Return HTTP 403 if user is not allowed to perform an operation

2025-11-02 10:55:37 +00:00 · 2018-05-10 19:36:15 +02:00 · 2018-05-10 19:36:15 +02:00 · 9e897bcfda
commit 9e897bcfda
parent 3056a7f18f
1 changed files with 1 additions and 1 deletions
--- a/packages/strapi-plugin-users-permissions/config/policies/permissions.js
+++ b/packages/strapi-plugin-users-permissions/config/policies/permissions.js
@ -39,7 +39,7 @@ module.exports = async (ctx, next) => {
  }, []);

  if (!permission) {
-    ctx.unauthorized();
+    ctx.forbidden();

    return ctx.request.graphql = ctx.body;
  }