Use HTTP status code 403 instead of 401 when REST API is disabled (#30086).

Patch by Yuichi HARADA.


git-svn-id: http://svn.redmine.org/redmine/trunk@18055 e93f8b46-1217-0410-a6f0-8f06a7374b81

1 files changed, 6 insertions, 6 deletions

diff --git a/test/integration/api_test/disabled_rest_api_test.rb b/test/integration/api_test/disabled_rest_api_test.rb
index 9c9f3c387..41bcd7db3 100644
--- a/test/integration/api_test/disabled_rest_api_test.rb
+++ b/test/integration/api_test/disabled_rest_api_test.rb
@@ -43,11 +43,11 @@ class Redmine::ApiTest::DisabledRestApiTest < Redmine::ApiTest::Base
     @token = Token.create!(:user => @user, :action => 'api')
 
     get "/news.xml?key=#{@token.value}"
-    assert_response :unauthorized
+    assert_response :forbidden
     assert_equal User.anonymous, User.current
 
     get "/news.json?key=#{@token.value}"
-    assert_response :unauthorized
+    assert_response :forbidden
     assert_equal User.anonymous, User.current
   end
 
@@ -57,11 +57,11 @@ class Redmine::ApiTest::DisabledRestApiTest < Redmine::ApiTest::Base
     end
 
     get "/news.xml", :headers => credentials(@user.login, 'my_password')
-    assert_response :unauthorized
+    assert_response :forbidden
     assert_equal User.anonymous, User.current
 
     get "/news.json", :headers => credentials(@user.login, 'my_password')
-    assert_response :unauthorized
+    assert_response :forbidden
     assert_equal User.anonymous, User.current
   end
 
@@ -70,11 +70,11 @@ class Redmine::ApiTest::DisabledRestApiTest < Redmine::ApiTest::Base
     @token = Token.create!(:user => @user, :action => 'api')
 
     get "/news.xml", :headers => credentials(@token.value, 'X')
-    assert_response :unauthorized
+    assert_response :forbidden
     assert_equal User.anonymous, User.current
 
     get "/news.json", :headers => credentials(@token.value, 'X')
-    assert_response :unauthorized
+    assert_response :forbidden
     assert_equal User.anonymous, User.current
   end
 end