fix: change 401 response to a 403 for Security Exceptions (#17768)

* fix: change 401 to 403 for Security Exceptions * updating tests to reflect new (proper) status code * another test update
apache · Dec 16, 2021 · 3aa1161 · 3aa1161
1 parent 71e4131
commit 3aa1161
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/superset/exceptions.py b/superset/exceptions.py
@@ -149,7 +149,7 @@ def __init__(
 
 
 class SupersetSecurityException(SupersetErrorException):
-    status = 401
+    status = 403
 
     def __init__(
         self, error: SupersetError, payload: Optional[Dict[str, Any]] = None

diff --git a/tests/integration_tests/charts/data/api_tests.py b/tests/integration_tests/charts/data/api_tests.py
@@ -464,15 +464,15 @@ def test_with_invalid_time_range_endpoints_enum_value__400(self):
 
         assert rv.status_code == 400
 
-    def test_with_not_permitted_actor__401(self):
+    def test_with_not_permitted_actor__403(self):
         """
         Chart data API: Test chart data query not allowed
         """
         self.logout()
         self.login(username="gamma")
         rv = self.post_assert_metric(CHART_DATA_URI, self.query_context_payload, "data")
 
-        assert rv.status_code == 401
+        assert rv.status_code == 403
         assert (
             rv.json["errors"][0]["error_type"]
             == SupersetErrorType.DATASOURCE_SECURITY_ACCESS_ERROR

diff --git a/tests/integration_tests/dashboards/security/security_rbac_tests.py b/tests/integration_tests/dashboards/security/security_rbac_tests.py
@@ -91,7 +91,7 @@ def test_get_dashboard_view__user_can_not_access_without_permission(self):
 
         request_payload = get_query_context("birth_names")
         rv = self.post_assert_metric(CHART_DATA_URI, request_payload, "data")
-        self.assertEqual(rv.status_code, 401)
+        self.assertEqual(rv.status_code, 403)
 
         # assert
         self.assert403(response)