Skip to content

Commit

Permalink
fix: change 401 response to a 403 for Security Exceptions (#17768)
Browse files Browse the repository at this point in the history
* fix: change 401 to 403 for Security Exceptions

* updating tests to reflect new (proper) status code

* another test update
  • Loading branch information
rusackas authored Dec 16, 2021
1 parent 71e4131 commit 3aa1161
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion superset/exceptions.py
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ def __init__(


class SupersetSecurityException(SupersetErrorException):
status = 401
status = 403

def __init__(
self, error: SupersetError, payload: Optional[Dict[str, Any]] = None
Expand Down
4 changes: 2 additions & 2 deletions tests/integration_tests/charts/data/api_tests.py
Original file line number Diff line number Diff line change
Expand Up @@ -464,15 +464,15 @@ def test_with_invalid_time_range_endpoints_enum_value__400(self):

assert rv.status_code == 400

def test_with_not_permitted_actor__401(self):
def test_with_not_permitted_actor__403(self):
"""
Chart data API: Test chart data query not allowed
"""
self.logout()
self.login(username="gamma")
rv = self.post_assert_metric(CHART_DATA_URI, self.query_context_payload, "data")

assert rv.status_code == 401
assert rv.status_code == 403
assert (
rv.json["errors"][0]["error_type"]
== SupersetErrorType.DATASOURCE_SECURITY_ACCESS_ERROR
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ def test_get_dashboard_view__user_can_not_access_without_permission(self):

request_payload = get_query_context("birth_names")
rv = self.post_assert_metric(CHART_DATA_URI, request_payload, "data")
self.assertEqual(rv.status_code, 401)
self.assertEqual(rv.status_code, 403)

# assert
self.assert403(response)
Expand Down

0 comments on commit 3aa1161

Please sign in to comment.