Receive: avoid hiding check_canedit error messages

Avoid the generic "you are not allowed to change" message,
and instead allow check_canedit to propigate out useful error messages.

Went back to calling check_canedit in fatal mode, but added a parameter to
avoid calling the troublesome subs that might cause a login attempt.

IkiWiki.pm

@@ -1455,11 +1455,12 @@ sub filter ($$$) {
 	return $content;
 }
 
-sub check_canedit ($$$;$) {
+sub check_canedit ($$$;$$) {
 	my $page=shift;
 	my $q=shift;
 	my $session=shift;
 	my $nonfatal=shift;
+	my $nosubs=shift;
 	
 	my $canedit;
 	run_hooks(canedit => sub {
@@ -1470,6 +1471,7 @@ sub check_canedit ($$$;$) {
 				$canedit=1;
 			}
 			elsif (ref $ret eq 'CODE') {
+				error(sprintf(gettext("you are not allowed to change %s"), $page)) if $nosubs && ! $nonfatal;
 				$ret->() unless $nonfatal;
 				$canedit=0;
 			}

IkiWiki/Receive.pm

@@ -95,12 +95,12 @@ sub test () {
 		if ($change->{action} eq 'change' ||
 		    $change->{action} eq 'add') {
 			if (defined $page) {
-				next if IkiWiki::check_canedit($page, $cgi, $session, 1);
+				IkiWiki::check_canedit($page, $cgi, $session, 0, 1);
 			}
 			else {
 				if (IkiWiki::Plugin::attachment->can("check_canattach")) {
 					IkiWiki::Plugin::attachment::check_canattach($session, $file, $change->{path});
-					next if IkiWiki::check_canedit($file, $cgi, $session, 1);
+					IkiWiki::check_canedit($file, $cgi, $session, 0, 1);
 				}
 			}
 		}
@@ -116,14 +116,12 @@ sub test () {
 
 			if (IkiWiki::Plugin::remove->can("check_canremove")) {
 				IkiWiki::Plugin::remove::check_canremove(defined $page ? $page : $file, $cgi, $session);
-				next if IkiWiki::check_canedit(defined $page ? $page : $file, $cgi, $session, 1);
+				IkiWiki::check_canedit(defined $page ? $page : $file, $cgi, $session, 0, 1);
 			}
 		}
 		else {
 			error "unknown action ".$change->{action};
 		}
-		
-		error sprintf(gettext("you are not allowed to change %s"), $file);
 	}
 
 	exit 0;