From a749a97b45c27e39f09b59f962147c49e5520a3e Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Wed, 14 Sep 2016 16:15:42 +0200
Subject: [PATCH] make /api/user/form returns [] on unknown NameID (#13184)

It currently returns a 403 error which is not appropriate.
---
 wcs/api.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/wcs/api.py b/wcs/api.py
index db83469..0441f57 100644
--- a/wcs/api.py
+++ b/wcs/api.py
@@ -463,9 +463,12 @@ class ApiUserDirectory(Directory):
 
     def forms(self):
         get_response().set_content_type('application/json')
-        user = self.user or get_user_from_api_query_string() or get_request().user
+        try:
+            user = self.user or get_user_from_api_query_string() or get_request().user
+        except UnknownNameIdAccessForbiddenError:
+            user = None
         if not user:
-            raise AccessForbiddenError('no user specified')
+            return '[]'
         forms = []
         for form in self.get_user_forms(user):
             if form.is_draft():
-- 
2.1.4