refactor(auth): add robust validation for role updates

fulleni · fulleni · commit 6f81b7f15595 · 2025-10-31T07:13:53.000+01:00
Adds try-catch blocks around the byName() enum parsing for appRole and dashboardRole in the user updater logic. This prevents unhandled ArgumentError exceptions when a client provides an invalid role string.

Instead of causing a 500 Internal Server Error, the API will now correctly return a 400 Bad Request with a clear error message, improving client-side error handling and API robustness.
diff --git a/lib/src/registry/data_operation_registry.dart b/lib/src/registry/data_operation_registry.dart
@@ -238,16 +238,28 @@ class DataOperationRegistry {
 
         AppUserRole? newAppRole;
         if (requestBody.containsKey('appRole')) {
-          newAppRole = AppUserRole.values.byName(
-            requestBody['appRole'] as String,
-          );
+          try {
+            newAppRole = AppUserRole.values.byName(
+              requestBody['appRole'] as String,
+            );
+          } on ArgumentError {
+            throw BadRequestException(
+              'Invalid value for "appRole": "${requestBody['appRole']}".',
+            );
+          }
         }
 
         DashboardUserRole? newDashboardRole;
         if (requestBody.containsKey('dashboardRole')) {
-          newDashboardRole = DashboardUserRole.values.byName(
-            requestBody['dashboardRole'] as String,
-          );
+          try {
+            newDashboardRole = DashboardUserRole.values.byName(
+              requestBody['dashboardRole'] as String,
+            );
+          } on ArgumentError {
+            throw BadRequestException(
+              'Invalid value for "dashboardRole": "${requestBody['dashboardRole']}".',
+            );
+          }
         }
 
         Map<FeedDecoratorType, UserFeedDecoratorStatus>? newStatus;
