From e9074ea97aae11c7a491c5ed03d75af80fc5791f Mon Sep 17 00:00:00 2001
From: Bjarke Berg <mail@bergmania.dk>
Date: Fri, 10 May 2024 13:28:15 +0200
Subject: [PATCH] Return 403 when missing permissions instead of 401

---
 .../Filters/RequireTreeRootAccessAttribute.cs                 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Umbraco.Cms.Api.Management/Filters/RequireTreeRootAccessAttribute.cs b/src/Umbraco.Cms.Api.Management/Filters/RequireTreeRootAccessAttribute.cs
index a8b827aaf3..e9549235dc 100644
--- a/src/Umbraco.Cms.Api.Management/Filters/RequireTreeRootAccessAttribute.cs
+++ b/src/Umbraco.Cms.Api.Management/Filters/RequireTreeRootAccessAttribute.cs
@@ -23,9 +23,9 @@ public abstract class RequireTreeRootAccessAttribute : ActionFilterAttribute
 
         var problemDetails = new ProblemDetails
         {
-            Title = "Unauthorized user",
+            Title = "Forbidden",
             Detail = "The current backoffice user should have access to the tree root",
-            Status = StatusCodes.Status401Unauthorized,
+            Status = StatusCodes.Status403Forbidden,
             Type = "Error",
         };