HTTP 403 instead of 400 when trying to update element filters on a non-workers process

Trying to run a PUT or PATCH request on a process not in the Workers mode causes a 403 Forbidden (i.e. authentication failure) instead of 400 Bad Request.

added 1 deleted label

assigned to @mlbonhomme

So I think this was actually fixed by this commit https://gitlab.com/arkindex/backend/-/commit/ac45799a76922af525059a4b20e42b7a8faada81 which added

    def validate(self, data):
        data = super().validate(data)
        # Editing a dataimport name only is always allowed
        if set(data.keys()) == {'name'}:
            return data

        if not self.instance:
            return
        if self.instance.state == State.Running:
            raise serializers.ValidationError({'__all__': ['Cannot edit a workflow while it is running']})
        if self.instance.mode != DataImportMode.Workers:
            raise serializers.ValidationError({'__all__': [f'Only processes of mode {DataImportMode.Workers} can be updated']})
        return data

to the DataImportSerializer ; I tried to make the error happen with tests but only got 400s.

mentioned in merge request !1546 (merged)

closed with commit cb3b6e29

closed

mentioned in commit cb3b6e29