fix: rest api should return error reason (#507)

ymc9 · web-flow · commit 4b389fb648cc · 2023-06-21T19:53:28.000+08:00
diff --git a/packages/server/src/api/rest/index.ts b/packages/server/src/api/rest/index.ts
@@ -1505,7 +1505,7 @@ class RequestHandler {
     private handlePrismaError(err: unknown) {
         if (isPrismaClientKnownRequestError(err)) {
             if (err.code === 'P2004') {
-                return this.makeError('forbidden');
+                return this.makeError('forbidden', undefined, 403, err.meta?.reason as string);
             } else if (err.code === 'P2025' || err.code === 'P2018') {
                 return this.makeError('notFound');
             } else {
@@ -1530,7 +1530,7 @@ class RequestHandler {
         }
     }
 
-    private makeError(code: keyof typeof this.errors, detail?: string, status?: number) {
+    private makeError(code: keyof typeof this.errors, detail?: string, status?: number, reason?: string) {
         return {
             status: status ?? this.errors[code].status,
             body: {
@@ -1540,6 +1540,7 @@ class RequestHandler {
                         code: paramCase(code),
                         title: this.errors[code].title,
                         detail: detail || this.errors[code].detail,
+                        reason,
                     },
                 ],
             },
diff --git a/packages/server/tests/api/rest.test.ts b/packages/server/tests/api/rest.test.ts
@@ -1,11 +1,12 @@
 /* eslint-disable @typescript-eslint/no-explicit-any */
 /// <reference types="@types/jest" />
 
-import { loadSchema, run } from '@zenstackhq/testtools';
+import { withPolicy } from '@zenstackhq/runtime';
+import { CrudFailureReason } from '@zenstackhq/runtime/constants';
 import { ModelMeta } from '@zenstackhq/runtime/enhancements/types';
+import { loadSchema, run } from '@zenstackhq/testtools';
 import makeHandler from '../../src/api/rest';
 import { Response } from '../../src/types';
-import { withPolicy } from '@zenstackhq/runtime';
 
 let prisma: any;
 let zodSchemas: any;
@@ -1844,6 +1845,13 @@ describe('REST server tests - enhanced prisma', () => {
         @@allow('create,read', true)
         @@allow('update', value > 0)
     }
+
+    model Bar {
+        id Int @id
+        value Int
+
+        @@allow('create', true)
+    }
     `;
 
     beforeAll(async () => {
@@ -1862,7 +1870,7 @@ describe('REST server tests - enhanced prisma', () => {
         run('npx prisma db push');
     });
 
-    it('policy rejection test', async () => {
+    it('update policy rejection test', async () => {
         let r = await handler({
             method: 'post',
             path: '/foo',
@@ -1885,6 +1893,20 @@ describe('REST server tests - enhanced prisma', () => {
         });
         expect(r.status).toBe(403);
     });
+
+    it('read-back policy rejection test', async () => {
+        const r = await handler({
+            method: 'post',
+            path: '/bar',
+            query: {},
+            requestBody: {
+                data: { type: 'bar', attributes: { id: 1, value: 0 } },
+            },
+            prisma,
+        });
+        expect(r.status).toBe(403);
+        expect((r.body as any).errors[0].reason).toBe(CrudFailureReason.RESULT_NOT_READABLE);
+    });
 });
 
 describe('REST server tests - NextAuth project regression', () => {
