Mercurial > libervia-web

changeset 1173:0f37b65fe7c2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
server: replaced wrong usage of C.HTTP_UNAUTHORIZED by C.HTTP_FORBIDDEN
author Goffi <goffi@goffi.org>
date Fri, 03 May 2019 20:51:22 +0200
parents 7b8e123ba043
children e0b3f1d78f8c
files libervia/pages/blog/view/page_meta.py libervia/pages/events/admin/page_meta.py libervia/pages/forums/topics/page_meta.py libervia/pages/forums/view/page_meta.py libervia/pages/g/page_meta.py libervia/server/constants.py libervia/server/pages.py
diffstat 7 files changed, 9 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/libervia/pages/blog/view/page_meta.py	Fri May 03 13:08:41 2019 +0200
+++ b/libervia/pages/blog/view/page_meta.py	Fri May 03 20:51:22 2019 +0200
@@ -287,7 +287,7 @@
 def on_data_post(self, request):
     profile = self.getProfile(request)
     if profile is None:
-        self.pageError(request, C.HTTP_UNAUTHORIZED)
+        self.pageError(request, C.HTTP_FORBIDDEN)
     type_ = self.getPostedData(request, u'type')
     if type_ == u'comment':
         service, node, body = self.getPostedData(request, (u'service', u'node', u'body'))
--- a/libervia/pages/events/admin/page_meta.py	Fri May 03 13:08:41 2019 +0200
+++ b/libervia/pages/events/admin/page_meta.py	Fri May 03 20:51:22 2019 +0200
@@ -127,7 +127,7 @@
             yield self.host.bridgeCall(u"mbSend", service, node, data, profile)
         except Exception as e:
             if u"forbidden" in unicode(e):
-                self.pageError(request, C.HTTP_UNAUTHORIZED)
+                self.pageError(request, C.HTTP_FORBIDDEN)
             else:
                 raise e
     elif type_ == "event":
--- a/libervia/pages/forums/topics/page_meta.py	Fri May 03 13:08:41 2019 +0200
+++ b/libervia/pages/forums/topics/page_meta.py	Fri May 03 20:51:22 2019 +0200
@@ -46,7 +46,7 @@
 def on_data_post(self, request):
     profile = self.getProfile(request)
     if profile is None:
-        self.pageError(request, C.HTTP_UNAUTHORIZED)
+        self.pageError(request, C.HTTP_FORBIDDEN)
     type_ = self.getPostedData(request, u"type")
     if type_ == u"new_topic":
         service, node, title, body = self.getPostedData(
--- a/libervia/pages/forums/view/page_meta.py	Fri May 03 13:08:41 2019 +0200
+++ b/libervia/pages/forums/view/page_meta.py	Fri May 03 20:51:22 2019 +0200
@@ -32,7 +32,7 @@
 def on_data_post(self, request):
     profile = self.getProfile(request)
     if profile is None:
-        self.pageError(request, C.HTTP_UNAUTHORIZED)
+        self.pageError(request, C.HTTP_FORBIDDEN)
     type_ = self.getPostedData(request, u"type")
     if type_ == u"comment":
         service, node, body = self.getPostedData(request, (u"service", u"node", u"body"))
--- a/libervia/pages/g/page_meta.py	Fri May 03 13:08:41 2019 +0200
+++ b/libervia/pages/g/page_meta.py	Fri May 03 20:51:22 2019 +0200
@@ -60,7 +60,7 @@
         try:
             data = yield self.host.bridgeCall("invitationGet", invitation_id)
         except Exception:
-            self.pageError(request, C.HTTP_UNAUTHORIZED)
+            self.pageError(request, C.HTTP_FORBIDDEN)
         else:
             guest_session.id = invitation_id
             guest_session.data = data
--- a/libervia/server/constants.py	Fri May 03 13:08:41 2019 +0200
+++ b/libervia/server/constants.py	Fri May 03 20:51:22 2019 +0200
@@ -100,6 +100,7 @@
     HTTP_NOT_MODIFIED = 304
     HTTP_BAD_REQUEST = 400
     HTTP_UNAUTHORIZED = 401
+    HTTP_FORBIDDEN = 403
     HTTP_NOT_FOUND = 404
     HTTP_INTERNAL_ERROR = 500
     HTTP_SERVICE_UNAVAILABLE = 503
--- a/libervia/server/pages.py	Fri May 03 13:08:41 2019 +0200
+++ b/libervia/server/pages.py	Fri May 03 20:51:22 2019 +0200
@@ -1304,7 +1304,7 @@
                     url=request.uri, ip=request.getClientIP()
                 )
             )
-            self.pageError(request, C.HTTP_UNAUTHORIZED)
+            self.pageError(request, C.HTTP_FORBIDDEN)
         d = defer.maybeDeferred(self.on_data_post, self, request)
         d.addCallback(self._on_data_post_redirect, request)
         return d
@@ -1390,7 +1390,7 @@
     def _checkAccess(self, data, request):
         """Check access according to self.access
 
-        if access is not granted, show a HTTP_UNAUTHORIZED pageError and stop request,
+        if access is not granted, show a HTTP_FORBIDDEN pageError and stop request,
         else return data (so it can be inserted in deferred chain
         """
         if self.access == C.PAGES_ACCESS_PUBLIC:
@@ -1401,7 +1401,7 @@
                 # no session started
                 if not self.host.options["allow_registration"]:
                     # registration not allowed, access is not granted
-                    self.pageError(request, C.HTTP_UNAUTHORIZED)
+                    self.pageError(request, C.HTTP_FORBIDDEN)
                 else:
                     # registration allowed, we redirect to login page
                     login_url = self.getPageRedirectURL(request)