Return 403 instead of 500 error for disconnect view

When a user only has a social account associated with them and they
attempt to disconnect it, we should return a 403 error, not a 500 error.
This commit is contained in:
Christopher Dignam 2018-01-28 13:51:53 -05:00
parent a3057b7aa1
commit e46ffd7341

View File

@ -1,4 +1,5 @@
from django.conf import settings
from django.core.exceptions import ValidationError
from django.utils.decorators import method_decorator
from django.utils.translation import ugettext_lazy as _
from django.views.decorators.debug import sensitive_post_parameters
@ -6,7 +7,8 @@ from django.views.decorators.debug import sensitive_post_parameters
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework.permissions import (AllowAny,
IsAuthenticated)
IsAuthenticated,
PermissionDenied)
from rest_framework.generics import CreateAPIView, ListAPIView, GenericAPIView
from rest_framework.exceptions import NotFound
from rest_framework import status
@ -174,7 +176,10 @@ class SocialAccountDisconnectView(GenericAPIView):
if not account:
raise NotFound
try:
get_social_adapter(self.request).validate_disconnect(account, accounts)
except ValidationError as e:
raise PermissionDenied(detail=e.args[0])
account.delete()
signals.social_account_removed.send(