Skip to content

hotfix: add error to GET /backend-for-frontend/tenants/{tenants-id}/users (PIN-7759) #2478

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

hotfix: add error to GET /backend-for-frontend/tenants/{tenants-id}/users (PIN-7759) #2478

wants to merge 2 commits into from

Conversation

shuyec
Copy link
Contributor

@shuyec shuyec commented Oct 13, 2025
edited by atlassian bot
Loading

Issue

Context / Why

This PR adds a check to the GET /backend-for-frontend/tenants/{tenants-id}/users. If a requester tries to get the users list of another tenant, then it gets an error 403.

Impacted services

  • backend-for-frontend

Checklist

  • Add check to the BFF

shuyec
shuyec commented Oct 13, 2025
View reviewed changes
packages/backend-for-frontend/src/services/validators.ts
Comment on lines +252 to +253
throw unauthorizedError(
`Requester ${requesterId} cannot retrieve users for tenant ${tenantId}`
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unauthorizedError is already mapped to HTTP_STATUS_FORBIDDEN by default, so there is no need to update the error mappers

@shuyec shuyec marked this pull request as ready for review October 13, 2025 11:00
galales
galales approved these changes Oct 13, 2025
View reviewed changes
Copy link
Contributor

@galales galales left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@shuyec shuyec changed the title hotfix: add error to /backend-for-frontend/tenants/{tenants-id}/users (PIN-7759) hotfix: add error to GET /backend-for-frontend/tenants/{tenants-id}/users (PIN-7759) Oct 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@galales galales galales approved these changes

@taglioni-r taglioni-r taglioni-r approved these changes

@paolomanca-pagopa paolomanca-pagopa paolomanca-pagopa approved these changes

@beetlecrunch beetlecrunch Awaiting requested review from beetlecrunch beetlecrunch is a code owner

@Carminepo2 Carminepo2 Awaiting requested review from Carminepo2 Carminepo2 is a code owner

@lorenzo-pa lorenzo-pa Awaiting requested review from lorenzo-pa lorenzo-pa is a code owner

Assignees

No one assigned

Labels

hotfix vapt

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@shuyec @galales @taglioni-r @paolomanca-pagopa