Returns 404 for WUI unauthorised access.

Instead of sending the user to the login page and logging them out, this change will instead give the user a 404. This is currently only applied to deleted datasets.
ckan · Jan 14, 2016 · 8f64f4c · 8f64f4c
1 parent 71ee8fc
commit 8f64f4c
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 4 deletions.
diff --git a/ckan/controllers/package.py b/ckan/controllers/package.py
@@ -361,10 +361,8 @@ def read(self, id):
         try:
             c.pkg_dict = get_action('package_show')(context, data_dict)
             c.pkg = context['package']
-        except NotFound:
+        except (NotFound, NotAuthorized):
             abort(404, _('Dataset not found'))
-        except NotAuthorized:
-            abort(401, _('Unauthorized to read package %s') % id)
 
         # used by disqus plugin
         c.current_package_id = c.pkg.id

diff --git a/ckan/tests/legacy/functional/test_package.py b/ckan/tests/legacy/functional/test_package.py
@@ -683,7 +683,7 @@ def teardown_class(self):
 
     def test_read(self):
         offset = url_for(controller='package', action='read', id=self.non_active_name)
-        res = self.app.get(offset, status=[302, 401])
+        res = self.app.get(offset, status=[404])
 
 
     def test_read_as_admin(self):