,
+ ObjectScopeTypeDoesNotExist: ERROR_OBJECT_SCOPE_TYPE_DOES_NOT_EXIST,
+ SubjectTypeNotExist: ERROR_SUBJECT_TYPE_DOES_NOT_EXIST,
+ SubjectNotExist: ERROR_SUBJECT_DOES_NOT_EXIST,
ScopeNotExist: ERROR_SCOPE_DOES_NOT_EXIST,
+ RoleNotExist: ERROR_ROLE_DOES_NOT_EXIST,
}
)
@validate_body(CreateRoleAssignmentSerializer, return_validated=True)
diff --git a/enterprise/backend/tests/baserow_enterprise_tests/api/role/test_role_views.py b/enterprise/backend/tests/baserow_enterprise_tests/api/role/test_role_views.py
index d40335cd9..a9295218d 100644
--- a/enterprise/backend/tests/baserow_enterprise_tests/api/role/test_role_views.py
+++ b/enterprise/backend/tests/baserow_enterprise_tests/api/role/test_role_views.py
@@ -4,7 +4,12 @@ from django.shortcuts import reverse
from django.test.utils import override_settings
import pytest
-from rest_framework.status import HTTP_200_OK, HTTP_204_NO_CONTENT
+from rest_framework.status import (
+ HTTP_200_OK,
+ HTTP_204_NO_CONTENT,
+ HTTP_400_BAD_REQUEST,
+ HTTP_404_NOT_FOUND,
+)
from baserow.core.subjects import UserSubjectType
from baserow_enterprise.role.handler import RoleAssignmentHandler
@@ -139,6 +144,143 @@ def test_create_role_assignment(
assert role_assignment_user_2 is None
+def test_create_role_assignment_invalid_requests(api_client, data_fixture):
+ user, token = data_fixture.create_user_and_token()
+ user_2 = data_fixture.create_user()
+ user_3 = data_fixture.create_user()
+ group = data_fixture.create_group(user=user, members=[user_2])
+ group_2 = data_fixture.create_group()
+ role = Role.objects.get(uid="ADMIN")
+
+ url = reverse("api:enterprise:role:list", kwargs={"group_id": group.id})
+
+ response = api_client.post(
+ url,
+ data=json.dumps(
+ {
+ "scope_id": 9999,
+ "scope_type": "group",
+ "subject_id": user_2.id,
+ "subject_type": UserSubjectType.type,
+ "role": role.uid,
+ }
+ ),
+ content_type="application/json",
+ **{"HTTP_AUTHORIZATION": f"JWT {token}"},
+ )
+
+ assert response.status_code == HTTP_404_NOT_FOUND
+ assert response.json()["error"] == "ERROR_SCOPE_DOES_NOT_EXIST"
+
+ response = api_client.post(
+ url,
+ data=json.dumps(
+ {
+ "scope_id": group.id,
+ "scope_type": "nonsense",
+ "subject_id": user_2.id,
+ "subject_type": UserSubjectType.type,
+ "role": role.uid,
+ }
+ ),
+ content_type="application/json",
+ **{"HTTP_AUTHORIZATION": f"JWT {token}"},
+ )
+
+ assert response.status_code == HTTP_404_NOT_FOUND
+ assert response.json()["error"] == "ERROR_OBJECT_SCOPE_TYPE_DOES_NOT_EXIST"
+
+ response = api_client.post(
+ url,
+ data=json.dumps(
+ {
+ "scope_id": group.id,
+ "scope_type": "group",
+ "subject_id": 99999,
+ "subject_type": UserSubjectType.type,
+ "role": role.uid,
+ }
+ ),
+ content_type="application/json",
+ **{"HTTP_AUTHORIZATION": f"JWT {token}"},
+ )
+
+ assert response.status_code == HTTP_404_NOT_FOUND
+ assert response.json()["error"] == "ERROR_SUBJECT_DOES_NOT_EXIST"
+
+ response = api_client.post(
+ url,
+ data=json.dumps(
+ {
+ "scope_id": group.id,
+ "scope_type": "group",
+ "subject_id": user_2.id,
+ "subject_type": "nonsense",
+ "role": role.uid,
+ }
+ ),
+ content_type="application/json",
+ **{"HTTP_AUTHORIZATION": f"JWT {token}"},
+ )
+
+ assert response.status_code == HTTP_404_NOT_FOUND
+ assert response.json()["error"] == "ERROR_SUBJECT_TYPE_DOES_NOT_EXIST"
+
+ response = api_client.post(
+ url,
+ data=json.dumps(
+ {
+ "scope_id": group.id,
+ "scope_type": "group",
+ "subject_id": user_2.id,
+ "subject_type": UserSubjectType.type,
+ "role": 999999,
+ }
+ ),
+ content_type="application/json",
+ **{"HTTP_AUTHORIZATION": f"JWT {token}"},
+ )
+
+ assert response.status_code == HTTP_404_NOT_FOUND
+ assert response.json()["error"] == "ERROR_ROLE_DOES_NOT_EXIST"
+
+ response = api_client.post(
+ reverse("api:enterprise:role:list", kwargs={"group_id": group_2.id}),
+ data=json.dumps(
+ {
+ "scope_id": group_2.id,
+ "scope_type": "group",
+ "subject_id": user_3.id,
+ "subject_type": UserSubjectType.type,
+ "role": role.uid,
+ }
+ ),
+ content_type="application/json",
+ **{"HTTP_AUTHORIZATION": f"JWT {token}"},
+ )
+
+ assert response.status_code == HTTP_400_BAD_REQUEST
+ assert response.json()["error"] == "ERROR_USER_NOT_IN_GROUP"
+
+ response = api_client.post(
+ reverse("api:enterprise:role:list", kwargs={"group_id": 999999}),
+ data=json.dumps(
+ {
+ "scope_id": group.id,
+ "scope_type": "group",
+ "subject_id": user_2.id,
+ "subject_type": UserSubjectType.type,
+ "role": role.uid,
+ }
+ ),
+ content_type="application/json",
+ **{"HTTP_AUTHORIZATION": f"JWT {token}"},
+ )
+
+ assert response.status_code == HTTP_404_NOT_FOUND
+ assert response.json()["error"] == "ERROR_GROUP_DOES_NOT_EXIST"
+
+
@pytest.mark.django_db
@override_settings(DEBUG=True)
def test_get_role_assignments_group_level(data_fixture, api_client):