From ddc1bcaaf58644b15d3fdb2e43a6d9cd59a28602 Mon Sep 17 00:00:00 2001
From: VoigtS <s.voigt@sap.com>
Date: Mon, 11 Mar 2024 15:57:00 +0100
Subject: [PATCH] Add missing error handlings

---
 docs/users/api-spec-resources.md | 1 +
 internal/api/commitment.go       | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/docs/users/api-spec-resources.md b/docs/users/api-spec-resources.md
index 0960e31d..a25a8831 100644
--- a/docs/users/api-spec-resources.md
+++ b/docs/users/api-spec-resources.md
@@ -775,6 +775,7 @@ The response is a JSON of the commitment including the following fields that ide
 ```
 ### POST /v1/domains/:id/projects/:id/transfer-commitment/:id?token=:token
 Transfers the commitment from a source project to a target project.
+Requires a project-admin token.
 This endpoint receives the target project ID, but the commitment ID from the source project.
 Requires a generated token from the API: `/v1/domains/:id/projects/:id/commitments/:id/start-transfer`.
 On success the API clears the `transfer_token` and `transfer_status` from the commitment.
diff --git a/internal/api/commitment.go b/internal/api/commitment.go
index 1a2e2e55..b7afcfbd 100644
--- a/internal/api/commitment.go
+++ b/internal/api/commitment.go
@@ -463,10 +463,12 @@ func (p *v1Provider) StartCommitmentTransfer(w http.ResponseWriter, r *http.Requ
 	httpapi.IdentifyEndpoint(r, "/v1/domains/:id/projects/:id/commitments/:id/start-transfer")
 	token := p.CheckToken(r)
 	if !token.Require(w, "project:edit") {
+		http.Error(w, "insufficient access rights.", http.StatusForbidden)
 		return
 	}
 	dbDomain := p.FindDomainFromRequest(w, r)
 	if dbDomain == nil {
+		http.Error(w, "domain not found.", http.StatusNotFound)
 		return
 	}
 	dbProject := p.FindProjectFromRequest(w, r, dbDomain)
@@ -478,6 +480,7 @@ func (p *v1Provider) StartCommitmentTransfer(w http.ResponseWriter, r *http.Requ
 		Request limesresources.Commitment `json:"commitment"`
 	}
 	if !RequireJSON(w, r, &parseTarget) {
+		http.Error(w, "json not parsable.", http.StatusBadRequest)
 		return
 	}
 	req := parseTarget.Request
@@ -590,6 +593,7 @@ func (p *v1Provider) TransferCommitment(w http.ResponseWriter, r *http.Request)
 	httpapi.IdentifyEndpoint(r, "/v1/domains/:id/projects/:id/transfer-commitment/:id?token=:token")
 	token := p.CheckToken(r)
 	if !token.Require(w, "project:edit") {
+		http.Error(w, "insufficient access rights.", http.StatusForbidden)
 		return
 	}
 	transferToken := r.URL.Query().Get("token")
@@ -598,10 +602,12 @@ func (p *v1Provider) TransferCommitment(w http.ResponseWriter, r *http.Request)
 	}
 	dbDomain := p.FindDomainFromRequest(w, r)
 	if dbDomain == nil {
+		http.Error(w, "domain not found.", http.StatusNotFound)
 		return
 	}
 	targetProject := p.FindProjectFromRequest(w, r, dbDomain)
 	if targetProject == nil {
+		http.Error(w, "project not found.", http.StatusNotFound)
 		return
 	}