From 2a2a733a41a1aa355a3728d836daebc873384d5b Mon Sep 17 00:00:00 2001
From: Imdad Ahad <imdad.ahad@digital.cabinet-office.gov.uk>
Date: Fri, 21 Oct 2016 14:24:21 +0100
Subject: [PATCH] Fix 500s when requesting json after logged out: * Update
 permissions decorator to make sure user is logged in first, else 401 * Stop
 further ajax json calls on failure

---
 app/assets/javascripts/updateContent.js |  2 +-
 app/utils.py                            | 15 +++++++++++----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/app/assets/javascripts/updateContent.js b/app/assets/javascripts/updateContent.js
index 41dd41ff5..89c87c550 100644
--- a/app/assets/javascripts/updateContent.js
+++ b/app/assets/javascripts/updateContent.js
@@ -26,7 +26,7 @@
     ).done(
       response => flushQueue(queue, response)
     ).fail(
-      () => clearQueue(queue)
+      () => poll = function(){}
     );
 
     setTimeout(
diff --git a/app/utils.py b/app/utils.py
index 66d787ce0..240245e5e 100644
--- a/app/utils.py
+++ b/app/utils.py
@@ -42,11 +42,18 @@ def user_has_permissions(*permissions, admin_override=False, any_=False):
         @wraps(func)
         def wrap_func(*args, **kwargs):
             from flask_login import current_user
-            if current_user and current_user.has_permissions(permissions=permissions,
-                                                             admin_override=admin_override, any_=any_):
-                return func(*args, **kwargs)
+
+            if current_user and current_user.is_authenticated:
+                if current_user.has_permissions(
+                    permissions=permissions,
+                    admin_override=admin_override,
+                    any_=any_
+                ):
+                    return func(*args, **kwargs)
+                else:
+                    abort(403)
             else:
-                abort(403)
+                abort(401)
         return wrap_func
     return wrap