diff --git a/openbook_appointments/checkers.py b/openbook_appointments/checkers.py
index c8290786bea3666170e63e737d3cd0331e210258..2b4bc875f1dceb6446860643dbfb66ec25a4513c 100644
--- a/openbook_appointments/checkers.py
+++ b/openbook_appointments/checkers.py
@@ -1,5 +1,5 @@
+from django.core.exceptions import PermissionDenied
from django.utils.translation import gettext_lazy as _
-from rest_framework.exceptions import ValidationError
from openbook_appointments.enums import PermissionType
@@ -13,7 +13,7 @@ class AppointmentChecker:
def _check_space_membership(self, user, space_id, action):
if not user.is_member_of_community_with_id(community_id=space_id):
- raise ValidationError(_(f"You cannot {action} appointments of a space you are not a member of"))
+ raise PermissionDenied(_(f"You cannot {action} appointments of a space you are not a member of"))
def _check_permission(self, user, appointment):
creator_id = appointment.creator.id if appointment.creator else None
@@ -33,7 +33,7 @@ class AppointmentChecker:
self._check_space_membership(user=user, space_id=space_id, action="create")
if not user.is_administrator_of_community_with_id(community_id=space_id) and not invite_only:
- raise ValidationError(
+ raise PermissionDenied(
_("You cannot create a public appointment if you are not an administrator of a space"),
)
@@ -43,7 +43,7 @@ class AppointmentChecker:
if appointment.invite_only and (
user.is_anonymous or not user.is_member_of_community_with_id(community_id=space_id)
):
- raise ValidationError(
+ raise PermissionDenied(
_("You cannot query invite only appointments of a space you are not a member of"),
)
@@ -54,7 +54,7 @@ class AppointmentChecker:
has_permission = self._check_permission(user, appointment)
if not has_permission:
- raise ValidationError(_("You do not have the permission to delete the appointment"))
+ raise PermissionDenied(_("You do not have the permission to delete the appointment"))
def check_can_update_appointment(self, user, appointment):
space_id = appointment.space.id
@@ -63,4 +63,4 @@ class AppointmentChecker:
has_permission = self._check_permission(user, appointment)
if not has_permission:
- raise ValidationError(_("You do not have the permission to update the appointment"))
+ raise PermissionDenied(_("You do not have the permission to update the appointment"))
diff --git a/openbook_appointments/tests/test_graphql.py b/openbook_appointments/tests/test_graphql.py
index a0e4c5047e929a12ed32fd5fad29e53234d394dc..b4ca8d40a2f412e4a94e29e6ce528526219ec401 100644
--- a/openbook_appointments/tests/test_graphql.py
+++ b/openbook_appointments/tests/test_graphql.py
@@ -176,10 +176,7 @@ class TestAppointments(TestCase):
assert response.errors is not None
assert response.data is None
- assert (
- "You cannot create appointments of a space you are not a member of"
- in response.errors[0].extensions["errors"]
- )
+ assert response.errors[0].extensions["code"] == "FORBIDDEN"
def test_can_create_public_appointment_if_admin(self):
response = create_appointment(self.admin, self.public_appointment_input_data)
@@ -245,10 +242,7 @@ class TestAppointments(TestCase):
assert response.errors is not None
assert response.data is None
- assert (
- "You cannot create a public appointment if you are not an administrator of a space"
- in response.errors[0].extensions["errors"]
- )
+ assert response.errors[0].extensions["code"] == "FORBIDDEN"
def test_can_create_invite_only_appointment_if_member(self):
response = create_appointment(self.user_member, self.invite_only_appointment_input_data)
@@ -407,10 +401,7 @@ class TestAppointments(TestCase):
assert query_response.errors is not None
assert query_response.data is None
- assert (
- "You cannot query invite only appointments of a space you are not a member of"
- in query_response.errors[0].extensions["errors"]
- )
+ assert query_response.errors[0].extensions["code"] == "FORBIDDEN"
def test_can_not_query_invite_only_appointment_if_not_member(self):
mutation_response = create_appointment(self.admin, self.invite_only_appointment_input_data)
@@ -423,10 +414,7 @@ class TestAppointments(TestCase):
assert query_response.errors is not None
assert query_response.data is None
- assert (
- "You cannot query invite only appointments of a space you are not a member of"
- in query_response.errors[0].extensions["errors"]
- )
+ assert query_response.errors[0].extensions["code"] == "FORBIDDEN"
def test_can_query_public_appointment_if_anonymous(self):
mutation_response = create_appointment(self.admin, self.public_appointment_input_data)
@@ -535,10 +523,7 @@ class TestAppointments(TestCase):
assert delete_mutation_response.errors is not None
assert delete_mutation_response.data is None
- assert (
- "You cannot delete appointments of a space you are not a member of"
- in delete_mutation_response.errors[0].extensions["errors"]
- )
+ assert delete_mutation_response.errors[0].extensions["code"] == "FORBIDDEN"
def test_can_not_delete_appointment_with_admins_permission_if_participant(self):
create_mutation_response = create_appointment(self.user_member, self.invite_only_appointment_input_data)
@@ -551,10 +536,7 @@ class TestAppointments(TestCase):
assert delete_mutation_response.errors is not None
assert delete_mutation_response.data is None
- assert (
- "You do not have the permission to delete the appointment"
- in delete_mutation_response.errors[0].extensions["errors"]
- )
+ assert delete_mutation_response.errors[0].extensions["code"] == "FORBIDDEN"
def test_can_not_delete_appointment_with_participants_permission_if_not_participant(self):
create_mutation_response = create_appointment(
@@ -569,10 +551,7 @@ class TestAppointments(TestCase):
assert delete_mutation_response.errors is not None
assert delete_mutation_response.data is None
- assert (
- "You do not have the permission to delete the appointment"
- in delete_mutation_response.errors[0].extensions["errors"]
- )
+ assert delete_mutation_response.errors[0].extensions["code"] == "FORBIDDEN"
def test_can_not_update_appointment_if_not_member(self):
create_mutation_response = create_appointment(self.user_member, self.invite_only_appointment_input_data)
@@ -589,10 +568,7 @@ class TestAppointments(TestCase):
assert update_mutation_response.errors is not None
assert update_mutation_response.data is None
- assert (
- "You cannot update appointments of a space you are not a member of"
- in update_mutation_response.errors[0].extensions["errors"]
- )
+ assert update_mutation_response.errors[0].extensions["code"] == "FORBIDDEN"
def test_can_not_update_appointment_with_admins_permission_if_participant(self):
create_mutation_response = create_appointment(self.user_member, self.invite_only_appointment_input_data)
@@ -609,10 +585,7 @@ class TestAppointments(TestCase):
assert update_mutation_response.errors is not None
assert update_mutation_response.data is None
- assert (
- "You do not have the permission to update the appointment"
- in update_mutation_response.errors[0].extensions["errors"]
- )
+ assert update_mutation_response.errors[0].extensions["code"] == "FORBIDDEN"
def test_can_not_update_appointment_with_participants_permission_if_not_participant(self):
create_mutation_response = create_appointment(
@@ -631,10 +604,7 @@ class TestAppointments(TestCase):
assert update_mutation_response.errors is not None
assert update_mutation_response.data is None
- assert (
- "You do not have the permission to update the appointment"
- in update_mutation_response.errors[0].extensions["errors"]
- )
+ assert update_mutation_response.errors[0].extensions["code"] == "FORBIDDEN"
def test_can_update_public_appointment_if_admin(self):
create_mutation_response = create_appointment(self.admin, self.public_appointment_input_data)