# HG changeset patch
# User Goffi <goffi@goffi.org>
# Date 1556909482 -7200
# Node ID 0f37b65fe7c2b35e690c3a574d15268f41764f12
# Parent  7b8e123ba04340552c16eb537b08244578533bb3
server: replaced wrong usage of C.HTTP_UNAUTHORIZED by C.HTTP_FORBIDDEN

diff -r 7b8e123ba043 -r 0f37b65fe7c2 libervia/pages/blog/view/page_meta.py
--- a/libervia/pages/blog/view/page_meta.py	Fri May 03 13:08:41 2019 +0200
+++ b/libervia/pages/blog/view/page_meta.py	Fri May 03 20:51:22 2019 +0200
@@ -287,7 +287,7 @@
 def on_data_post(self, request):
     profile = self.getProfile(request)
     if profile is None:
-        self.pageError(request, C.HTTP_UNAUTHORIZED)
+        self.pageError(request, C.HTTP_FORBIDDEN)
     type_ = self.getPostedData(request, u'type')
     if type_ == u'comment':
         service, node, body = self.getPostedData(request, (u'service', u'node', u'body'))
diff -r 7b8e123ba043 -r 0f37b65fe7c2 libervia/pages/events/admin/page_meta.py
--- a/libervia/pages/events/admin/page_meta.py	Fri May 03 13:08:41 2019 +0200
+++ b/libervia/pages/events/admin/page_meta.py	Fri May 03 20:51:22 2019 +0200
@@ -127,7 +127,7 @@
             yield self.host.bridgeCall(u"mbSend", service, node, data, profile)
         except Exception as e:
             if u"forbidden" in unicode(e):
-                self.pageError(request, C.HTTP_UNAUTHORIZED)
+                self.pageError(request, C.HTTP_FORBIDDEN)
             else:
                 raise e
     elif type_ == "event":
diff -r 7b8e123ba043 -r 0f37b65fe7c2 libervia/pages/forums/topics/page_meta.py
--- a/libervia/pages/forums/topics/page_meta.py	Fri May 03 13:08:41 2019 +0200
+++ b/libervia/pages/forums/topics/page_meta.py	Fri May 03 20:51:22 2019 +0200
@@ -46,7 +46,7 @@
 def on_data_post(self, request):
     profile = self.getProfile(request)
     if profile is None:
-        self.pageError(request, C.HTTP_UNAUTHORIZED)
+        self.pageError(request, C.HTTP_FORBIDDEN)
     type_ = self.getPostedData(request, u"type")
     if type_ == u"new_topic":
         service, node, title, body = self.getPostedData(
diff -r 7b8e123ba043 -r 0f37b65fe7c2 libervia/pages/forums/view/page_meta.py
--- a/libervia/pages/forums/view/page_meta.py	Fri May 03 13:08:41 2019 +0200
+++ b/libervia/pages/forums/view/page_meta.py	Fri May 03 20:51:22 2019 +0200
@@ -32,7 +32,7 @@
 def on_data_post(self, request):
     profile = self.getProfile(request)
     if profile is None:
-        self.pageError(request, C.HTTP_UNAUTHORIZED)
+        self.pageError(request, C.HTTP_FORBIDDEN)
     type_ = self.getPostedData(request, u"type")
     if type_ == u"comment":
         service, node, body = self.getPostedData(request, (u"service", u"node", u"body"))
diff -r 7b8e123ba043 -r 0f37b65fe7c2 libervia/pages/g/page_meta.py
--- a/libervia/pages/g/page_meta.py	Fri May 03 13:08:41 2019 +0200
+++ b/libervia/pages/g/page_meta.py	Fri May 03 20:51:22 2019 +0200
@@ -60,7 +60,7 @@
         try:
             data = yield self.host.bridgeCall("invitationGet", invitation_id)
         except Exception:
-            self.pageError(request, C.HTTP_UNAUTHORIZED)
+            self.pageError(request, C.HTTP_FORBIDDEN)
         else:
             guest_session.id = invitation_id
             guest_session.data = data
diff -r 7b8e123ba043 -r 0f37b65fe7c2 libervia/server/constants.py
--- a/libervia/server/constants.py	Fri May 03 13:08:41 2019 +0200
+++ b/libervia/server/constants.py	Fri May 03 20:51:22 2019 +0200
@@ -100,6 +100,7 @@
     HTTP_NOT_MODIFIED = 304
     HTTP_BAD_REQUEST = 400
     HTTP_UNAUTHORIZED = 401
+    HTTP_FORBIDDEN = 403
     HTTP_NOT_FOUND = 404
     HTTP_INTERNAL_ERROR = 500
     HTTP_SERVICE_UNAVAILABLE = 503
diff -r 7b8e123ba043 -r 0f37b65fe7c2 libervia/server/pages.py
--- a/libervia/server/pages.py	Fri May 03 13:08:41 2019 +0200
+++ b/libervia/server/pages.py	Fri May 03 20:51:22 2019 +0200
@@ -1304,7 +1304,7 @@
                     url=request.uri, ip=request.getClientIP()
                 )
             )
-            self.pageError(request, C.HTTP_UNAUTHORIZED)
+            self.pageError(request, C.HTTP_FORBIDDEN)
         d = defer.maybeDeferred(self.on_data_post, self, request)
         d.addCallback(self._on_data_post_redirect, request)
         return d
@@ -1390,7 +1390,7 @@
     def _checkAccess(self, data, request):
         """Check access according to self.access
 
-        if access is not granted, show a HTTP_UNAUTHORIZED pageError and stop request,
+        if access is not granted, show a HTTP_FORBIDDEN pageError and stop request,
         else return data (so it can be inserted in deferred chain
         """
         if self.access == C.PAGES_ACCESS_PUBLIC:
@@ -1401,7 +1401,7 @@
                 # no session started
                 if not self.host.options["allow_registration"]:
                     # registration not allowed, access is not granted
-                    self.pageError(request, C.HTTP_UNAUTHORIZED)
+                    self.pageError(request, C.HTTP_FORBIDDEN)
                 else:
                     # registration allowed, we redirect to login page
                     login_url = self.getPageRedirectURL(request)