From 0f8a0eaf4a681c4a7e30a3de36df44384fe081ae Mon Sep 17 00:00:00 2001
From: Alex van Andel <me@alexvanandel.com>
Date: Wed, 17 Apr 2024 17:00:21 +0100
Subject: [PATCH] fix: 500 on forbidden showing up in logs (#14636)

---
 ...t-types-single-view.getServerSideProps.tsx | 25 +++++++++++++++----
 .../server/routers/viewer/eventTypes/util.ts  |  3 +--
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/apps/web/modules/event-types/views/event-types-single-view.getServerSideProps.tsx b/apps/web/modules/event-types/views/event-types-single-view.getServerSideProps.tsx
index dae0a1bf1bee8e..8a2034b2cf6307 100644
--- a/apps/web/modules/event-types/views/event-types-single-view.getServerSideProps.tsx
+++ b/apps/web/modules/event-types/views/event-types-single-view.getServerSideProps.tsx
@@ -34,11 +34,26 @@ export const getServerSideProps = async (context: GetServerSidePropsContext) =>
     } as const;
     return redirect;
   }
-
-  await ssr.viewer.eventTypes.get.prefetch({ id: typeParam });
-
-  const { eventType } = await ssr.viewer.eventTypes.get.fetch({ id: typeParam });
-
+  const getEventTypeById = async (eventTypeId: number) => {
+    await ssr.viewer.eventTypes.get.prefetch({ id: eventTypeId });
+    try {
+      const { eventType } = await ssr.viewer.eventTypes.get.fetch({ id: eventTypeId });
+      return eventType;
+    } catch (e: unknown) {
+      // reject, user has no access to this event type.
+      return null;
+    }
+  };
+  const eventType = await getEventTypeById(typeParam);
+  if (!eventType) {
+    const redirect = {
+      redirect: {
+        permanent: false,
+        destination: "/event-types",
+      },
+    } as const;
+    return redirect;
+  }
   return {
     props: {
       eventType,
diff --git a/packages/trpc/server/routers/viewer/eventTypes/util.ts b/packages/trpc/server/routers/viewer/eventTypes/util.ts
index 857311622c5e9f..5e4c179d3bb8eb 100644
--- a/packages/trpc/server/routers/viewer/eventTypes/util.ts
+++ b/packages/trpc/server/routers/viewer/eventTypes/util.ts
@@ -56,8 +56,7 @@ export const eventOwnerProcedure = authedProcedure
     })();
 
     if (!isAuthorized) {
-      console.warn(`User ${ctx.user.id} attempted to an access an event ${event.id} they do not own.`);
-      throw new TRPCError({ code: "UNAUTHORIZED" });
+      throw new TRPCError({ code: "FORBIDDEN" });
     }
 
     const isAllowed = (function () {