Skip to content

🐛Update items.py to return status code 403 in case of insufficient permissions#1543

Merged
tiangolo merged 3 commits intofastapi:masterfrom
jpizquierdo:master
Jan 22, 2026
Merged

🐛Update items.py to return status code 403 in case of insufficient permissions#1543
tiangolo merged 3 commits intofastapi:masterfrom
jpizquierdo:master

Conversation

@jpizquierdo
Copy link
Contributor

@jpizquierdo jpizquierdo commented Apr 14, 2025

Change error 400 to error 403 when not enough permissions when requesting items. I think it is better a 403 than a 400 (bad request).

@jpizquierdo
Update items.py
50006b7 
Change error 400 to error 403 when not enough permissions when requesting items
@jpizquierdo
Update test_items.py
03dcab0 
updated tests
YuriiMotov
YuriiMotov approved these changes Sep 3, 2025
View reviewed changes
Copy link
Member

@YuriiMotov YuriiMotov left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

For users we already return status code 403

full-stack-fastapi-template/backend/app/api/routes/users.py

Lines 168 to 172 in 8af907c

if not current_user.is_superuser:
raise HTTPException(
status_code=403,
detail="The user doesn't have enough privileges",
)

@jpizquierdo, thanks!

I think we don't need to change frontend to reflect these changes right now - users only see items they have access to, so they will not be able to send invalid request.

But in general we should probably discuss the way 403 errors are handled by frontend. For now UI will remove the access token and ask user to login.

@YuriiMotov YuriiMotov changed the title 🐛Update items.py "not enough permission" from error code 400 to error code 403 🐛Update items.py to return status code 403 in case of insufficient permissions Sep 3, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Sep 20, 2025

This pull request has a merge conflict that needs to be resolved.

@github-actions github-actions bot added the conflicts Automatically generated when a PR has a merge conflict label Sep 20, 2025
@github-actions github-actions bot removed the conflicts Automatically generated when a PR has a merge conflict label Sep 24, 2025
tiangolo
tiangolo approved these changes Jan 22, 2026
View reviewed changes
Copy link
Member

@tiangolo tiangolo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, makes sense, thanks! 🍰

@tiangolo tiangolo merged commit 9fe3a4d into fastapi:master Jan 22, 2026
16 checks passed
samsam926 pushed a commit to samsam926/KD-Path that referenced this pull request Jan 28, 2026
@jpizquierdo
🐛Update items.py to return status code 403 in case of insufficien…
123c76f 
…t permissions (fastapi#1543)
This was referenced Feb 12, 2026
Merged
Closed
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tiangolo tiangolo tiangolo approved these changes

@YuriiMotov YuriiMotov YuriiMotov approved these changes

+1 more reviewer

@Chikimuras Chikimuras Chikimuras approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

refactor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jpizquierdo @tiangolo @Chikimuras @YuriiMotov @alejsdev