403 Forbidden when assigning duplicate role #12113
Description
What steps does it take to reproduce the issue?
Using the API, assign the same role to the same user on the same entity (dataset or collection) twice.
- What happens?
The API returns an error response with code 403 Forbidden and the following message:
{
"status": "ERROR",
"message": "Role has already been granted."
}
- What did you expect to happen?
I didn't expect a 403 Forbidden, since it seems to imply my authentications broken or I lack the rights to assign a role. However, the request is merely failing due to the role assignment already existing.
I'd like to suggest changing this error code to something else, e.g. some other more applicable client-error code such as 400 Bad Request, 409 Conflict or 422 Unprocessable Content. (I found a discussion of the error codes here: https://stackoverflow.com/questions/3825990/http-response-code-for-post-when-resource-already-exists)
I'd also like to throw in the option of returning a 201 Created when a role assignment is successfully created, and a 200 OK if the role assignment already exists, since it could be argued it's not even strictly an error situation.
What do you think? Is there an accepted list/guideline for Dataverse API response codes?
Which version of Dataverse are you using?
v6.9
Any related open or closed issues to this bug report?
Did not find any.
Are you thinking about creating a pull request for this issue?
Help is always welcome, is this bug something you or your organization plan to fix?
Yes I would