/api/v4/allowed returns proper HTTP status codes

* Previously, a 200 (OK) was sent when the user was unauthorised or the project was not found (or the user didn't have access)
* We still treat 401 and 404 as 'success' but we need to explicitly handle them

0 files changed, 0 insertions, 0 deletions