From c0eca9469d4433c89958568c3ae1f2f156b00d51 Mon Sep 17 00:00:00 2001
From: Gordon Krieger <gordon.krieger@gmail.com>
Date: Mon, 4 Dec 2023 18:28:59 +0000
Subject: [PATCH] correct handling for individual records by id

---
 bento_beacon/endpoints/individuals.py | 12 ++++++++++--
 bento_beacon/utils/exceptions.py      |  6 ++++++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/bento_beacon/endpoints/individuals.py b/bento_beacon/endpoints/individuals.py
index df116aa9..2f6b71a4 100644
--- a/bento_beacon/endpoints/individuals.py
+++ b/bento_beacon/endpoints/individuals.py
@@ -28,6 +28,7 @@
 )
 from ..utils.search import biosample_id_search
 from ..utils.handover_utils import handover_for_ids
+from ..utils.exceptions import NotFoundException
 
 individuals = Blueprint("individuals", __name__)
 
@@ -122,11 +123,18 @@ def individuals_full_results(ids):
     return result_sets, numTotalResults
 
 
+# forbidden / unauthorized if no permissions
 @individuals.route("/individuals/<id>", methods=['GET', 'POST'])
 @authz_middleware.deco_require_permissions_on_resource({P_QUERY_DATA})
 def individual_by_id(id):
-    # forbidden / unauthorized if no permissions
-    return beacon_result_set_response([id], 1)
+    result_sets, numTotalResults = individuals_full_results([id])
+
+    # return 404 if not found
+    # only authorized users will get 404 here, so this can't be used to probe ids
+    if not result_sets:
+        raise NotFoundException()
+    
+    return beacon_result_set_response(result_sets, numTotalResults)
 
 
 # -------------------------------------------------------
diff --git a/bento_beacon/utils/exceptions.py b/bento_beacon/utils/exceptions.py
index 26f2603e..9ea7bc00 100644
--- a/bento_beacon/utils/exceptions.py
+++ b/bento_beacon/utils/exceptions.py
@@ -21,3 +21,9 @@ def __init__(self, message="Invalid query", status_code=400):
         self.message = message
         self.status_code = status_code
 
+
+class NotFoundException(APIException):
+    def __init__(self, message="Not found", status_code=404):
+        super().__init__()
+        self.message = message
+        self.status_code = status_code