From 7dd7cf80fff210970ed63d15ad8309ae570c6832 Mon Sep 17 00:00:00 2001
From: core <core@coredoes.dev>
Date: Mon, 31 Jul 2023 00:38:19 -0400
Subject: [PATCH] roles:delete, roles:edit error parity & fix glaring security
 hole in role edit

Implements: https://todo.e3t.cc/~core/trifid/1
---
 trifid-api/src/routes/v1/roles.rs | 76 +++++++++++++++----------------
 1 file changed, 38 insertions(+), 38 deletions(-)

diff --git a/trifid-api/src/routes/v1/roles.rs b/trifid-api/src/routes/v1/roles.rs
index cd8b00b..ecaddaa 100644
--- a/trifid-api/src/routes/v1/roles.rs
+++ b/trifid-api/src/routes/v1/roles.rs
@@ -926,8 +926,8 @@ pub async fn delete_role(
     } else {
         HttpResponse::NotFound().json(APIErrorsResponse {
             errors: vec![APIError {
-                code: "ERR_MISSING_ROLE".to_string(),
-                message: "Role does not exist".to_string(),
+                code: "ERR_NOT_FOUND".to_string(),
+                message: "resource not found".to_string(),
                 path: None,
             }],
         })
@@ -1041,8 +1041,43 @@ pub async fn update_role_request(
         }
     };
 
+    let role = match role::Entity::find()
+        .filter(role::Column::Id.eq(role.as_str()))
+        .one(&db.conn)
+        .await
+    {
+        Ok(r) => r,
+        Err(e) => {
+            error!("database error: {}", e);
+            return HttpResponse::InternalServerError().json(APIErrorsResponse {
+                errors: vec![
+                    APIError {
+                        code: "ERR_DB_ERROR".to_string(),
+                        message: "There was an error performing the database request, please try again later.".to_string(),
+                        path: None,
+                    }
+                ],
+            });
+        }
+    };
+
+    let role = match role {
+        Some(r) => r,
+        None => {
+            return HttpResponse::NotFound().json(APIErrorsResponse {
+                errors: vec![APIError {
+                    code: "ERR_NOT_FOUND".to_string(),
+                    message:
+                    "This resource does not exist or you do not have permission to access it."
+                        .to_string(),
+                    path: None,
+                }],
+            })
+        }
+    };
+
     let existing_rules: Vec<firewall_rule::Model> = match firewall_rule::Entity::find()
-        .filter(firewall_rule::Column::Role.eq(role.clone()))
+        .filter(firewall_rule::Column::Role.eq(role.id.clone()))
         .all(&db.conn)
         .await
     {
@@ -1079,41 +1114,6 @@ pub async fn update_role_request(
         };
     }
 
-    let role = match role::Entity::find()
-        .filter(role::Column::Id.eq(role.as_str()))
-        .one(&db.conn)
-        .await
-    {
-        Ok(r) => r,
-        Err(e) => {
-            error!("database error: {}", e);
-            return HttpResponse::InternalServerError().json(APIErrorsResponse {
-                errors: vec![
-                    APIError {
-                        code: "ERR_DB_ERROR".to_string(),
-                        message: "There was an error performing the database request, please try again later.".to_string(),
-                        path: None,
-                    }
-                ],
-            });
-        }
-    };
-
-    let role = match role {
-        Some(r) => r,
-        None => {
-            return HttpResponse::Unauthorized().json(APIErrorsResponse {
-                errors: vec![APIError {
-                    code: "ERR_UNAUTHORIZED".to_string(),
-                    message:
-                        "This resource does not exist or you do not have permission to access it."
-                            .to_string(),
-                    path: None,
-                }],
-            })
-        }
-    };
-
     let mut role_active_model = role.clone().into_active_model();
 
     role_active_model.modified_at = Set(SystemTime::now()