Use 401 for bad or missing credentials, 403 for forbidden access

endpoints/appr/registry.py

@@ -7,7 +7,7 @@ import cnr
 from cnr.api.impl import registry as cnr_registry
 from cnr.api.registry import repo_name, _pull
 from cnr.exception import (CnrException, InvalidUsage, InvalidParams, InvalidRelease,
-                           UnableToLockResource, UnauthorizedAccess, Unsupported, ChannelNotFound,
+                           UnableToLockResource, UnauthorizedAccess, Unsupported, ChannelNotFound, Forbidden,
                            PackageAlreadyExists, PackageNotFound, PackageReleaseNotFound)
 from flask import request, jsonify
 
@@ -28,6 +28,7 @@ logger = logging.getLogger(__name__)
 @appr_bp.errorhandler(Unsupported)
 @appr_bp.errorhandler(PackageAlreadyExists)
 @appr_bp.errorhandler(InvalidRelease)
+@appr_bp.errorhandler(Forbidden)
 @appr_bp.errorhandler(UnableToLockResource)
 @appr_bp.errorhandler(UnauthorizedAccess)
 @appr_bp.errorhandler(PackageNotFound)
@@ -192,13 +193,13 @@ def push(namespace, package_name):
   owner = get_authenticated_user()
   if not Package.exists(reponame):
     if not CreateRepositoryPermission(namespace).can():
-      raise UnauthorizedAccess("Unauthorized access for: %s" % reponame,
-                               {"package": reponame, "scopes": ['create']})
+      raise Forbidden("Unauthorized access for: %s" % reponame,
+                      {"package": reponame, "scopes": ['create']})
     Package.create_repository(reponame, private, owner)
 
   if not ModifyRepositoryPermission(namespace, package_name).can():
-    raise UnauthorizedAccess("Unauthorized access for: %s" % reponame,
-                             {"package": reponame, "scopes": ['push']})
+    raise Forbidden("Unauthorized access for: %s" % reponame,
+                    {"package": reponame, "scopes": ['push']})
 
   if not 'release' in values:
     raise InvalidUsage('Missing release')