Raise HTTPErrors instead of sending errors directly to the client.

src/webapp.py

@@ -371,9 +371,7 @@ class ScriptFormWebApp(WebAppHandler):
         form_def = form_config.get_form_def(form_name)
         if form_def.allowed_users is not None and \
            self.username not in form_def.allowed_users:
-            # FIXME: Raise HTTPError instead?
+            raise HTTPError(403, "You're not authorized to view this form")
-            self.send_error(401, "You're not authorized to view this form")
-            return
 
         html_errors = u''
         if errors:
@@ -412,9 +410,7 @@ class ScriptFormWebApp(WebAppHandler):
         form_def = form_config.get_form_def(form_name)
         if form_def.allowed_users is not None and \
            self.username not in form_def.allowed_users:
-            # FIXME: Raise HTTPError instead?
+            raise HTTPError(403, "You're not authorized to view this form")
-            self.send_error(401, "You're not authorized to view this form")
-            return
 
         # Convert FieldStorage to a simple dict, because we're not allowd to
         # add items to it. For normal fields, the form field name becomes the
@@ -506,20 +502,14 @@ class ScriptFormWebApp(WebAppHandler):
         form_config = self.scriptform.get_form_config()
 
         if not form_config.static_dir:
-            # FIXME: Raise Error
+            raise HTTPError(501, "Static file serving not enabled")
-            self.send_error(501, "Static file serving not enabled")
-            return
 
         if '..' in fname:
-            # FIXME: Raise Error
+            raise HTTPError(403, "Invalid file name")
-            self.send_error(403, "Invalid file name")
-            return
 
         path = os.path.join(form_config.static_dir, fname)
         if not os.path.exists(path):
-            # FIXME: Raise Error
+            raise HTTPError(404, "Not found")
-            self.send_error(404, "Not found")
-            return
 
         f = file(path, 'r')
         self.send_response(200)