Use 403 when actions are forbidden, not 401

following ckan core
https://github.com/ckan/ckan/pull/2846
This commit is contained in:
Fuhu Xia 2023-03-13 13:27:13 -04:00
parent 74a8b2fdfe
commit 17e9102bb9
1 changed files with 10 additions and 10 deletions

View File

@ -517,7 +517,7 @@ def _get_source_for_job(source_id):
except tk.ObjectNotFound: except tk.ObjectNotFound:
return tk.abort(404, _('Harvest source not found')) return tk.abort(404, _('Harvest source not found'))
except tk.NotAuthorized: except tk.NotAuthorized:
return tk.abort(401, _not_auth_message()) return tk.abort(403, _not_auth_message())
except Exception as e: except Exception as e:
msg = 'An error occurred: [%s]' % str(e) msg = 'An error occurred: [%s]' % str(e)
return tk.abort(500, msg) return tk.abort(500, msg)
@ -537,7 +537,7 @@ def admin_view(id):
except tk.ObjectNotFound: except tk.ObjectNotFound:
return tk.abort(404, _('Harvest source not found')) return tk.abort(404, _('Harvest source not found'))
except tk.NotAuthorized: except tk.NotAuthorized:
return tk.abort(401, _not_auth_message()) return tk.abort(403, _not_auth_message())
def job_show_last_view(source): def job_show_last_view(source):
@ -579,7 +579,7 @@ def job_show_view(id, source_dict=False, is_last=False):
except tk.ObjectNotFound: except tk.ObjectNotFound:
return tk.abort(404, _('Harvest job not found')) return tk.abort(404, _('Harvest job not found'))
except tk.NotAuthorized: except tk.NotAuthorized:
return tk.abort(401, _not_auth_message()) return tk.abort(403, _not_auth_message())
except Exception as e: except Exception as e:
msg = 'An error occurred: [%s]' % str(e) msg = 'An error occurred: [%s]' % str(e)
return tk.abort(500, msg) return tk.abort(500, msg)
@ -607,7 +607,7 @@ def job_list_view(source):
except tk.ObjectNotFound: except tk.ObjectNotFound:
return tk.abort(404, _('Harvest source not found')) return tk.abort(404, _('Harvest source not found'))
except tk.NotAuthorized: except tk.NotAuthorized:
return tk.abort(401, _not_auth_message()) return tk.abort(403, _not_auth_message())
except Exception as e: except Exception as e:
msg = 'An error occurred: [%s]' % str(e) msg = 'An error occurred: [%s]' % str(e)
return tk.abort(500, msg) return tk.abort(500, msg)
@ -625,7 +625,7 @@ def about_view(id):
except tk.ObjectNotFound: except tk.ObjectNotFound:
return tk.abort(404, _('Harvest source not found')) return tk.abort(404, _('Harvest source not found'))
except tk.NotAuthorized: except tk.NotAuthorized:
return tk.abort(401, _not_auth_message()) return tk.abort(403, _not_auth_message())
def job_abort_view(source, id): def job_abort_view(source, id):
@ -638,7 +638,7 @@ def job_abort_view(source, id):
except tk.ObjectNotFound: except tk.ObjectNotFound:
return tk.abort(404, _('Harvest job not found')) return tk.abort(404, _('Harvest job not found'))
except tk.NotAuthorized: except tk.NotAuthorized:
return tk.abort(401, _not_auth_message()) return tk.abort(403, _not_auth_message())
except Exception as e: except Exception as e:
msg = 'An error occurred: [%s]' % str(e) msg = 'An error occurred: [%s]' % str(e)
return tk.abort(500, msg) return tk.abort(500, msg)
@ -659,7 +659,7 @@ def refresh_view(id):
except tk.ObjectNotFound: except tk.ObjectNotFound:
return tk.abort(404, _('Harvest source not found')) return tk.abort(404, _('Harvest source not found'))
except tk.NotAuthorized: except tk.NotAuthorized:
return tk.abort(401, _not_auth_message()) return tk.abort(403, _not_auth_message())
except HarvestSourceInactiveError: except HarvestSourceInactiveError:
h.flash_error( h.flash_error(
_('Cannot create new harvest jobs on inactive ' _('Cannot create new harvest jobs on inactive '
@ -685,7 +685,7 @@ def clear_view(id):
except tk.ObjectNotFound: except tk.ObjectNotFound:
return tk.abort(404, _('Harvest source not found')) return tk.abort(404, _('Harvest source not found'))
except tk.NotAuthorized: except tk.NotAuthorized:
return tk.abort(401, _not_auth_message()) return tk.abort(403, _not_auth_message())
except Exception as e: except Exception as e:
msg = 'An error occurred: [%s]' % str(e) msg = 'An error occurred: [%s]' % str(e)
h.flash_error(msg) h.flash_error(msg)
@ -716,7 +716,7 @@ def delete_view(id):
except tk.ObjectNotFound: except tk.ObjectNotFound:
return tk.abort(404, _('Harvest source not found')) return tk.abort(404, _('Harvest source not found'))
except tk.NotAuthorized: except tk.NotAuthorized:
return tk.abort(401, _not_auth_message()) return tk.abort(403, _not_auth_message())
def object_show_view(id, ref_type, response): def object_show_view(id, ref_type, response):
@ -762,7 +762,7 @@ def object_show_view(id, ref_type, response):
except tk.ObjectNotFound as e: except tk.ObjectNotFound as e:
return tk.abort(404, _(str(e))) return tk.abort(404, _(str(e)))
except tk.NotAuthorized: except tk.NotAuthorized:
return tk.abort(401, _not_auth_message()) return tk.abort(403, _not_auth_message())
except Exception as e: except Exception as e:
msg = 'An error occurred: [%s]' % str(e) msg = 'An error occurred: [%s]' % str(e)
return tk.abort(500, msg) return tk.abort(500, msg)