diff --git a/superset/exceptions.py b/superset/exceptions.py index 2a902608a6a9..6ed3a0e8661e 100644 --- a/superset/exceptions.py +++ b/superset/exceptions.py @@ -149,7 +149,7 @@ def __init__( class SupersetSecurityException(SupersetErrorException): - status = 401 + status = 403 def __init__( self, error: SupersetError, payload: Optional[Dict[str, Any]] = None diff --git a/tests/integration_tests/charts/data/api_tests.py b/tests/integration_tests/charts/data/api_tests.py index cf6d0b537f14..2831c291c709 100644 --- a/tests/integration_tests/charts/data/api_tests.py +++ b/tests/integration_tests/charts/data/api_tests.py @@ -464,7 +464,7 @@ def test_with_invalid_time_range_endpoints_enum_value__400(self): assert rv.status_code == 400 - def test_with_not_permitted_actor__401(self): + def test_with_not_permitted_actor__403(self): """ Chart data API: Test chart data query not allowed """ @@ -472,7 +472,7 @@ def test_with_not_permitted_actor__401(self): self.login(username="gamma") rv = self.post_assert_metric(CHART_DATA_URI, self.query_context_payload, "data") - assert rv.status_code == 401 + assert rv.status_code == 403 assert ( rv.json["errors"][0]["error_type"] == SupersetErrorType.DATASOURCE_SECURITY_ACCESS_ERROR diff --git a/tests/integration_tests/dashboards/security/security_rbac_tests.py b/tests/integration_tests/dashboards/security/security_rbac_tests.py index c1be5a911ae3..bb97a35129fe 100644 --- a/tests/integration_tests/dashboards/security/security_rbac_tests.py +++ b/tests/integration_tests/dashboards/security/security_rbac_tests.py @@ -91,7 +91,7 @@ def test_get_dashboard_view__user_can_not_access_without_permission(self): request_payload = get_query_context("birth_names") rv = self.post_assert_metric(CHART_DATA_URI, request_payload, "data") - self.assertEqual(rv.status_code, 401) + self.assertEqual(rv.status_code, 403) # assert self.assert403(response)