From 3178db63dde73fe1018149ea0ac31352a8284b3d Mon Sep 17 00:00:00 2001 From: Mir Bhatia Date: Tue, 16 Sep 2025 10:28:16 +0200 Subject: [PATCH] Update delete contract to use same error messages --- app/contracts/relations/delete_contract.rb | 14 +++++++------- spec/contracts/relations/delete_contract_spec.rb | 4 ++-- .../api/v3/relations/relations_api_spec.rb | 4 ++-- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/app/contracts/relations/delete_contract.rb b/app/contracts/relations/delete_contract.rb index fd6f9d2052c..669d38fc277 100644 --- a/app/contracts/relations/delete_contract.rb +++ b/app/contracts/relations/delete_contract.rb @@ -30,14 +30,14 @@ module Relations class DeleteContract < ::DeleteContract - delete_permission -> { user.allowed_in_work_package?(:manage_work_package_relations, model.from) } + delete_permission -> { + user.allowed_in_work_package?(:manage_work_package_relations, model.from) && + user.allowed_in_work_package?(:manage_work_package_relations, model.to) + } - validate :validate_to_deletable - - def validate_to_deletable - return unless user.allowed_in_work_package?(:manage_work_package_relations, model.from) - - unless user.allowed_in_work_package?(:manage_work_package_relations, model.to) + # Override method to add more specific error + def user_allowed + unless authorized? errors.add :base, :error_not_deletable end end diff --git a/spec/contracts/relations/delete_contract_spec.rb b/spec/contracts/relations/delete_contract_spec.rb index dce64973fd6..22389e94992 100644 --- a/spec/contracts/relations/delete_contract_spec.rb +++ b/spec/contracts/relations/delete_contract_spec.rb @@ -73,13 +73,13 @@ RSpec.describe Relations::DeleteContract do }) end - it_behaves_like "contract is invalid", base: :error_unauthorized + it_behaves_like "contract is invalid", base: :error_not_deletable end context "when user has no permissions for either work package" do let(:current_user) { create(:user) } - it_behaves_like "contract is invalid", base: :error_unauthorized + it_behaves_like "contract is invalid", base: :error_not_deletable end context "when user is an admin" do diff --git a/spec/requests/api/v3/relations/relations_api_spec.rb b/spec/requests/api/v3/relations/relations_api_spec.rb index 34c48258e4c..5017de0407e 100644 --- a/spec/requests/api/v3/relations/relations_api_spec.rb +++ b/spec/requests/api/v3/relations/relations_api_spec.rb @@ -401,8 +401,8 @@ RSpec.describe "API v3 Relation resource", content_type: :json do context "lacking the permission" do let(:permissions) { %i[view_work_packages] } - it "returns 403" do - expect(last_response).to have_http_status :forbidden + it "returns 422" do + expect(last_response).to have_http_status :unprocessable_entity end it "leaves the relation" do