BUGFIX RestfulServer->permissionFailiure() returns correct HTTP status code if authentication is possible: 401 Unauthrized instead of 403 Forbidden (patch #3803, thanks DoubleClique)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@73820 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2009-03-30 03:12:58 +00:00
parent d8f8184986
commit ec42a12162
2 changed files with 5 additions and 4 deletions

View File

@ -505,7 +505,8 @@ class RestfulServer extends Controller {
protected function permissionFailure() {
// return a 401
$this->getResponse()->setStatusCode(403);
$this->getResponse()->setStatusCode(401);
$this->getResponse()->addHeader('WWW-Authenticate', 'Basic realm="API Access"');
return "You don't have access to this item through the API.";
}

View File

@ -22,7 +22,7 @@ class RestfulServerTest extends SapphireTest {
// even with logged in user a GET with $api_access disabled should fail
$url = "/api/v1/RestfulServerTest_Page/1";
$response = Director::test($url, null, null, 'GET');
$this->assertEquals($response->getStatusCode(), 403);
$this->assertEquals($response->getStatusCode(), 401);
unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
@ -42,7 +42,7 @@ class RestfulServerTest extends SapphireTest {
// @todo create additional mock object with authenticated VIEW permissions
$url = "/api/v1/RestfulServerTest_SecretThing/1";
$response = Director::test($url, null, null, 'GET');
$this->assertEquals($response->getStatusCode(), 403);
$this->assertEquals($response->getStatusCode(), 401);
$_SERVER['PHP_AUTH_USER'] = 'user@test.com';
$_SERVER['PHP_AUTH_PW'] = 'user';
@ -60,7 +60,7 @@ class RestfulServerTest extends SapphireTest {
$data = array('Comment' => 'created');
$response = Director::test($url, $data, null, 'PUT');
$this->assertEquals($response->getStatusCode(), 403); // Permission failure
$this->assertEquals($response->getStatusCode(), 401); // Permission failure
$_SERVER['PHP_AUTH_USER'] = 'editor@test.com';
$_SERVER['PHP_AUTH_PW'] = 'editor';