diff --git a/src/webapp.py b/src/webapp.py index 1f2cbf7..de7cec9 100644 --- a/src/webapp.py +++ b/src/webapp.py @@ -371,9 +371,7 @@ class ScriptFormWebApp(WebAppHandler): form_def = form_config.get_form_def(form_name) if form_def.allowed_users is not None and \ self.username not in form_def.allowed_users: - # FIXME: Raise HTTPError instead? - self.send_error(401, "You're not authorized to view this form") - return + raise HTTPError(403, "You're not authorized to view this form") html_errors = u'' if errors: @@ -412,9 +410,7 @@ class ScriptFormWebApp(WebAppHandler): form_def = form_config.get_form_def(form_name) if form_def.allowed_users is not None and \ self.username not in form_def.allowed_users: - # FIXME: Raise HTTPError instead? - self.send_error(401, "You're not authorized to view this form") - return + raise HTTPError(403, "You're not authorized to view this form") # Convert FieldStorage to a simple dict, because we're not allowd to # add items to it. For normal fields, the form field name becomes the @@ -506,20 +502,14 @@ class ScriptFormWebApp(WebAppHandler): form_config = self.scriptform.get_form_config() if not form_config.static_dir: - # FIXME: Raise Error - self.send_error(501, "Static file serving not enabled") - return + raise HTTPError(501, "Static file serving not enabled") if '..' in fname: - # FIXME: Raise Error - self.send_error(403, "Invalid file name") - return + raise HTTPError(403, "Invalid file name") path = os.path.join(form_config.static_dir, fname) if not os.path.exists(path): - # FIXME: Raise Error - self.send_error(404, "Not found") - return + raise HTTPError(404, "Not found") f = file(path, 'r') self.send_response(200)