here's a small patch that makes two changes to AbstractProvider:
1) changes the notallowed method to send a 405 "Method Not Allowed" response rather than a 403, which i assume is what you actually meant to do, since you're providing an Allow header, and 2) adds a locked method for 423 "Locked" responses. yea i know that it's not in RFC 2616, but it's a very commonly used status code, both in WebDAV and in many REST implementations. <http://people.osafoundation.org/~bcm/abdera/provider-notallowed-locked.diff>
