fix: change 401 response to a 403 for Security Exceptions (#17768)

* fix: change 401 to 403 for Security Exceptions * updating tests to reflect new (proper) status code * another test update
2026-04-19 16:14:52 +00:00 · 2021-12-15 17:11:04 -07:00
parent 71e41315a4
commit 3aa11614b5
3 changed files with 4 additions and 4 deletions
--- a/tests/integration_tests/charts/data/api_tests.py
+++ b/tests/integration_tests/charts/data/api_tests.py
@@ -464,7 +464,7 @@ class TestPostChartDataApi(BaseTestChartDataApi):

        assert rv.status_code == 400

-    def test_with_not_permitted_actor__401(self):
+    def test_with_not_permitted_actor__403(self):
        """
        Chart data API: Test chart data query not allowed
        """
@@ -472,7 +472,7 @@ class TestPostChartDataApi(BaseTestChartDataApi):
        self.login(username="gamma")
        rv = self.post_assert_metric(CHART_DATA_URI, self.query_context_payload, "data")

-        assert rv.status_code == 401
+        assert rv.status_code == 403
        assert (
            rv.json["errors"][0]["error_type"]
            == SupersetErrorType.DATASOURCE_SECURITY_ACCESS_ERROR
--- a/tests/integration_tests/dashboards/security/security_rbac_tests.py
+++ b/tests/integration_tests/dashboards/security/security_rbac_tests.py
@@ -91,7 +91,7 @@ class TestDashboardRoleBasedSecurity(BaseTestDashboardSecurity):

        request_payload = get_query_context("birth_names")
        rv = self.post_assert_metric(CHART_DATA_URI, request_payload, "data")
-        self.assertEqual(rv.status_code, 401)
+        self.assertEqual(rv.status_code, 403)

        # assert
        self.assert403(response)