From d32c89d768a8191aaae624c2303052ad77e5f4ba Mon Sep 17 00:00:00 2001
From: androidlover5842 <androidlover5842@gmail.com>
Date: Tue, 27 Jan 2026 01:26:06 +0530
Subject: [PATCH] Improve property access denial reasons

---
 .../component/PropertyAccess.kt               | 22 ++++++++++++++-----
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/src/main/kotlin/com/android/trisolarisserver/component/PropertyAccess.kt b/src/main/kotlin/com/android/trisolarisserver/component/PropertyAccess.kt
index fbf5b3e..27165e0 100644
--- a/src/main/kotlin/com/android/trisolarisserver/component/PropertyAccess.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/component/PropertyAccess.kt
@@ -14,15 +14,25 @@ class PropertyAccess(
 ) {
     fun requireMember(propertyId: UUID, userId: UUID) {
         val user = appUserRepo.findById(userId).orElse(null)
-        if (user?.superAdmin == true) return
-        if (!repo.existsByIdPropertyIdAndIdUserId(propertyId, userId))
-            throw AccessDeniedException("No access to property")
+        if (user == null) {
+            throw AccessDeniedException("No access to property (user not found)")
+        }
+        if (user.superAdmin) {
+            return
+        }
+        if (!repo.existsByIdPropertyIdAndIdUserId(propertyId, userId)) {
+            throw AccessDeniedException("No access to property (not a member)")
+        }
     }
 
     fun requireAnyRole(propertyId: UUID, userId: UUID, vararg roles: Role) {
         val user = appUserRepo.findById(userId).orElse(null)
-        if (user?.superAdmin == true) return
-        if (!repo.hasAnyRole(propertyId, userId, roles.toSet()))
-            throw AccessDeniedException("Missing role")
+        if (user == null) {
+            throw AccessDeniedException("Missing role (user not found)")
+        }
+        if (user.superAdmin) return
+        if (!repo.hasAnyRole(propertyId, userId, roles.toSet())) {
+            throw AccessDeniedException("Missing role (no matching roles)")
+        }
     }
 }