diff --git a/server/modules/auth/authApiMiddleware.js b/server/modules/auth/authApiMiddleware.js index cdfead0f07..431f43ebab 100644 --- a/server/modules/auth/authApiMiddleware.js +++ b/server/modules/auth/authApiMiddleware.js @@ -3,6 +3,7 @@ import * as Request from '@server/utils/request' import * as Authorizer from '@core/auth/authorizer' import * as Survey from '@core/survey/survey' import * as User from '@core/user/user' +import { StatusCodes } from '@core/systemError' import UnauthorizedError from '@server/utils/unauthorizedError' import * as SurveyManager from '@server/modules/survey/manager/surveyManager' @@ -81,13 +82,19 @@ const requireUserPermission = (permissionFn) => async (req, _res, next) => { } } -export const requireLoggedInUser = async (req, _res, next) => { +const sendUnauthorizedError = ({ res, req = null }) => { + const userName = req ? User.getName(Request.getUser(req)) : null + const error = new UnauthorizedError(userName) + res.send(StatusCodes.UNAUTHORIZED, JSON.stringify(error)) +} + +export const requireLoggedInUser = async (req, res, next) => { const user = Request.getUser(req) - return user ? next() : next(new UnauthorizedError()) + return user ? next() : sendUnauthorizedError({ res }) } // Survey -export const requireSurveyCreatePermission = async (req, _res, next) => { +export const requireSurveyCreatePermission = async (req, res, next) => { const user = Request.getUser(req) if (Authorizer.canCreateSurvey(user)) { const ownedSurveys = await SurveyManager.countOwnedSurveys({ user }) @@ -97,7 +104,7 @@ export const requireSurveyCreatePermission = async (req, _res, next) => { return } } - next(new UnauthorizedError(User.getName(user))) + sendUnauthorizedError({ req, res }) } export const requireSurveyViewPermission = requireSurveyPermission(Authorizer.canViewSurvey) export const requireSurveyEditPermission = requireSurveyPermission(Authorizer.canEditSurvey) diff --git a/webapp/components/survey/SurveyCreate/store/actions/useOnCreate.js b/webapp/components/survey/SurveyCreate/store/actions/useOnCreate.js index acbacbc3de..3ffcd6300e 100644 --- a/webapp/components/survey/SurveyCreate/store/actions/useOnCreate.js +++ b/webapp/components/survey/SurveyCreate/store/actions/useOnCreate.js @@ -1,6 +1,7 @@ import { useDispatch } from 'react-redux' import * as Authorizer from '@core/auth/authorizer' +import { StatusCodes } from '@core/systemError' import { SurveyActions } from '@webapp/store/survey' import { JobActions } from '@webapp/store/app' @@ -16,16 +17,16 @@ const sendSurveyCreateRequest = async ({ dispatch, newSurvey, user }) => { return await API.insertSurvey({ newSurvey: { ...newSurvey, cloneFrom: cloneFromSurveyId } }) } catch (e) { - const maxSurveysCount = Authorizer.getMaxSurveysUserCanCreate(user) - const errorKey = Number.isNaN(maxSurveysCount) - ? 'homeView.surveyCreate.error' - : 'homeView.surveyCreate.errorMaxSurveysCountExceeded' - dispatch( - NotificationActions.notifyError({ - key: errorKey, - params: { maxSurveysCount }, - }) - ) + let errorKey = null, + errorParams = null + if (e.status === StatusCodes.UNAUTHORIZED) { + const maxSurveysCount = Authorizer.getMaxSurveysUserCanCreate(user) + errorKey = 'homeView.surveyCreate.errorMaxSurveysCountExceeded' + errorParams = { maxSurveysCount } + } else { + errorKey = 'homeView.surveyCreate.error' + } + dispatch(NotificationActions.notifyError({ key: errorKey, params: errorParams })) return null } }