# HG changeset patch
# User Thierry Florac <tflorac@ulthar.net>
# Date 1622014199 -7200
# Node ID ff87356416c0bc0868a4985ddbc1ffbf40eb4bb3
# Parent  0acc94352428cba6aa5b19eb8d46dd363ec5c5db
Updated container permission check on delete

diff -r 0acc94352428 -r ff87356416c0 src/pyams_skin/container.py
--- a/src/pyams_skin/container.py	Fri Nov 13 16:30:55 2020 +0100
+++ b/src/pyams_skin/container.py	Wed May 26 09:29:59 2021 +0200
@@ -11,7 +11,7 @@
 #
 
 from pyramid.exceptions import NotFound
-from pyramid.httpexceptions import HTTPInternalServerError, HTTPUnauthorized
+from pyramid.httpexceptions import HTTPForbidden, HTTPInternalServerError
 from pyramid.view import view_config
 from zope.container.interfaces import IContainer
 from zope.interface import implementer
@@ -91,11 +91,11 @@
     # Check permission
     if not ignore_permission:
         context = container[name]
-        permission = get_edit_permission(request, context)
+        permission = get_edit_permission(request, context, action='delete')
         if permission is None:
             raise HTTPInternalServerError("Missing permission definition")
-        elif not request.has_permission(permission, context):
-            raise HTTPUnauthorized()
+        if not request.has_permission(permission, context):
+            raise HTTPForbidden()
     # Delete element
     del container[name]
     return {'status': 'success'}