From a1b96c6cee88215bf69f18777c0b40bbab2e2b10 Mon Sep 17 00:00:00 2001
From: Tim Chamberlain <tchamberlain76@gmail.com>
Date: Fri, 5 May 2023 13:05:35 -0500
Subject: [PATCH] updated to hide hidden fields in frontentmetadata, updated
 error responses

---
 .../model/metadata/frontend/QFrontendTableMetaData.java   | 8 ++++++--
 .../com/kingsrook/qqq/api/javalin/QJavalinApiHandler.java | 4 ++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/model/metadata/frontend/QFrontendTableMetaData.java b/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/model/metadata/frontend/QFrontendTableMetaData.java
index 199d42a6..e524a970 100644
--- a/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/model/metadata/frontend/QFrontendTableMetaData.java
+++ b/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/model/metadata/frontend/QFrontendTableMetaData.java
@@ -91,9 +91,13 @@ public class QFrontendTableMetaData
       {
          this.primaryKeyField = tableMetaData.getPrimaryKeyField();
          this.fields = new HashMap<>();
-         for(Map.Entry<String, QFieldMetaData> entry : tableMetaData.getFields().entrySet())
+         for(String fieldName : tableMetaData.getFields().keySet())
          {
-            this.fields.put(entry.getKey(), new QFrontendFieldMetaData(entry.getValue()));
+            QFieldMetaData field = tableMetaData.getField(fieldName);
+            if(!field.getIsHidden())
+            {
+               this.fields.put(fieldName, new QFrontendFieldMetaData(field));
+            }
          }
 
          this.sections = tableMetaData.getSections();
diff --git a/qqq-middleware-api/src/main/java/com/kingsrook/qqq/api/javalin/QJavalinApiHandler.java b/qqq-middleware-api/src/main/java/com/kingsrook/qqq/api/javalin/QJavalinApiHandler.java
index 6c559ee7..5bcd5f02 100644
--- a/qqq-middleware-api/src/main/java/com/kingsrook/qqq/api/javalin/QJavalinApiHandler.java
+++ b/qqq-middleware-api/src/main/java/com/kingsrook/qqq/api/javalin/QJavalinApiHandler.java
@@ -1131,13 +1131,13 @@ public class QJavalinApiHandler
       {
          if(e instanceof QAuthenticationException)
          {
-            respondWithError(context, HttpStatus.Code.UNAUTHORIZED, e.getMessage(), apiLog); // 401
+            respondWithError(context, HttpStatus.Code.UNAUTHORIZED, "The required authentication credentials were missing or invalid.", apiLog); // 401
             return;
          }
 
          if(e instanceof QPermissionDeniedException)
          {
-            respondWithError(context, HttpStatus.Code.FORBIDDEN, e.getMessage(), apiLog); // 403
+            respondWithError(context, HttpStatus.Code.FORBIDDEN, "You do not have permission to access the requested resource.", apiLog); // 403
             return;
          }