Design discussion: error handling and HTTP status codes

This ticket is for a design discussion about standardizing our use of Exceptions and general error handling. This should include:

• Sharing some of the articles about use of Exceptions (Josh had a specific example about the billion-dollar mistake)

• Sharing example code about a pattern for error handling (Josh)

• Then reviewing, perhaps in a screensharing meeting, to review this pattern and talk about any concerns (like concerns that this will cause lots of boilerplate code). It's possible a single meeting can address this, and then we document and share a decision with the group (such as on the dev list in google groups).

• Summarize our decision in writing with a list of what kinds of situations should trigger which kinds of Exceptions and errors. EG:

  • Database cannot be reached -> Exception -> HTTP 500

  • User tries approving a Requisition that they do not have permissions to approve -> error handling -> HTTP 4__ and error message "123: You do not have permissions to approve this Requisition"

• It's also possible this will turn into other tickets for assignments to implement a new pattern.

Josh and Jake and Pawel all have opinions on how we handle Exceptions and error codes, meaning HTTP response status code as well as a error message inside our response.

Examples in the current code that we want to reconsider:

• Trying to retrieve a deleted requisition or trying to retrieve one that never existed (an ID that has never been used). Currently asking for a non-existent requisition ID appears to result in an exception being thrown and a 500 level event being returned. This user input should be handled properly, and a BAD REQUEST returned.

Note that https://openlmis.atlassian.net/browse/OLMIS-590#icft=OLMIS-590 includes a PDF document about standardized error handling.