From 0344d9a2137eb755f002398aac40533e8ea46776 Mon Sep 17 00:00:00 2001
From: Hassan Abouelela <hassan@hassanamr.com>
Date: Sat, 5 Feb 2022 20:14:05 +0400
Subject: Use HTTPException To Propagate Access Failures

Co-authored-by: Bluenix <bluenixdev@gmail.com>
Signed-off-by: Hassan Abouelela <hassan@hassanamr.com>
---
 backend/routes/forms/response.py | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

(limited to 'backend/routes/forms/response.py')

diff --git a/backend/routes/forms/response.py b/backend/routes/forms/response.py
index fbf8e99..565701f 100644
--- a/backend/routes/forms/response.py
+++ b/backend/routes/forms/response.py
@@ -21,18 +21,13 @@ class Response(Route):
 
     @requires(["authenticated"])
     @api.validate(
-        resp=RouteResponse(HTTP_200=FormResponse, HTTP_401=ErrorMessage, HTTP_404=ErrorMessage),
+        resp=RouteResponse(HTTP_200=FormResponse, HTTP_404=ErrorMessage),
         tags=["forms", "responses"]
     )
     async def get(self, request: Request) -> JSONResponse:
         """Return a single form response by ID."""
         form_id = request.path_params["form_id"]
-
-        try:
-            if not await discord.verify_response_access(form_id, request):
-                return JSONResponse({"error": "unauthorized"}, status_code=401)
-        except discord.FormNotFoundError:
-            return JSONResponse({"error": "form_not_found"}, status_code=404)
+        await discord.verify_response_access(form_id, request)
 
         if raw_response := await request.state.db.responses.find_one(
             {
-- 
cgit v1.2.3