Update delete contract to use same error messages

2026-06-14 03:30:14 +00:00 · 2025-09-16 10:28:16 +02:00
parent ef5150649a
commit 3178db63dd
3 changed files with 11 additions and 11 deletions
@@ -30,14 +30,14 @@

 module Relations
  class DeleteContract < ::DeleteContract
-    delete_permission -> { user.allowed_in_work_package?(:manage_work_package_relations, model.from) }
+    delete_permission -> {
+      user.allowed_in_work_package?(:manage_work_package_relations, model.from) &&
+        user.allowed_in_work_package?(:manage_work_package_relations, model.to)
+    }

-    validate :validate_to_deletable
-
-    def validate_to_deletable
-      return unless user.allowed_in_work_package?(:manage_work_package_relations, model.from)
-
-      unless user.allowed_in_work_package?(:manage_work_package_relations, model.to)
+    # Override method to add more specific error
+    def user_allowed
+      unless authorized?
        errors.add :base, :error_not_deletable
      end
    end
@@ -73,13 +73,13 @@ RSpec.describe Relations::DeleteContract do
             })
    end

-    it_behaves_like "contract is invalid", base: :error_unauthorized
+    it_behaves_like "contract is invalid", base: :error_not_deletable
  end

  context "when user has no permissions for either work package" do
    let(:current_user) { create(:user) }

-    it_behaves_like "contract is invalid", base: :error_unauthorized
+    it_behaves_like "contract is invalid", base: :error_not_deletable
  end

  context "when user is an admin" do
@@ -401,8 +401,8 @@ RSpec.describe "API v3 Relation resource", content_type: :json do
    context "lacking the permission" do
      let(:permissions) { %i[view_work_packages] }

-      it "returns 403" do
-        expect(last_response).to have_http_status :forbidden
+      it "returns 422" do
+        expect(last_response).to have_http_status :unprocessable_entity
      end

      it "leaves the relation" do