--- a/src/pyams_skin/container.py Fri Nov 13 16:30:55 2020 +0100
+++ b/src/pyams_skin/container.py Wed May 26 09:29:59 2021 +0200
@@ -11,7 +11,7 @@
#
from pyramid.exceptions import NotFound
-from pyramid.httpexceptions import HTTPInternalServerError, HTTPUnauthorized
+from pyramid.httpexceptions import HTTPForbidden, HTTPInternalServerError
from pyramid.view import view_config
from zope.container.interfaces import IContainer
from zope.interface import implementer
@@ -91,11 +91,11 @@
# Check permission
if not ignore_permission:
context = container[name]
- permission = get_edit_permission(request, context)
+ permission = get_edit_permission(request, context, action='delete')
if permission is None:
raise HTTPInternalServerError("Missing permission definition")
- elif not request.has_permission(permission, context):
- raise HTTPUnauthorized()
+ if not request.has_permission(permission, context):
+ raise HTTPForbidden()
# Delete element
del container[name]
return {'status': 'success'}