From 9827925015a42a47d12db82595fd88de6a259d62 Mon Sep 17 00:00:00 2001
From: Beto Dealmeida <roberto@dealmeida.net>
Date: Thu, 23 Aug 2018 18:32:04 -0700
Subject: [PATCH] Return 401 on no authorization

---
 superset/views/core.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/superset/views/core.py b/superset/views/core.py
index 64b58b6554..0cf854f4c4 100755
--- a/superset/views/core.py
+++ b/superset/views/core.py
@@ -2340,7 +2340,7 @@ class Superset(BaseSupersetView):
             query.sql, query.database, query.schema)
         if rejected_tables:
             return json_error_response(security_manager.get_table_access_error_msg(
-                '{}'.format(rejected_tables)))
+                '{}'.format(rejected_tables)), status=401)
 
         return json_success(utils.zlib_decompress_to_string(blob))
 
@@ -2383,7 +2383,8 @@ class Superset(BaseSupersetView):
         if rejected_tables:
             return json_error_response(
                 security_manager.get_table_access_error_msg(rejected_tables),
-                link=security_manager.get_table_access_link(rejected_tables))
+                link=security_manager.get_table_access_link(rejected_tables),
+                status=401)
         session.commit()
 
         select_as_cta = request.form.get('select_as_cta') == 'true'