diff --git a/internal/handlers/llm_services.go b/internal/handlers/llm_services.go index 49060f7..ffaae79 100644 --- a/internal/handlers/llm_services.go +++ b/internal/handlers/llm_services.go @@ -303,7 +303,7 @@ func shareDefinitionFunc(ctx context.Context, input *models.ShareDefinitionReque return nil, huma.Error500InternalServerError(fmt.Sprintf("unable to retrieve definition: %v", err)) } if definition.Owner != ctx.Value(auth.AuthUserKey).(string) { - return nil, huma.Error401Unauthorized(fmt.Sprintf("Not authorized to share definition %s/%s", input.UserHandle, input.DefinitionHandle)) + return nil, huma.Error403Forbidden(fmt.Sprintf("not authorized to share definition %s/%s", input.UserHandle, input.DefinitionHandle)) } // Check if target user exists @@ -353,7 +353,7 @@ func unshareDefinitionFunc(ctx context.Context, input *models.UnshareDefinitionR return nil, huma.Error500InternalServerError(fmt.Sprintf("unable to retrieve definition: %v", err)) } if definition.Owner != ctx.Value(auth.AuthUserKey).(string) { - return nil, huma.Error401Unauthorized(fmt.Sprintf("Not authorized to share definition %s/%s", input.UserHandle, input.DefinitionHandle)) + return nil, huma.Error403Forbidden(fmt.Sprintf("not authorized to share definition %s/%s", input.UserHandle, input.DefinitionHandle)) } fmt.Printf("Definition retrieved: %s/%s (id %d)\n", definition.Owner, definition.DefinitionHandle, definition.DefinitionID) fmt.Printf("Attempting to unshare with %s\n", input.UnshareWithHandle) @@ -574,7 +574,7 @@ func postInstanceFromDefinitionFunc(ctx context.Context, input *models.PostInsta hasAccess = true } if !hasAccess { - return huma.Error401Unauthorized(fmt.Sprintf("user does not have access to definition %s/%s", input.Body.DefinitionOwner, input.Body.DefinitionHandle)) + return huma.Error403Forbidden(fmt.Sprintf("user does not have access to definition %s/%s", input.Body.DefinitionOwner, input.Body.DefinitionHandle)) } } @@ -849,7 +849,7 @@ func shareInstanceFunc(ctx context.Context, input *models.ShareInstanceRequest) } // Check if instance belongs to current user (only owner can share) if instance.Owner != ctx.Value(auth.AuthUserKey).(string) { - return nil, huma.Error401Unauthorized(fmt.Sprintf("Not authorized to share instance %s/%s", input.UserHandle, input.InstanceHandle)) + return nil, huma.Error403Forbidden(fmt.Sprintf("not authorized to share instance %s/%s", input.UserHandle, input.InstanceHandle)) } // Check if target user exists _, err = getUserFunc(ctx, &models.GetUserRequest{UserHandle: input.Body.ShareWithHandle}) diff --git a/internal/handlers/llm_services_sharing_test.go b/internal/handlers/llm_services_sharing_test.go index 99baa4e..6f47b01 100644 --- a/internal/handlers/llm_services_sharing_test.go +++ b/internal/handlers/llm_services_sharing_test.go @@ -265,8 +265,8 @@ func TestDefinitionSharingFunc(t *testing.T) { requestPath: "/v1/llm-instances/bob/from-definition", bodyJSON: `{"user_handle": "bob", "instance_handle": "bob-instance1", "definition_owner": "alice", "definition_handle": "openai-large", "endpoint": "https://api.openai.com/v1/embeddings", "description": "Bob's instance based on Alice's definition"}`, VDBKey: bobAPIKey, - expectBody: "{\n \"$schema\": \"http://localhost:8080/schemas/ErrorModel.json\",\n \"title\": \"Unauthorized\",\n \"status\": 401,\n \"detail\": \"user does not have access to definition alice/openai-large\"\n}\n", - expectStatus: http.StatusUnauthorized, + expectBody: "{\n \"$schema\": \"http://localhost:8080/schemas/ErrorModel.json\",\n \"title\": \"Forbidden\",\n \"status\": 403,\n \"detail\": \"user does not have access to definition alice/openai-large\"\n}\n", + expectStatus: http.StatusForbidden, }, { name: "Create an instance based on a nonexistent definition - should fail", diff --git a/internal/handlers/projects.go b/internal/handlers/projects.go index 822092f..eb9facf 100644 --- a/internal/handlers/projects.go +++ b/internal/handlers/projects.go @@ -437,7 +437,7 @@ func shareProjectFunc(ctx context.Context, input *models.ShareProjectRequest) (* } // Check if project belongs to current user (only owner can share) if project.Owner != ctx.Value(auth.AuthUserKey).(string) { - return nil, huma.Error401Unauthorized(fmt.Sprintf("not authorized to share project %s/%s", input.UserHandle, input.ProjectHandle)) + return nil, huma.Error403Forbidden(fmt.Sprintf("not authorized to share project %s/%s", input.UserHandle, input.ProjectHandle)) } // Check if target user exists _, err = getUserFunc(ctx, &models.GetUserRequest{UserHandle: input.Body.ShareWithHandle})