ajaleelp
commented
7 years ago You mean an authenticated user attempts an action he is not authorized for ?
Closed harigopal closed 7 years ago
ajaleelp
commented
7 years ago You mean an authenticated user attempts an action he is not authorized for ?
harigopal
commented
7 years ago You're right. Something's off about the naming scheme for related items though.
AuthorizationService doesn't actually have anything to do with authorization. It's more like a FindUserWithTokenService or AuthenticateTokenService.
And I find AuthorizationFailedException confusing. That's more like a NotPermittedException to me.
harigopal
commented
7 years ago Also, the status code for the exception should probably be 403 (Forbidden) instead of 401 (Unauthorized). http://stackoverflow.com/a/6937030/1425158
ajaleelp
commented
7 years ago True that. A forbidden error makes much more sense. You want to tackle it right away or file a card?
@ajaleelp The
AuthorizationFailedExceptionappears to be used when a authorized user is not permitted to perform an action. The naming should be improved, since the used was logged in throughUsers::AuthorizationService.