role-based "access denied" not shown in web interface

[jhaar]

Hi there

I created a role which has Read/Edit access to a Stream. The Stream is specific to a GELF Input channel.

If I assign that Role to a user, and the user goes to edit that Stream, and they choose a different Input channel (in my case syslog), then the graylog-web/application.log correctly reports

Cannot invoke the action, ... returned 403 Forbidden body: {"type":"ApiError","message":"Not authorized"}

but the web interface shows the error

Could not retrieve error.... Internal server error

So it looks (from an end-user perspective) like a bug with graylog, whereas to my eyes this is simply an incorrect error message. It is a "403", so couldn't graylog-web be changed to report that as "Not authorized"?

Thanks

Jason