feat(auth): Added InsufficientPermissionError type

firebase_admin/_auth_utils.py

@@ -211,6 +211,18 @@ def __init__(self, message, cause, http_response):
         exceptions.AlreadyExistsError.__init__(self, message, cause, http_response)
 
 
+class InsufficientPermissionError(exceptions.PermissionDeniedError):
+    """The credential used to initialize the SDK lacks required permissions."""
+
+    default_message = ('The credential used to initialize the SDK has insufficient '
+                       'permissions to perform the requested operation. See '
+                       'https://firebase.google.com/docs/admin/setup for details '
+                       'on how to initialize the Admin SDK with appropriate permissions')
+
+    def __init__(self, message, cause, http_response):
+        exceptions.PermissionDeniedError.__init__(self, message, cause, http_response)
+
+
 class InvalidDynamicLinkDomainError(exceptions.InvalidArgumentError):
     """Dynamic link domain in ActionCodeSettings is not authorized."""
 
@@ -258,6 +270,7 @@ def __init__(self, message, cause=None, http_response=None):
     'DUPLICATE_EMAIL': EmailAlreadyExistsError,
     'DUPLICATE_LOCAL_ID': UidAlreadyExistsError,
     'EMAIL_EXISTS': EmailAlreadyExistsError,
+    'INSUFFICIENT_PERMISSION': InsufficientPermissionError,
     'INVALID_DYNAMIC_LINK_DOMAIN': InvalidDynamicLinkDomainError,
     'INVALID_ID_TOKEN': InvalidIdTokenError,
     'PHONE_NUMBER_EXISTS': PhoneNumberAlreadyExistsError,

firebase_admin/auth.py

@@ -43,6 +43,7 @@
     'ExpiredSessionCookieError',
     'ExportedUserRecord',
     'ImportUserRecord',
+    'InsufficientPermissionError',
     'InvalidDynamicLinkDomainError',
     'InvalidIdTokenError',
     'InvalidSessionCookieError',
@@ -89,6 +90,7 @@
 ExpiredSessionCookieError = _token_gen.ExpiredSessionCookieError
 ExportedUserRecord = _user_mgt.ExportedUserRecord
 ImportUserRecord = _user_import.ImportUserRecord
+InsufficientPermissionError = _auth_utils.InsufficientPermissionError
 InvalidDynamicLinkDomainError = _auth_utils.InvalidDynamicLinkDomainError
 InvalidIdTokenError = _auth_utils.InvalidIdTokenError
 InvalidSessionCookieError = _token_gen.InvalidSessionCookieError

tests/test_user_mgt.py

@@ -743,6 +743,21 @@ def test_list_users_error(self, user_mgt_app):
             auth.list_users(app=user_mgt_app)
         assert str(excinfo.value) == 'Unexpected error response: {"error":"test"}'
 
+    def test_permission_error(self, user_mgt_app):
+        _instrument_user_manager(
+            user_mgt_app, 400, '{"error": {"message": "INSUFFICIENT_PERMISSION"}}')
+        with pytest.raises(auth.InsufficientPermissionError) as excinfo:
+            auth.list_users(app=user_mgt_app)
+        assert isinstance(excinfo.value, exceptions.PermissionDeniedError)
+        msg = ('The credential used to initialize the SDK has insufficient '
+               'permissions to perform the requested operation. See '
+               'https://firebase.google.com/docs/admin/setup for details '
+               'on how to initialize the Admin SDK with appropriate permissions '
+               '(INSUFFICIENT_PERMISSION).')
+        assert str(excinfo.value) == msg
+        assert excinfo.value.http_response is not None
+        assert excinfo.value.cause is not None
+
     def _check_page(self, page):
         assert isinstance(page, auth.ListUsersPage)
         index = 0