stackoom
  简体   繁体   中英

what is Correct Exception to raise in a rest API in response to request to delete a resource without enough permission?

 原文  2019-03-24 08:56:12       asp.net-core/ http-status-codes/ bit-framework

Question

I'm creating a rest API, using ASP.net Core and bit-framework
We want to allow the clients to be able to delete just the resources that they have created themselves

Questions:

In case a client asks to delete a resource which is created by another client,

  1. what is the best exception to raise in the API?

  2. What is the most correct HTTP status code to return?

  3. All the exception implemented in Bit.Owin.Exceptions namespace are:\\

    1. BadRequestException
    2. ResourceNotFoundException
    3. AppException
    4. DomainLogicException

    should I stick to this list of exceptions in my API? Is this list of exceptions going to be including more exceptions to cover more scenarios?


  1. I think one of these status codes must be returned, but which one suites better our condition?:

    • 403 Forbidden
    • 405 Not Allowed
    • 409 Resource Conflict

2 answers

solution1
 3  2019-03-26 09:56:53

I'm not familiar with the framework you are using. But let me give you my 2 cents. From the API consumer point of view, the 403 status code seems to be a quite reasonable choice for the situation described in your question:

6.5.3. 403 Forbidden

The 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize it. A server that wishes to make public why the request has been forbidden can describe that reason in the response payload (if any). [...]

Alternatively, if you intend to hide the existence of a resource, throw an exception that maps to 404 :

An origin server that wishes to "hide" the current existence of a forbidden target resource MAY instead respond with a status code of 404 (Not Found).

solution2
 1 ACCPTED  2019-03-27 13:50:36

Based on @cassiomolin's answer , you can create your own exception type based on following docs:

https://docs.bit-framework.com/introduction/web-api#exception-handling

add exception type to bit framework known exceptions 

public class CanNotDeleteOtherClientResourceException : Exception, IKnownException, IHttpStatusCodeAwareException
{
    public CanNotDeleteOtherClientResourceException(string message)
        : base(message)
    {
    }

    public HttpStatusCode StatusCode { get; set; } = HttpStatusCode.Forbidden;
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question CRUD Rest API related resource ASP.NET Core Web API exception handling with Request/Response Pattern Exception while API Response cast Describing Dynamic Response Types For REST API How to write delete REST API that accepts a long list of items to delete? In an HTML page, to delete on the server, is it correct to make a request with the get method? Error encoding when parsing response from REST request Microsoft Graph API, Region is required when request with application permission What is so different about REST API authentication? ASP NET core Serilog : Different files for Request, Response and Exception logs
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM