Another take on allowing different status codes

[Skeeve]

This one stashes a default 401 - unless there already is a status in the stash A 500 will always be stashed.

With this approach the security callback can stash its own value (like 403) when user is authenticated but not authorized

In my case I do it like this:

if ($assume_client ne $apiuser and $account->{level} < 9999) {
    $c->stash( status => 403 );
    return 'permission denied' ;
};

Advantage over my other approach:

• fewer changes in the original module
• no new requirement for the parameter to $c->$cb

[Skeeve]

• perltidy used
• tests added

[jhthorsen]

Looks great! Thanks for ending up with a very small diff and also adding the test 👍