https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36066
--- Comment #10 from Victor Grousset/tuxayo <[email protected]> --- Another thing that made it slip unnoticed is the return code being the same for not having the right permission and trying to delete something not in the right state for deletion. This is totally out of this ticket: Isn't there any code to differential these two things? I'm just asking to know if I should open a ticket or if there is really nothing to do about this and just move on. https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#4xx_client_errors - maybe moving permission failure response to 401? nope, 401 is super specific so out of our case: «The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource» - «403 [...] user not having the necessary permissions for a resource or needing an account of some sort, or attempting a prohibited action (e.g. creating a duplicate record where only one is allowed).» Ok it seems that's how 403 was made, grouping lack of permission and prohibited action by business rules :( -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
