From f13c60a8412ee666206a380b97763e8a4410c5c7 Mon Sep 17 00:00:00 2001
From: spiral <spiral@spiral.sh>
Date: Sat, 5 Feb 2022 09:37:18 -0500
Subject: [PATCH] fix(api): 403 instead of 401 on API v1 member routes

---
 PluralKit.API/Controllers/v1/MemberController.cs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/PluralKit.API/Controllers/v1/MemberController.cs b/PluralKit.API/Controllers/v1/MemberController.cs
index 0c77751c..be3ae475 100644
--- a/PluralKit.API/Controllers/v1/MemberController.cs
+++ b/PluralKit.API/Controllers/v1/MemberController.cs
@@ -84,7 +84,7 @@ public class MemberController: ControllerBase
         if (member == null) return NotFound("Member not found.");
 
         var res = await _auth.AuthorizeAsync(User, member, "EditMember");
-        if (!res.Succeeded) return Unauthorized($"Member '{hid}' is not part of your system.");
+        if (!res.Succeeded) return StatusCode(StatusCodes.Status403Forbidden, $"Member '{hid}' is not part of your system.");
 
         var patch = MemberPatch.FromJSON(changes);
 
@@ -112,7 +112,7 @@ public class MemberController: ControllerBase
         if (member == null) return NotFound("Member not found.");
 
         var res = await _auth.AuthorizeAsync(User, member, "EditMember");
-        if (!res.Succeeded) return Unauthorized($"Member '{hid}' is not part of your system.");
+        if (!res.Succeeded) return StatusCode(StatusCodes.Status403Forbidden, $"Member '{hid}' is not part of your system.");
 
         await _repo.DeleteMember(member.Id);
         return Ok();