# HG changeset patch
# User Pierre-Yves David <pierre-yves.david@logilab.fr>
# Date 1305007072 -7200
# Node ID dce4fa28ae491681e4760460b9c7f1d3895ae631
# Parent  5760d5fb4a8b18f996a9536b5205a49dcffd632b
[web server] #1642893 issue a 403 instead of a 500 on Unauthorized exception

To do so, we allow an arbitrary code to be passed to ``error_handler``. Default
error code is still 500.

diff -r 5760d5fb4a8b -r dce4fa28ae49 web/application.py
--- a/web/application.py	Thu May 05 16:20:21 2011 +0200
+++ b/web/application.py	Tue May 10 07:57:52 2011 +0200
@@ -390,7 +390,9 @@
                 raise StatusResponse(404, self.notfound_content(req))
             except ValidationError, ex:
                 self.validation_error_handler(req, ex)
-            except (Unauthorized, BadRQLQuery, RequestError), ex:
+            except Unauthorized, ex:
+                self.error_handler(req, ex, tb=False, code=403)
+            except (BadRQLQuery, RequestError), ex:
                 self.error_handler(req, ex, tb=False)
             except BaseException, ex:
                 self.error_handler(req, ex, tb=True)
@@ -422,7 +424,7 @@
             raise Redirect(req.form['__errorurl'].rsplit('#', 1)[0])
         self.error_handler(req, ex, tb=False)
 
-    def error_handler(self, req, ex, tb=False):
+    def error_handler(self, req, ex, tb=False, code=500):
         excinfo = sys.exc_info()
         self.exception(repr(ex))
         req.set_header('Cache-Control', 'no-cache')
@@ -441,7 +443,7 @@
             content = self.vreg['views'].main_template(req, template, view=errview)
         except:
             content = self.vreg['views'].main_template(req, 'error-template')
-        raise StatusResponse(500, content)
+        raise StatusResponse(code, content)
 
     def need_login_content(self, req):
         return self.vreg['views'].main_template(req, 'login')