diff --git a/app/Exceptions/BidNotFound.php b/app/Exceptions/BidNotFound.php new file mode 100644 index 00000000..d949ea9f --- /dev/null +++ b/app/Exceptions/BidNotFound.php @@ -0,0 +1,43 @@ +bid_id = $bid_id; + parent::__construct( + 404, + 'The bid '.$bid_id.' was not found' + ); + } + + /** + * Return the RFC 7807 error type (without the URL root) + */ + public function getErrorType(): string + { + return 'bid-not-found'; + } + + /** + * Get the detailed error string + */ + public function getErrorDetails(): string + { + return $this->getMessage(); + } + + /** + * Return an array with the error details, merged with the RFC7807 response + */ + public function getErrorMetadata(): array + { + return [ + 'bid_id' => $this->bid_id + ]; + } +} diff --git a/app/Http/Controllers/Api/UserController.php b/app/Http/Controllers/Api/UserController.php index f251cd29..cfcf97ef 100644 --- a/app/Http/Controllers/Api/UserController.php +++ b/app/Http/Controllers/Api/UserController.php @@ -3,6 +3,7 @@ namespace App\Http\Controllers\Api; use App\Contracts\Controller; +use App\Exceptions\BidNotFound; use App\Exceptions\Unauthorized; use App\Exceptions\UserNotFound; use App\Http\Resources\Bid as BidResource; @@ -160,6 +161,10 @@ class UserController extends Controller // Return the current bid $bid = $this->bidSvc->getBid($user, $bid_id); + if ($bid === null) { + throw new BidNotFound($bid_id); + } + if ($bid->user_id !== $user->id) { throw new Unauthorized(new \Exception('Bid not not belong to authenticated user')); } diff --git a/app/Services/BidService.php b/app/Services/BidService.php index 2acc2401..4be5181c 100644 --- a/app/Services/BidService.php +++ b/app/Services/BidService.php @@ -50,6 +50,9 @@ class BidService extends Service /** @var Bid $bid */ $bid = Bid::with($with)->where(['id' => $bid_id])->first(); + if ($bid === null) { + return null; + } // Reconcile the aircraft for this bid // TODO: Only do this if there isn't a Simbrief attached?