`UserHandler->getDatabases` not getting 401 reponse with ArangoDB 3.2 when user has no access

[frankmayer]

@jsteemann I am posting this here because I am not sure if it should be 403 or 401 in those cases that fail (see test on travis). However, I think there should be some 40x response at this point.

While re-running the ArangoDB-PHP testsuite before tagging the 3.2.0 release of the PHP driver, several errors came up, that were not there in a prior test with some of the early betas.
Test(https://travis-ci.org/arangodb/arangodb-php/jobs/251986282)

Three of the tests expect to get an exception from the Server, stating that the user has no access to the _system database (or even a 403 that the user has no access at all?)

How to recreate this:

1. create a user with permissions to the _system DB.
2. Revoke the permissions.
3. check with the API url GET /_api/user/{user}/database/

Expected result: return with 401 (or 403)
Actual: 200OK with an empty result object

[jsteemann]

Thanks for reporting this.
It is indeed a bug.
I have fixed it locally and opened a PR for the ArangoDB main repository. When it is accepted and we have a nightly build that contains the changes, I will update this issue.

[jsteemann]

Should be fixed by now.