changeset 3297:d563a49e0054

give 403 status for permission denied pages rather than 200
author Johannes Berg <johannes AT sipsolutions DOT net>
date Tue, 18 Mar 2008 12:56:49 +0100
parents fc5e23d62d56
children 4d76c1409694
files MoinMoin/Page.py
diffstat 1 files changed, 4 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/Page.py	Tue Mar 18 12:56:31 2008 +0100
+++ b/MoinMoin/Page.py	Tue Mar 18 12:56:49 2008 +0100
@@ -1094,7 +1094,10 @@
             if emit_headers:
                 request.setHttpHeader("Content-Type: %s; charset=%s" % (self.output_mimetype, self.output_charset))
                 if page_exists:
-                    request.setHttpHeader('Status: 200 OK')
+                    if not request.user.may.read(self.page_name):
+                        request.setHttpHeader('Status: 403 Permission Denied')
+                    else:
+                        request.setHttpHeader('Status: 200 OK')
                     if not request.cacheable:
                         # use "nocache" headers if we're using a method that is not simply "display"
                         request.disableHttpCaching(level=2)