Correctly distinguish between cases of 401 Unauthorized which actuall…

…y means 'unauthenticated' and 403 Forbidden

src/http/api-post.ts

@@ -58,7 +58,7 @@ export const apiPost =
       TE.filterOrElse(command.isAuthorized, () =>
         failureWithStatus(
           'You are not authorized to perform this action',
-          StatusCodes.UNAUTHORIZED
+          StatusCodes.FORBIDDEN
         )()
       ),
       TE.chain(({input, actor}) =>

src/http/email-handler.ts

@@ -50,7 +50,7 @@ const emailPost =
       TE.filterOrElse(command.isAuthorized, () =>
         failureWithStatus(
           'You are not authorized to perform this action',
-          StatusCodes.UNAUTHORIZED
+          StatusCodes.FORBIDDEN
         )()
       ),
       TE.chainEitherK(({input, actor}) =>

src/http/form-post.ts

@@ -79,7 +79,7 @@ export const formPost =
       TE.filterOrElse(command.isAuthorized, () =>
         failureWithStatus(
           'You are not authorized to perform this action',
-          StatusCodes.UNAUTHORIZED
+          StatusCodes.FORBIDDEN
         )()
       ),
       TE.chain(({input, actor}) =>

src/queries/admin/index.ts

@@ -23,7 +23,7 @@ export const admin: Query = deps => user => {
     return TE.left(
       failureWithStatus(
         'You are not authorised to see this page',
-        StatusCodes.UNAUTHORIZED
+        StatusCodes.FORBIDDEN
       )()
     );
   }

src/queries/failed-imports/construct-view-model.ts

@@ -18,7 +18,7 @@ export const constructViewModel =
       TE.filterOrElseW(readModels.superUsers.is(user.memberNumber), () =>
         failureWithStatus(
           'You are not authorised to see this page',
-          StatusCodes.UNAUTHORIZED
+          StatusCodes.FORBIDDEN
         )()
       ),
       TE.map(events => ({

src/queries/log/construct-view-model.ts

@@ -14,7 +14,7 @@ export const constructViewModel = (deps: Dependencies) => (user: User) =>
     TE.filterOrElse(readModels.superUsers.is(user.memberNumber), () =>
       failureWithStatus(
         'You do not have the necessary permission to see this page.',
-        StatusCodes.UNAUTHORIZED
+        StatusCodes.FORBIDDEN
       )()
     ),
     TE.map(RA.reverse),

src/queries/logcsv/construct-view-model.ts

@@ -13,7 +13,7 @@ export const constructViewModel = (deps: Dependencies) => (user: User) =>
     TE.filterOrElse(readModels.superUsers.is(user.memberNumber), () =>
       failureWithStatus(
         'You do not have the necessary permission to see this page.',
-        StatusCodes.UNAUTHORIZED
+        StatusCodes.FORBIDDEN
       )()
     ),
     TE.map(events => ({events}) satisfies ViewModel)

src/queries/super-users/construct-view-model.ts

@@ -19,7 +19,7 @@ export const constructViewModel =
         readModels.superUsers.is(user.memberNumber),
         failureWithStatus(
           'Only super-users can see this page',
-          StatusCodes.UNAUTHORIZED
+          StatusCodes.FORBIDDEN
         )
       ),
       TE.map(events => ({

src/queries/training-status-csv/construct-view-model.ts

@@ -17,7 +17,7 @@ export const constructViewModel =
       return E.left(
         failureWithStatus(
           'You do not have the necessary permission to see this page.',
-          StatusCodes.UNAUTHORIZED
+          StatusCodes.FORBIDDEN
         )()
       );
     }

src/types/failure-with-status.ts

@@ -7,6 +7,7 @@ type ApplicationStatusCode =
   | StatusCodes.INTERNAL_SERVER_ERROR
   | StatusCodes.BAD_REQUEST
   | StatusCodes.UNAUTHORIZED
+  | StatusCodes.FORBIDDEN
   | StatusCodes.NOT_FOUND
   | StatusCodes.NOT_IMPLEMENTED;
 

tests/queries/log/construct-view-model.test.ts

@@ -18,7 +18,7 @@ describe('construct-view-model', () => {
         T.map(getLeftOrFail)
       )();
 
-      expect(failure.status).toStrictEqual(StatusCodes.UNAUTHORIZED);
+      expect(failure.status).toStrictEqual(StatusCodes.FORBIDDEN);
     });
   });
 });