From 69f4762cf49461e1b2f16bd0e93f8b2ed91b40de Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marko=20Mili=C4=87?= <marko@tesobe.com>
Date: Wed, 1 Apr 2020 14:45:51 +0200
Subject: [PATCH] Fix error code 400 to 403

---
 obp-api/src/main/scala/code/api/util/APIUtil.scala         | 7 ++++++-
 .../scala/code/api/v3_1_0/TransactionRequestTest.scala     | 4 ++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/obp-api/src/main/scala/code/api/util/APIUtil.scala b/obp-api/src/main/scala/code/api/util/APIUtil.scala
index 1ecb99b83..6dd8d207f 100644
--- a/obp-api/src/main/scala/code/api/util/APIUtil.scala
+++ b/obp-api/src/main/scala/code/api/util/APIUtil.scala
@@ -456,8 +456,13 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
   }
 
   def errorJsonResponse(message : String = "error", httpCode : Int = 400)(implicit headers: CustomResponseHeaders = CustomResponseHeaders(Nil)) : JsonResponse = {
+    val forbidden = message.contains(UserHasMissingRoles) || 
+      message.contains(UserNoPermissionAccessView) || 
+      message.contains(UserHasMissingRoles) ||
+      message.contains(UserNotSuperAdminOrMissRole) ||
+      message.contains(ConsumerHasMissingRoles)
     val code =
-      message.contains(UserHasMissingRoles) match {
+      forbidden match {
         case true =>
           403
         case _ =>
diff --git a/obp-api/src/test/scala/code/api/v3_1_0/TransactionRequestTest.scala b/obp-api/src/test/scala/code/api/v3_1_0/TransactionRequestTest.scala
index 103637a88..95cf7187d 100644
--- a/obp-api/src/test/scala/code/api/v3_1_0/TransactionRequestTest.scala
+++ b/obp-api/src/test/scala/code/api/v3_1_0/TransactionRequestTest.scala
@@ -82,8 +82,8 @@ class TransactionRequestTest extends V310ServerSetup {
         v3_1_0_Request / "banks" / bankId / "accounts" / account.accountId.value 
         / Constant.CUSTOM_OWNER_VIEW_ID / "transaction-requests").GET <@(user2)
       val response310 = makeGetRequest(request310)
-      Then("We should get a 400")
-      response310.code should equal(400)
+      Then("We should get a 403")
+      response310.code should equal(403)
       And("error should be " + UserNoPermissionAccessView)
       response310.body.extract[ErrorMessage].message should equal (UserNoPermissionAccessView)
     }