Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use 403 when actions are forbidden, not 401 #522

Merged
merged 1 commit into from
Mar 15, 2023
Merged

Use 403 when actions are forbidden, not 401 #522

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions ckanext/harvest/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -517,7 +517,7 @@ def _get_source_for_job(source_id):
except tk.ObjectNotFound:
return tk.abort(404, _('Harvest source not found'))
except tk.NotAuthorized:
return tk.abort(401, _not_auth_message())
return tk.abort(403, _not_auth_message())
except Exception as e:
msg = 'An error occurred: [%s]' % str(e)
return tk.abort(500, msg)
Expand All @@ -537,7 +537,7 @@ def admin_view(id):
except tk.ObjectNotFound:
return tk.abort(404, _('Harvest source not found'))
except tk.NotAuthorized:
return tk.abort(401, _not_auth_message())
return tk.abort(403, _not_auth_message())


def job_show_last_view(source):
Expand Down Expand Up @@ -579,7 +579,7 @@ def job_show_view(id, source_dict=False, is_last=False):
except tk.ObjectNotFound:
return tk.abort(404, _('Harvest job not found'))
except tk.NotAuthorized:
return tk.abort(401, _not_auth_message())
return tk.abort(403, _not_auth_message())
except Exception as e:
msg = 'An error occurred: [%s]' % str(e)
return tk.abort(500, msg)
Expand Down Expand Up @@ -607,7 +607,7 @@ def job_list_view(source):
except tk.ObjectNotFound:
return tk.abort(404, _('Harvest source not found'))
except tk.NotAuthorized:
return tk.abort(401, _not_auth_message())
return tk.abort(403, _not_auth_message())
except Exception as e:
msg = 'An error occurred: [%s]' % str(e)
return tk.abort(500, msg)
Expand All @@ -625,7 +625,7 @@ def about_view(id):
except tk.ObjectNotFound:
return tk.abort(404, _('Harvest source not found'))
except tk.NotAuthorized:
return tk.abort(401, _not_auth_message())
return tk.abort(403, _not_auth_message())


def job_abort_view(source, id):
Expand All @@ -638,7 +638,7 @@ def job_abort_view(source, id):
except tk.ObjectNotFound:
return tk.abort(404, _('Harvest job not found'))
except tk.NotAuthorized:
return tk.abort(401, _not_auth_message())
return tk.abort(403, _not_auth_message())
except Exception as e:
msg = 'An error occurred: [%s]' % str(e)
return tk.abort(500, msg)
Expand All @@ -659,7 +659,7 @@ def refresh_view(id):
except tk.ObjectNotFound:
return tk.abort(404, _('Harvest source not found'))
except tk.NotAuthorized:
return tk.abort(401, _not_auth_message())
return tk.abort(403, _not_auth_message())
except HarvestSourceInactiveError:
h.flash_error(
_('Cannot create new harvest jobs on inactive '
Expand All @@ -685,7 +685,7 @@ def clear_view(id):
except tk.ObjectNotFound:
return tk.abort(404, _('Harvest source not found'))
except tk.NotAuthorized:
return tk.abort(401, _not_auth_message())
return tk.abort(403, _not_auth_message())
except Exception as e:
msg = 'An error occurred: [%s]' % str(e)
h.flash_error(msg)
Expand Down Expand Up @@ -716,7 +716,7 @@ def delete_view(id):
except tk.ObjectNotFound:
return tk.abort(404, _('Harvest source not found'))
except tk.NotAuthorized:
return tk.abort(401, _not_auth_message())
return tk.abort(403, _not_auth_message())


def object_show_view(id, ref_type, response):
Expand Down Expand Up @@ -762,7 +762,7 @@ def object_show_view(id, ref_type, response):
except tk.ObjectNotFound as e:
return tk.abort(404, _(str(e)))
except tk.NotAuthorized:
return tk.abort(401, _not_auth_message())
return tk.abort(403, _not_auth_message())
except Exception as e:
msg = 'An error occurred: [%s]' % str(e)
return tk.abort(500, msg)