feat(server/m7-352): 403 system_playlist_readonly on playlist edit endpoints
Push kind='system' guard into each of the five Service edit methods (Update, Delete, AppendTracks, RemoveTrack, Reorder) immediately after the ownership check; map the typed error to 403 in writePlaylistErr; add table-driven test covering all five verbs against a seeded system playlist.
This commit is contained in:
@@ -420,6 +420,8 @@ func (h *handlers) writePlaylistErr(w http.ResponseWriter, err error, op string)
|
||||
writeErr(w, http.StatusNotFound, "not_found", "playlist not found")
|
||||
case errors.Is(err, playlists.ErrForbidden):
|
||||
writeErr(w, http.StatusForbidden, "not_authorized", "you don't own this playlist")
|
||||
case errors.Is(err, playlists.ErrSystemPlaylistReadonly):
|
||||
writeErr(w, http.StatusForbidden, "system_playlist_readonly", "system-generated playlists cannot be edited")
|
||||
case errors.Is(err, playlists.ErrInvalidInput):
|
||||
writeErr(w, http.StatusBadRequest, "bad_request", err.Error())
|
||||
case errors.Is(err, playlists.ErrTrackNotFound):
|
||||
|
||||
Reference in New Issue
Block a user