From ca65ce19d80fbb202f2c40709195b45cc55f037a Mon Sep 17 00:00:00 2001
From: Yinyin Liu <liu@innov.energy>
Date: Wed, 22 Apr 2026 11:13:33 +0200
Subject: [PATCH] fix: return Unauthorized() instead of Forbid() in
 UpdateTicketComment

---
 csharp/App/Backend/Controller.cs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/csharp/App/Backend/Controller.cs b/csharp/App/Backend/Controller.cs
index 4900be461..8cdc39b83 100644
--- a/csharp/App/Backend/Controller.cs
+++ b/csharp/App/Backend/Controller.cs
@@ -2413,8 +2413,8 @@ public class Controller : ControllerBase
         var comment = Db.TicketComments.FirstOrDefault(c => c.Id == req.Id);
         if (comment is null) return NotFound();
 
-        if (comment.AuthorType != (Int32)CommentAuthorType.Human) return Forbid();
-        if (comment.AuthorId   != user.Id)                        return Forbid();
+        if (comment.AuthorType != (Int32)CommentAuthorType.Human) return Unauthorized();
+        if (comment.AuthorId   != user.Id)                        return Unauthorized();
 
         if (String.IsNullOrWhiteSpace(req.Body)) return BadRequest("Body required.");