diff --git a/server/channels/api4/bot.go b/server/channels/api4/bot.go index c7112a6610..6c6858a75c 100644 --- a/server/channels/api4/bot.go +++ b/server/channels/api4/bot.go @@ -135,13 +135,13 @@ func getBot(c *Context, w http.ResponseWriter, r *http.Request) { // Pretend like the bot doesn't exist at all to avoid revealing that the // user is a bot. It's kind of silly in this case, sine we created the bot, // but we don't have read bot permissions. - c.Err = model.MakeBotNotFoundError(botUserId) + c.Err = model.MakeBotNotFoundError("permissions", botUserId) return } } else { // Pretend like the bot doesn't exist at all, to avoid revealing that the // user is a bot. - c.Err = model.MakeBotNotFoundError(botUserId) + c.Err = model.MakeBotNotFoundError("permissions", botUserId) return } diff --git a/server/channels/app/authorization.go b/server/channels/app/authorization.go index f2481e112f..ddcdb54130 100644 --- a/server/channels/app/authorization.go +++ b/server/channels/app/authorization.go @@ -263,7 +263,7 @@ func (a *App) SessionHasPermissionToUserOrBot(session model.Session, userID stri if err == nil { return true } - if err.Id == "store.sql_bot.get.missing.app_error" && err.Unwrap() != nil { + if err.Id == "store.sql_bot.get.missing.app_error" && err.Where == "SqlBotStore.Get" { if a.SessionHasPermissionToUser(session, userID) { return true } @@ -385,7 +385,7 @@ func (a *App) SessionHasPermissionToManageBot(session model.Session, botUserId s if !a.SessionHasPermissionTo(session, model.PermissionReadBots) { // If the user doesn't have permission to read bots, pretend as if // the bot doesn't exist at all. - return model.MakeBotNotFoundError(botUserId) + return model.MakeBotNotFoundError("permissions", botUserId) } return a.MakePermissionError(&session, []*model.Permission{model.PermissionManageBots}) } @@ -394,7 +394,7 @@ func (a *App) SessionHasPermissionToManageBot(session model.Session, botUserId s if !a.SessionHasPermissionTo(session, model.PermissionReadOthersBots) { // If the user doesn't have permission to read others' bots, // pretend as if the bot doesn't exist at all. - return model.MakeBotNotFoundError(botUserId) + return model.MakeBotNotFoundError("permissions", botUserId) } return a.MakePermissionError(&session, []*model.Permission{model.PermissionManageOthersBots}) } diff --git a/server/channels/app/bot.go b/server/channels/app/bot.go index edc543d719..8fdd4c3267 100644 --- a/server/channels/app/bot.go +++ b/server/channels/app/bot.go @@ -353,7 +353,7 @@ func (a *App) PatchBot(botUserId string, botPatch *model.BotPatch) (*model.Bot, var appErr *model.AppError switch { case errors.As(nErr, &nfErr): - return nil, model.MakeBotNotFoundError(nfErr.ID).Wrap(nErr) + return nil, model.MakeBotNotFoundError("SqlBotStore.Get", nfErr.ID).Wrap(nErr) case errors.As(nErr, &appErr): // in case we haven't converted to plain error. return nil, appErr default: // last fallback in case it doesn't map to an existing app error. @@ -370,7 +370,7 @@ func (a *App) GetBot(botUserId string, includeDeleted bool) (*model.Bot, *model. var nfErr *store.ErrNotFound switch { case errors.As(err, &nfErr): - return nil, model.MakeBotNotFoundError(nfErr.ID).Wrap(err) + return nil, model.MakeBotNotFoundError("SqlBotStore.Get", nfErr.ID).Wrap(err) default: // last fallback in case it doesn't map to an existing app error. return nil, model.NewAppError("GetBot", "app.bot.getbot.internal_error", nil, "", http.StatusInternalServerError).Wrap(err) } @@ -409,7 +409,7 @@ func (a *App) UpdateBotActive(c request.CTX, botUserId string, active bool) (*mo var nfErr *store.ErrNotFound switch { case errors.As(nErr, &nfErr): - return nil, model.MakeBotNotFoundError(nfErr.ID).Wrap(nErr) + return nil, model.MakeBotNotFoundError("SqlBotStore.Get", nfErr.ID).Wrap(nErr) default: // last fallback in case it doesn't map to an existing app error. return nil, model.NewAppError("UpdateBotActive", "app.bot.getbot.internal_error", nil, "", http.StatusInternalServerError).Wrap(nErr) } @@ -431,7 +431,7 @@ func (a *App) UpdateBotActive(c request.CTX, botUserId string, active bool) (*mo var appErr *model.AppError switch { case errors.As(nErr, &nfErr): - return nil, model.MakeBotNotFoundError(nfErr.ID).Wrap(nErr) + return nil, model.MakeBotNotFoundError("SqlBotStore.Get", nfErr.ID).Wrap(nErr) case errors.As(nErr, &appErr): // in case we haven't converted to plain error. return nil, appErr default: // last fallback in case it doesn't map to an existing app error. @@ -469,7 +469,7 @@ func (a *App) UpdateBotOwner(botUserId, newOwnerId string) (*model.Bot, *model.A var nfErr *store.ErrNotFound switch { case errors.As(err, &nfErr): - return nil, model.MakeBotNotFoundError(nfErr.ID).Wrap(err) + return nil, model.MakeBotNotFoundError("SqlBotStore.Get", nfErr.ID).Wrap(err) default: // last fallback in case it doesn't map to an existing app error. return nil, model.NewAppError("UpdateBotOwner", "app.bot.getbot.internal_error", nil, "", http.StatusInternalServerError).Wrap(err) } @@ -483,7 +483,7 @@ func (a *App) UpdateBotOwner(botUserId, newOwnerId string) (*model.Bot, *model.A var appErr *model.AppError switch { case errors.As(err, &nfErr): - return nil, model.MakeBotNotFoundError(nfErr.ID).Wrap(err) + return nil, model.MakeBotNotFoundError("SqlBotStore.Get", nfErr.ID).Wrap(err) case errors.As(err, &appErr): // in case we haven't converted to plain error. return nil, appErr default: // last fallback in case it doesn't map to an existing app error. diff --git a/server/public/model/bot.go b/server/public/model/bot.go index 4b8f84fca3..5a5ce4970d 100644 --- a/server/public/model/bot.go +++ b/server/public/model/bot.go @@ -213,8 +213,8 @@ func (l *BotList) Etag() string { // MakeBotNotFoundError creates the error returned when a bot does not exist, or when the user isn't allowed to query the bot. // The errors must the same in both cases to avoid leaking that a user is a bot. -func MakeBotNotFoundError(userId string) *AppError { - return NewAppError("SqlBotStore.Get", "store.sql_bot.get.missing.app_error", map[string]any{"user_id": userId}, "", http.StatusNotFound) +func MakeBotNotFoundError(where, userId string) *AppError { + return NewAppError(where, "store.sql_bot.get.missing.app_error", map[string]any{"user_id": userId}, "", http.StatusNotFound) } func IsBotDMChannel(channel *Channel, botUserID string) bool {