Comment 2 for bug 917390

Well hm, one case of this is going to be a bit more difficult than I thought it was going to be :/

It turns out that we already send vaguely meaningful messages in plain text in the response body when a token is invalid for some reason. But xmlrpclib doesn't look at the response body at all when the response code is != 200 (contrary to the http rfc's suggestion, it turns out).

We can certainly give better messages when there is token but should be and when the token is for a user that does not have the magic permission bit set though.