fix(security): use generic forbidden message to avoid leaking required role

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-06 19:46:24 +02:00
parent 40ee4dad53
commit 40a6a0e92d
2 changed files with 2 additions and 2 deletions
--- a/backend/src/test/java/com/recipeapp/common/HouseholdRoleInterceptorTest.java
+++ b/backend/src/test/java/com/recipeapp/common/HouseholdRoleInterceptorTest.java
@@ -62,7 +62,7 @@ class HouseholdRoleInterceptorTest {

        assertThatThrownBy(() -> interceptor.preHandle(request, response, handlerMethod))
                .isInstanceOf(ForbiddenException.class)
-                .hasMessageContaining("planner");
+                .hasMessage("Insufficient permissions");
    }

    @Test