Merge pull request #87 from jsperhac/fix-framework-authorize-exceptions

Fixed exception instantiations in BaseControllerProvider
ubccr · Apr 6, 2017 · 97e5016 · 97e5016
2 parents 4c465bb + 150f611
commit 97e5016
Showing 1 changed file with 9 additions and 7 deletions.
diff --git a/classes/NewRest/Controllers/BaseControllerProvider.php b/classes/NewRest/Controllers/BaseControllerProvider.php
@@ -11,9 +11,8 @@
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpFoundation\ResponseHeaderBag;
 use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
-use DataWarehouse\Query\Exceptions\AccessDeniedException;
+use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
-use Symfony\Component\HttpKernel\Exception\HttpException;
 use Symfony\Component\Routing\Exception\MissingMandatoryParametersException;
 
 /**
@@ -223,7 +222,8 @@ protected function _parseRestArguments(Request $request, $requiredParams = array
      *                         missing.
      * @return \Symfony\Component\HttpFoundation\JsonResponse if and only if
      *                         the user is missing a token or an ip.
-     * @throws AccessDeniedException
+     *
+     * @throws Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException
      */
     public static function authenticate(Request $request, Application $app)
     {
@@ -234,7 +234,7 @@ public static function authenticate(Request $request, Application $app)
 
         $user = Authentication::authenticateUser($request);
         if ($user === null) {
-            throw new AccessDeniedException('You must be logged in to access this endpoint.', 401);
+            throw new UnauthorizedHttpException('xdmod', 'You must be logged in to access this endpoint.'); // 401 from framework
         } else {
             $request->attributes->set(BaseControllerProvider::_USER, $user);
         }
@@ -260,7 +260,9 @@ public static function authenticate(Request $request, Application $app)
      *                        is false.
      * @return \XDUser The user that was checked and is authorized according to
      *                the given parameters.
-     * @throws AccessDeniedException
+     *
+     * @throws  Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException
+     *          Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
      */
     public function authorize(Request $request, array $requirements = null, $blacklist = false)
     {
@@ -283,9 +285,9 @@ public function authorize(Request $request, array $requirements = null, $blackli
         // limits with their current permissions.
         if (!$success) {
             if ($user->isPublicUser()) {
-                throw new AccessDeniedException($message, 401);
+                throw new UnauthorizedHttpException('xdmod', $message); // 401 from framework
             } else {
-                throw new AccessDeniedHttpException($message, 403);
+                throw new AccessDeniedHttpException($message); // 403 from framework
             }
         }