From 8f64f4c05ea5967d85c40773c57943046595de5b Mon Sep 17 00:00:00 2001 From: Ross Jones Date: Thu, 14 Jan 2016 21:25:15 +0000 Subject: [PATCH] Returns 404 for WUI unauthorised access. Instead of sending the user to the login page and logging them out, this change will instead give the user a 404. This is currently only applied to deleted datasets. --- ckan/controllers/package.py | 4 +--- ckan/tests/legacy/functional/test_package.py | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/ckan/controllers/package.py b/ckan/controllers/package.py index 40dcd152456..519209c9f09 100644 --- a/ckan/controllers/package.py +++ b/ckan/controllers/package.py @@ -361,10 +361,8 @@ def read(self, id): try: c.pkg_dict = get_action('package_show')(context, data_dict) c.pkg = context['package'] - except NotFound: + except (NotFound, NotAuthorized): abort(404, _('Dataset not found')) - except NotAuthorized: - abort(401, _('Unauthorized to read package %s') % id) # used by disqus plugin c.current_package_id = c.pkg.id diff --git a/ckan/tests/legacy/functional/test_package.py b/ckan/tests/legacy/functional/test_package.py index a2320fbb29d..d4b8e2ef5eb 100644 --- a/ckan/tests/legacy/functional/test_package.py +++ b/ckan/tests/legacy/functional/test_package.py @@ -683,7 +683,7 @@ def teardown_class(self): def test_read(self): offset = url_for(controller='package', action='read', id=self.non_active_name) - res = self.app.get(offset, status=[302, 401]) + res = self.app.get(offset, status=[404]) def test_read_as_admin(self):