Use consistent status codes in all REST controllers
Part of #511
What does this MR do?
-
Differentiate between 401 (not logged in) and 403 (logged in, but insufficient permissions) in REST responses. With this the frontend can decide if it should show an error or redirect to the login page. -
Replaces all usage of the HttpException
class with more specific Symfony classes -
Adds a section about status codes to the devdocs -
Fixes normalisation of /user/{id}/details for the App, which was changed in !2171 (merged)
How confident are you it won't break things if deployed?
Very sure. Until now we are not differentiating between 4xx codes in the frontend.
The response format of /user/{id}/details not complies with the rules listed in https://devdocs.foodsharing.network/code-review.html#rest-api-endpoints and allows the Android app to request data again.
How to test
Not really necessary to test this, but you could check this:
- Checkout branch locally
- Login as foodsaver
- Open a second browser tab and log out there
- In the first tab, do something that sends a Rest request and check in the browser's console that the answer is 401.
Checklist
-
added a test, or explain why one is not needed/possible... -
no unrelated changes -
asked someone for a code review -
set a "for:" label to indicate who will be affected by this change -
added to the next milestone (see https://gitlab.com/foodsharing-dev/foodsharing/-/milestones, unless it has a "for:Dev" label) -
added an entry to CHANGELOG.md
-
added a short text that can be used in the release notes -
Once your MR has been merged, you are responsible to create a testing issue in the Beta Testing forum: https://foodsharing.de/?page=bezirk&bid=734&sub=forum. Please change the MRs label to "state:Beta testing". - Consider writing a detailed description in German.
- Describe in a few sentences, what should be tested from a user perspective.
- Also mention different settings (e.g. different browsers, roles, ...) how this change can be tested.
- Be aware, that also non technical people should understand.
Release notes text in German
Closes #511
Edited by Christian Walgenbach