On 13/07/15 12:03, Claude Warren wrote:
I would like to rename the UpdateDeniedException to AccessDeniedException.
AddDeniedException, DeleteDeniedException currently extend it.
jena-permissions will then extend that to create:
ReadDeniedException -- for read restrictions
UpdateDeniedException -- for update restrictions (modifying triples that
already exists as opposed to adding new triples)
I think that this will allow Fuskei to properly respond to the case where
jena-permissions is in place and there are update restrictions in place.
Currently Fuseki returns this as a 500 error. Once we have a common
permission denied exception we can return either authentication required or
access denied as appropriate.
Thoughts?
Claude
I agree that the existing name isn't so good nowadays.
I wonder if "access" is best reserved for permissions exceptions and
have a bland "can't do that" to cover both access denied situations and
operartion not appropriate (delete from a append-only or read-only graph).
How about "OperationDeniedException" as the root of all refusals, then
AccessDeniedException used as the root of all permissions exceptions
(whether defined in jena-permission or just this top level one in
jena-core and all subclasses with meaning in jena-permission).
Then Fuseki can catch AccessDeniedException and respond with 401,403 and
still have different handling for non-permissions related exceptions
(e.g. 400 Bad Request for update a read-only graph where other parts of
a datasets are mutable).
Andy
