fix: do not show internal model names in user facing error messages.

See #613 for a possible solution to the
pain renaming many distributed user facing model names.

Author: bencap

src/mavedb/lib/permissions/collection.py

@@ -73,7 +73,7 @@ def has_permission(user_data: Optional[UserData], entity: Collection, action: Ac
     if action not in handlers:
         supported_actions = ", ".join(a.value for a in handlers.keys())
         raise NotImplementedError(
-            f"Action '{action.value}' is not supported for Collection entities. "
+            f"Action '{action.value}' is not supported for collection entities. "
             f"Supported actions: {supported_actions}"
         )
 
@@ -129,7 +129,7 @@ def _handle_read_action(
     if roles_permitted(active_roles, [UserRole.admin]):
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, private, user_data, bool(collection_roles) or user_is_owner)
+    return deny_action_for_entity(entity, private, user_data, bool(collection_roles) or user_is_owner, "collection")
 
 
 def _handle_update_action(
@@ -169,7 +169,7 @@ def _handle_update_action(
     if roles_permitted(active_roles, [UserRole.admin]):
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, private, user_data, bool(collection_roles) or user_is_owner)
+    return deny_action_for_entity(entity, private, user_data, bool(collection_roles) or user_is_owner, "collection")
 
 
 def _handle_delete_action(
@@ -210,7 +210,7 @@ def _handle_delete_action(
         if user_is_owner and private:
             return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, private, user_data, bool(collection_roles) or user_is_owner)
+    return deny_action_for_entity(entity, private, user_data, bool(collection_roles) or user_is_owner, "collection")
 
 
 def _handle_publish_action(
@@ -249,7 +249,7 @@ def _handle_publish_action(
     if roles_permitted(active_roles, [UserRole.admin]):
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, private, user_data, bool(collection_roles) or user_is_owner)
+    return deny_action_for_entity(entity, private, user_data, bool(collection_roles) or user_is_owner, "collection")
 
 
 def _handle_add_experiment_action(
@@ -290,7 +290,7 @@ def _handle_add_experiment_action(
     if roles_permitted(active_roles, [UserRole.admin]):
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, private, user_data, bool(collection_roles) or user_is_owner)
+    return deny_action_for_entity(entity, private, user_data, bool(collection_roles) or user_is_owner, "collection")
 
 
 def _handle_add_score_set_action(
@@ -330,7 +330,7 @@ def _handle_add_score_set_action(
     if roles_permitted(active_roles, [UserRole.admin]):
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, private, user_data, bool(collection_roles) or user_is_owner)
+    return deny_action_for_entity(entity, private, user_data, bool(collection_roles) or user_is_owner, "collection")
 
 
 def _handle_add_role_action(
@@ -369,7 +369,7 @@ def _handle_add_role_action(
     if roles_permitted(active_roles, [UserRole.admin]):
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, private, user_data, bool(collection_roles) or user_is_owner)
+    return deny_action_for_entity(entity, private, user_data, bool(collection_roles) or user_is_owner, "collection")
 
 
 def _handle_add_badge_action(
@@ -402,4 +402,4 @@ def _handle_add_badge_action(
     if roles_permitted(active_roles, [UserRole.admin]):
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, private, user_data, bool(collection_roles) or user_is_owner)
+    return deny_action_for_entity(entity, private, user_data, bool(collection_roles) or user_is_owner, "collection")

src/mavedb/lib/permissions/experiment.py

@@ -58,7 +58,7 @@ def has_permission(user_data: Optional[UserData], entity: Experiment, action: Ac
     if action not in handlers:
         supported_actions = ", ".join(a.value for a in handlers.keys())
         raise NotImplementedError(
-            f"Action '{action.value}' is not supported for Experiment entities. "
+            f"Action '{action.value}' is not supported for experiment entities. "
             f"Supported actions: {supported_actions}"
         )
 
@@ -108,7 +108,7 @@ def _handle_read_action(
     if roles_permitted(active_roles, [UserRole.admin, UserRole.mapper]):
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner)
+    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner, "experiment")
 
 
 def _handle_update_action(
@@ -143,7 +143,7 @@ def _handle_update_action(
     if roles_permitted(active_roles, [UserRole.admin]):
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner)
+    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner, "experiment")
 
 
 def _handle_delete_action(
@@ -179,7 +179,7 @@ def _handle_delete_action(
     if user_is_owner and private:
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner)
+    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner, "experiment")
 
 
 def _handle_add_score_set_action(
@@ -218,4 +218,4 @@ def _handle_add_score_set_action(
     if not private and user_data is not None:
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner)
+    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner, "experiment")

src/mavedb/lib/permissions/experiment_set.py

@@ -58,7 +58,7 @@ def has_permission(user_data: Optional[UserData], entity: ExperimentSet, action:
     if action not in handlers:
         supported_actions = ", ".join(a.value for a in handlers.keys())
         raise NotImplementedError(
-            f"Action '{action.value}' is not supported for ExperimentSet entities. "
+            f"Action '{action.value}' is not supported for experiment set entities. "
             f"Supported actions: {supported_actions}"
         )
 
@@ -108,7 +108,7 @@ def _handle_read_action(
     if roles_permitted(active_roles, [UserRole.admin, UserRole.mapper]):
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner)
+    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner, "experiment set")
 
 
 def _handle_update_action(
@@ -143,7 +143,7 @@ def _handle_update_action(
     if roles_permitted(active_roles, [UserRole.admin]):
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner)
+    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner, "experiment set")
 
 
 def _handle_delete_action(
@@ -179,7 +179,7 @@ def _handle_delete_action(
     if user_is_owner and private:
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner)
+    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner, "experiment set")
 
 
 def _handle_add_experiment_action(
@@ -215,4 +215,4 @@ def _handle_add_experiment_action(
     if roles_permitted(active_roles, [UserRole.admin]):
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner)
+    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner, "experiment set")

src/mavedb/lib/permissions/score_calibration.py

@@ -64,7 +64,7 @@ def has_permission(user_data: Optional[UserData], entity: ScoreCalibration, acti
     if action not in handlers:
         supported_actions = ", ".join(a.value for a in handlers.keys())
         raise NotImplementedError(
-            f"Action '{action.value}' is not supported for ScoreCalibration entities. "
+            f"Action '{action.value}' is not supported for score calibration entities. "
             f"Supported actions: {supported_actions}"
         )
 
@@ -119,7 +119,7 @@ def _handle_read_action(
         return PermissionResponse(True)
 
     user_may_view_private = user_is_owner or (entity.investigator_provided and user_is_contributor_to_score_set)
-    return deny_action_for_entity(entity, private, user_data, user_may_view_private)
+    return deny_action_for_entity(entity, private, user_data, user_may_view_private, "score calibration")
 
 
 def _handle_update_action(
@@ -162,7 +162,7 @@ def _handle_update_action(
             return PermissionResponse(True)
 
     user_may_view_private = user_is_owner or (entity.investigator_provided and user_is_contributor_to_score_set)
-    return deny_action_for_entity(entity, private, user_data, user_may_view_private)
+    return deny_action_for_entity(entity, private, user_data, user_may_view_private, "score calibration")
 
 
 def _handle_delete_action(
@@ -198,7 +198,7 @@ def _handle_delete_action(
         return PermissionResponse(True)
 
     user_may_view_private = user_is_owner or (entity.investigator_provided and user_is_contributor_to_score_set)
-    return deny_action_for_entity(entity, private, user_data, user_may_view_private)
+    return deny_action_for_entity(entity, private, user_data, user_may_view_private, "score calibration")
 
 
 def _handle_publish_action(
@@ -235,7 +235,7 @@ def _handle_publish_action(
         return PermissionResponse(True)
 
     user_may_view_private = user_is_owner or (entity.investigator_provided and user_is_contributor_to_score_set)
-    return deny_action_for_entity(entity, private, user_data, user_may_view_private)
+    return deny_action_for_entity(entity, private, user_data, user_may_view_private, "score calibration")
 
 
 def _handle_change_rank_action(
@@ -274,4 +274,4 @@ def _handle_change_rank_action(
         return PermissionResponse(True)
 
     user_may_view_private = user_is_owner or (entity.investigator_provided and user_is_contributor_to_score_set)
-    return deny_action_for_entity(entity, private, user_data, user_may_view_private)
+    return deny_action_for_entity(entity, private, user_data, user_may_view_private, "score calibration")

src/mavedb/lib/permissions/score_set.py

@@ -59,7 +59,7 @@ def has_permission(user_data: Optional[UserData], entity: ScoreSet, action: Acti
     if action not in handlers:
         supported_actions = ", ".join(a.value for a in handlers.keys())
         raise NotImplementedError(
-            f"Action '{action.value}' is not supported for ScoreSet entities. "
+            f"Action '{action.value}' is not supported for score set entities. "
             f"Supported actions: {supported_actions}"
         )
 
@@ -109,7 +109,7 @@ def _handle_read_action(
     if roles_permitted(active_roles, [UserRole.admin, UserRole.mapper]):
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner)
+    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner, "score set")
 
 
 def _handle_update_action(
@@ -144,7 +144,7 @@ def _handle_update_action(
     if roles_permitted(active_roles, [UserRole.admin]):
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner)
+    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner, "score set")
 
 
 def _handle_delete_action(
@@ -180,7 +180,7 @@ def _handle_delete_action(
     if user_is_owner and private:
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner)
+    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner, "score set")
 
 
 def _handle_publish_action(
@@ -216,7 +216,7 @@ def _handle_publish_action(
     if roles_permitted(active_roles, [UserRole.admin]):
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner)
+    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner, "score set")
 
 
 def _handle_set_scores_action(
@@ -252,4 +252,4 @@ def _handle_set_scores_action(
     if roles_permitted(active_roles, [UserRole.admin]):
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner)
+    return deny_action_for_entity(entity, private, user_data, user_is_contributor or user_is_owner, "score set")

src/mavedb/lib/permissions/user.py

@@ -56,7 +56,8 @@ def has_permission(user_data: Optional[UserData], entity: User, action: Action)
     if action not in handlers:
         supported_actions = ", ".join(a.value for a in handlers.keys())
         raise NotImplementedError(
-            f"Action '{action.value}' is not supported for User entities. " f"Supported actions: {supported_actions}"
+            f"Action '{action.value}' is not supported for user profile entities. "
+            f"Supported actions: {supported_actions}"
         )
 
     return handlers[action](
@@ -101,7 +102,7 @@ def _handle_read_action(
     if roles_permitted(active_roles, [UserRole.admin]):
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, False, user_data, False)
+    return deny_action_for_entity(entity, False, user_data, False, "user profile")
 
 
 def _handle_lookup_action(
@@ -129,7 +130,7 @@ def _handle_lookup_action(
     if user_data is not None and user_data.user is not None:
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, False, user_data, False)
+    return deny_action_for_entity(entity, False, user_data, False, "user profile")
 
 
 def _handle_update_action(
@@ -160,7 +161,7 @@ def _handle_update_action(
     if roles_permitted(active_roles, [UserRole.admin]):
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, False, user_data, False)
+    return deny_action_for_entity(entity, False, user_data, False, "user profile")
 
 
 def _handle_add_role_action(
@@ -188,4 +189,4 @@ def _handle_add_role_action(
     if roles_permitted(active_roles, [UserRole.admin]):
         return PermissionResponse(True)
 
-    return deny_action_for_entity(entity, False, user_data, False)
+    return deny_action_for_entity(entity, False, user_data, False, "user profile")

src/mavedb/lib/permissions/utils.py

@@ -86,6 +86,7 @@ def deny_action_for_entity(
     private: bool,
     user_data: Optional[UserData],
     user_may_view_private: bool,
+    user_facing_model_name: str = "entity",
 ) -> PermissionResponse:
     """
     Generate appropriate denial response for entity permission checks.
@@ -118,14 +119,14 @@ def _identifier_for_entity(entity: EntityType) -> tuple[str, str]:
     field, identifier = _identifier_for_entity(entity)
     # Do not acknowledge the existence of a private score set.
     if private and not user_may_view_private:
-        return PermissionResponse(False, 404, f"{entity.__class__.__name__} with {field} '{identifier}' not found")
+        return PermissionResponse(False, 404, f"{user_facing_model_name} with {field} '{identifier}' not found")
     # No authenticated user is present.
     if user_data is None or user_data.user is None:
         return PermissionResponse(
-            False, 401, f"authentication required to access {entity.__class__.__name__} with {field} '{identifier}'"
+            False, 401, f"authentication required to access {user_facing_model_name} with {field} '{identifier}'"
         )
 
     # The authenticated user lacks sufficient permissions.
     return PermissionResponse(
-        False, 403, f"insufficient permissions on {entity.__class__.__name__} with {field} '{identifier}'"
+        False, 403, f"insufficient permissions on {user_facing_model_name} with {field} '{identifier}'"
     )

src/mavedb/routers/experiment_sets.py

@@ -57,7 +57,7 @@ def fetch_experiment_set(
         # the exception is raised, not returned - you will get a validation
         # error otherwise.
         logger.debug(msg="The requested resources does not exist.", extra=logging_context())
-        raise HTTPException(status_code=404, detail=f"Experiment set with URN {urn} not found")
+        raise HTTPException(status_code=404, detail=f"experiment set with URN {urn} not found")
     else:
         item.experiments.sort(key=attrgetter("urn"))
 

src/mavedb/routers/experiments.py

@@ -155,7 +155,7 @@ def fetch_experiment(
 
     if not item:
         logger.debug(msg="The requested experiment does not exist.", extra=logging_context())
-        raise HTTPException(status_code=404, detail=f"Experiment with URN {urn} not found")
+        raise HTTPException(status_code=404, detail=f"experiment with URN {urn} not found")
 
     assert_permission(user_data, item, Action.READ)
     return enrich_experiment_with_num_score_sets(item, user_data)
@@ -247,7 +247,7 @@ async def create_experiment(
             )
             raise HTTPException(
                 status_code=404,
-                detail=f"ExperimentSet with URN '{item_create.experiment_set_urn}' not found.",
+                detail=f"experiment set with URN '{item_create.experiment_set_urn}' not found.",
             )
 
         save_to_logging_context({"experiment_set": experiment_set.urn})

src/mavedb/routers/score_calibrations.py

@@ -84,7 +84,7 @@ async def get_score_calibrations_for_score_set(
 
     if not score_set:
         logger.debug("ScoreSet not found", extra=logging_context())
-        raise HTTPException(status_code=404, detail=f"ScoreSet with URN '{score_set_urn}' not found")
+        raise HTTPException(status_code=404, detail=f"score set with URN '{score_set_urn}' not found")
 
     assert_permission(user_data, score_set, Action.READ)
 
@@ -124,7 +124,7 @@ async def get_primary_score_calibrations_for_score_set(
     score_set = db.query(ScoreSet).filter(ScoreSet.urn == score_set_urn).one_or_none()
     if not score_set:
         logger.debug("ScoreSet not found", extra=logging_context())
-        raise HTTPException(status_code=404, detail=f"ScoreSet with URN '{score_set_urn}' not found")
+        raise HTTPException(status_code=404, detail=f"score set with URN '{score_set_urn}' not found")
 
     assert_permission(user_data, score_set, Action.READ)
 
@@ -184,7 +184,7 @@ async def create_score_calibration_route(
     score_set = db.query(ScoreSet).filter(ScoreSet.urn == calibration.score_set_urn).one_or_none()
     if not score_set:
         logger.debug("ScoreSet not found", extra=logging_context())
-        raise HTTPException(status_code=404, detail=f"ScoreSet with URN '{calibration.score_set_urn}' not found")
+        raise HTTPException(status_code=404, detail=f"score set with URN '{calibration.score_set_urn}' not found")
 
     # TODO#539: Allow any authenticated user to upload a score calibration for a score set, not just those with
     #           permission to update the score set itself.
@@ -222,7 +222,7 @@ async def modify_score_calibration_route(
         if not score_set:
             logger.debug("ScoreSet not found", extra=logging_context())
             raise HTTPException(
-                status_code=404, detail=f"ScoreSet with URN '{calibration_update.score_set_urn}' not found"
+                status_code=404, detail=f"score set with URN '{calibration_update.score_set_urn}' not found"
             )
 
         # TODO#539: Allow any authenticated user to upload a score calibration for a score set, not just those with