BED-4707 update to PUT request from DELETE

SpecterOps · Aug 14, 2024 · 1e0731e · 1e0731e
1 parent dad5e1c
commit 1e0731e
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 9 deletions.
diff --git a/cmd/api/src/api/registration/v2.go b/cmd/api/src/api/registration/v2.go
@@ -164,8 +164,8 @@ func NewV2API(cfg config.Configuration, resources v2.Resources, routerInst *rout
 		routerInst.GET("/api/v2/saved-queries", resources.ListSavedQueries).RequirePermissions(permissions.SavedQueriesRead),
 		routerInst.POST("/api/v2/saved-queries", resources.CreateSavedQuery).RequirePermissions(permissions.SavedQueriesWrite),
 		routerInst.PUT(fmt.Sprintf("/api/v2/saved-queries/{%s}", api.URIPathVariableSavedQueryID), resources.UpdateSavedQuery).RequirePermissions(permissions.SavedQueriesWrite),
+		routerInst.PUT(fmt.Sprintf("/api/v2/saved-queries/{%s}/unshare", api.URIPathVariableSavedQueryID), resources.UnshareSavedQuery).RequirePermissions(permissions.SavedQueriesWrite),
 		routerInst.DELETE(fmt.Sprintf("/api/v2/saved-queries/{%s}", api.URIPathVariableSavedQueryID), resources.DeleteSavedQuery).RequirePermissions(permissions.SavedQueriesWrite),
-		routerInst.DELETE(fmt.Sprintf("/api/v2/saved-queries/{%s}/unshare", api.URIPathVariableSavedQueryID), resources.UnshareSavedQuery).RequirePermissions(permissions.SavedQueriesWrite),
 
 		// Azure Entity API
 		routerInst.GET("/api/v2/azure/{entity_type}", resources.GetAZEntity).RequirePermissions(permissions.GraphDBRead),

diff --git a/cmd/api/src/api/v2/saved_queries.go b/cmd/api/src/api/v2/saved_queries.go
@@ -277,6 +277,6 @@ func (s Resources) UnshareSavedQuery(response http.ResponseWriter, request *http
 			api.WriteErrorResponse(request.Context(), api.BuildErrorResponse(http.StatusUnauthorized, "user does not have sufficient privileges to unshare query", request), response)
 		}
 
-		api.WriteBasicResponse(request.Context(), savedQueryBelongsToUser, http.StatusOK, response)
+		response.WriteHeader(http.StatusOK)
 	}
 }
diff --git a/cmd/api/src/api/v2/saved_queries_test.go b/cmd/api/src/api/v2/saved_queries_test.go
@@ -1400,7 +1400,7 @@ func TestResources_UnshareSavedQuery(t *testing.T) {
 	userId, err := uuid2.NewV4()
 	require.Nil(t, err)
 
-	endpoint := "/api/v2/saved-queries/{%s}"
+	endpoint := "/api/v2/saved-queries/{%s}/unshare"
 	savedQueryId := "1"
 
 	t.Run("user can unshare their owned saved query", func(t *testing.T) {
@@ -1416,7 +1416,7 @@ func TestResources_UnshareSavedQuery(t *testing.T) {
 			mockDB.EXPECT().DeleteSavedQueryPermissionsForUser(gomock.Any(), int64(1), gomock.Any()).Return(nil)
 		}
 
-		req, err := http.NewRequestWithContext(createContextWithOwnerId(userId), "DELETE", fmt.Sprintf(endpoint, savedQueryId), must.MarshalJSONReader(userIds))
+		req, err := http.NewRequestWithContext(createContextWithOwnerId(userId), http.MethodPut, fmt.Sprintf(endpoint, savedQueryId), must.MarshalJSONReader(userIds))
 		require.Nil(t, err)
 
 		req.Header.Set(headers.ContentType.String(), mediatypes.ApplicationJson.String())
@@ -1426,7 +1426,7 @@ func TestResources_UnshareSavedQuery(t *testing.T) {
 		handler := http.HandlerFunc(resources.UnshareSavedQuery)
 
 		handler.ServeHTTP(response, req)
-		require.Equal(t, http.StatusOK, response.Code)
+		assert.Equal(t, http.StatusOK, response.Code)
 	})
 
 	t.Run("user can unshare queries they do not own as an admin", func(t *testing.T) {
@@ -1442,7 +1442,7 @@ func TestResources_UnshareSavedQuery(t *testing.T) {
 			mockDB.EXPECT().DeleteSavedQueryPermissionsForUser(gomock.Any(), int64(1), gomock.Any()).Return(nil)
 		}
 
-		req, err := http.NewRequestWithContext(createContextWithAdminOwnerId(userId), "DELETE", fmt.Sprintf(endpoint, savedQueryId), must.MarshalJSONReader(userIds))
+		req, err := http.NewRequestWithContext(createContextWithAdminOwnerId(userId), http.MethodPut, fmt.Sprintf(endpoint, savedQueryId), must.MarshalJSONReader(userIds))
 		require.Nil(t, err)
 
 		req.Header.Set(headers.ContentType.String(), mediatypes.ApplicationJson.String())
@@ -1452,14 +1452,14 @@ func TestResources_UnshareSavedQuery(t *testing.T) {
 		handler := http.HandlerFunc(resources.UnshareSavedQuery)
 
 		handler.ServeHTTP(response, req)
-		require.Equal(t, http.StatusOK, response.Code)
+		assert.Equal(t, http.StatusOK, response.Code)
 	})
 
 	t.Run("error user sharing saved query that does not belong to them", func(t *testing.T) {
 		mockDB.EXPECT().SavedQueryBelongsToUser(gomock.Any(), userId, int64(1)).Return(false, nil)
 
 		var userIds []uuid.UUID
-		req, err := http.NewRequestWithContext(createContextWithOwnerId(userId), "DELETE", fmt.Sprintf(endpoint, savedQueryId), must.MarshalJSONReader(userIds))
+		req, err := http.NewRequestWithContext(createContextWithOwnerId(userId), http.MethodPut, fmt.Sprintf(endpoint, savedQueryId), must.MarshalJSONReader(userIds))
 		require.Nil(t, err)
 
 		req.Header.Set(headers.ContentType.String(), mediatypes.ApplicationJson.String())
@@ -1469,7 +1469,7 @@ func TestResources_UnshareSavedQuery(t *testing.T) {
 		handler := http.HandlerFunc(resources.UnshareSavedQuery)
 
 		handler.ServeHTTP(response, req)
-		require.Equal(t, http.StatusUnauthorized, response.Code)
+		assert.Equal(t, http.StatusUnauthorized, response.Code)
 	})
 }