# HG changeset patch
# User Julien Cristau <julien.cristau@logilab.fr>
# Date 1379607072 -7200
# Node ID ce504d23edf7abc62615c65ebeb1cad39abd4960
# Parent  7d3316bfa4ff38d785b589a45902692a762960b8
[staticcontrollers] Raise Forbidden, not Unauthorized

Unauthorized means "log in to get access", as it results in a HTTP 401.
Here, the error is pretty much permanent, and returning 401 instead of
403 confuses things terribly.

(This seems to be a pretty widespread confusion :/)

diff -r 7d3316bfa4ff -r ce504d23edf7 web/views/staticcontrollers.py
--- a/web/views/staticcontrollers.py	Thu Sep 19 18:03:09 2013 +0200
+++ b/web/views/staticcontrollers.py	Thu Sep 19 18:11:12 2013 +0200
@@ -31,7 +31,7 @@
 from datetime import datetime, timedelta
 from logging import getLogger
 
-from cubicweb import Unauthorized
+from cubicweb import Forbidden
 from cubicweb.web import NotFound
 from cubicweb.web.http_headers import generateDateTime
 from cubicweb.web.controller import Controller
@@ -59,7 +59,7 @@
         if osp.isdir(path):
             if self.directory_listing_allowed:
                 return u''
-            raise Unauthorized(path)
+            raise Forbidden(path)
         if not osp.isfile(path):
             raise NotFound()
         if not debugmode: