Merge pull request #10334 from Spaarsh/10224/fix/incorrect-response-f…

…or-unauthenticated-get-works-merge-request Added respective responses discerning between unauthorized (not logged-in) and forbidden responses.
internetarchive · Jan 14, 2025 · 042b544 · 042b544
2 parents 46c9ec6 + 09669a4
commit 042b544
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/openlibrary/plugins/upstream/code.py b/openlibrary/plugins/upstream/code.py
@@ -139,11 +139,14 @@ class merge_work(delegate.page):
     def GET(self):
         i = web.input(records='', mrid=None, primary=None)
         user = web.ctx.site.get_user()
+
+        if user is None:
+            raise web.unauthorized()
         has_access = user and (
             (user.is_admin() or user.is_librarian()) or user.is_super_librarian()
         )
         if not has_access:
-            raise web.HTTPError('403 Forbidden')
+            raise web.forbidden()
 
         optional_kwargs = {}
         if not (user.is_admin() or user.is_super_librarian()):