Fix the user API to throw the nicer 401 that the FE can handle.

endpoints/api/user.py

@@ -8,14 +8,14 @@ from flask.ext.principal import identity_changed, AnonymousIdentity
 
 from app import app
 from endpoints.api import (ApiResource, nickname, resource, validate_json_request, request_error,
-                           log_action, internal_only, NotFound, Unauthorized, require_user_admin,
+                           log_action, internal_only, NotFound, require_user_admin,
-                           require_user_read, InvalidToken, require_scope, format_date)
+                           InvalidToken, require_scope, format_date)
 from endpoints.api.subscribe import subscribe
 from endpoints.common import common_login
 from data import model
 from data.plans import get_plan
 from auth.permissions import (AdministerOrganizationPermission, CreateRepositoryPermission,
-                              UserAdminPermission)
+                              UserAdminPermission, UserReadPermission)
 from auth.auth_context import get_authenticated_user
 from auth import scopes
 from util.gravatar import compute_hash
@@ -126,12 +126,12 @@ class User(ApiResource):
     },
   }
 
-  @require_user_read
+  @require_scope(scopes.READ_USER)
   @nickname('getLoggedInUser')
   def get(self):
     """ Get user information for the authenticated user. """
     user = get_authenticated_user()
-    if user is None or user.organization:
+    if user is None or user.organization or not UserReadPermission(user.username).can():
       raise InvalidToken("Requires authentication", payload={'session_required': False})
 
     return user_view(user)