Transition webob.HttpForbidden to webob's exceptions Forbidden

Also the BadRequest exception.

mediagoblin/edit/views.py

@@ -18,6 +18,7 @@ from webob import exc
 from cgi import FieldStorage
 from datetime import datetime
 
+from werkzeug.exceptions import Forbidden
 from werkzeug.utils import secure_filename
 
 from mediagoblin import messages
@@ -41,7 +42,7 @@ import mimetypes
 @require_active_login
 def edit_media(request, media):
     if not may_edit_media(request, media):
-        return exc.HTTPForbidden()
+        return Forbidden("User may not edit this media")
 
     defaults = dict(
         title=media.title,
@@ -165,7 +166,7 @@ def edit_attachments(request, media):
             {'media': media,
              'form': form})
     else:
-        return exc.HTTPForbidden()
+        return Forbidden("Attachments are disabled")
 
 
 @require_active_login

mediagoblin/meddleware/csrf.py

@@ -17,7 +17,7 @@
 import random
 import logging
 
-from webob.exc import HTTPForbidden
+from werkzeug.exceptions import Forbidden
 from wtforms import Form, HiddenField, validators
 
 from mediagoblin import mg_globals
@@ -128,8 +128,9 @@ class CsrfMeddleware(BaseMeddleware):
 
         if cookie_token is None:
             # the CSRF cookie must be present in the request
-            _log.error('CSRF cookie not present')
-            return HTTPForbidden()
+            errstr = 'CSRF cookie not present'
+            _log.error(errstr)
+            return Forbidden(errstr)
 
         # get the form token and confirm it matches
         form = CsrfForm(request.form)
@@ -142,5 +143,6 @@ class CsrfMeddleware(BaseMeddleware):
 
         # either the tokens didn't match or the form token wasn't
         # present; either way, the request is denied
-        _log.error('CSRF validation failed')
-        return HTTPForbidden()
+        errstr = 'CSRF validation failed'
+        _log.error(errstr)
+        return Forbidden(errstr)

mediagoblin/plugins/api/tools.py

@@ -18,8 +18,9 @@ import logging
 import json
 
 from functools import wraps
-from webob import exc, Response
+from webob import Response
 from urlparse import urljoin
+from werkzeug.exceptions import Forbidden
 
 from mediagoblin import mg_globals
 from mediagoblin.tools.pluginapi import PluginManager
@@ -143,7 +144,7 @@ def api_auth(controller):
         # If we can't find any authentication methods, we should not let them
         # pass.
         if not auth_candidates:
-            return exc.HTTPForbidden()
+            return Forbidden()
 
         # For now, just select the first one in the list
         auth = auth_candidates[0]
@@ -157,7 +158,7 @@ def api_auth(controller):
                         'status': 403,
                         'errors': auth.errors})
 
-            return exc.HTTPForbidden()
+            return Forbidden()
 
         return controller(request, *args, **kw)
 

mediagoblin/plugins/api/views.py

@@ -19,7 +19,8 @@ import logging
 import uuid
 
 from os.path import splitext
-from webob import exc, Response
+from webob import Response
+from werkzeug.exceptions import BadRequest, Forbidden
 from werkzeug.utils import secure_filename
 from werkzeug.datastructures import FileStorage
 from celery import registry
@@ -47,13 +48,13 @@ def post_entry(request):
 
     if request.method != 'POST':
         _log.debug('Must POST against post_entry')
-        return exc.HTTPBadRequest()
+        return BadRequest()
 
     if not 'file' in request.files \
             or not isinstance(request.files['file'], FileStorage) \
             or not request.files['file'].stream:
         _log.debug('File field not found')
-        return exc.HTTPBadRequest()
+        return BadRequest()
 
     media_file = request.files['file']
 
@@ -129,7 +130,7 @@ def post_entry(request):
 @api_auth
 def api_test(request):
     if not request.user:
-        return exc.HTTPForbidden()
+        return Forbidden()
 
     user_data = {
             'username': request.user.username,