Error code 90 should be used in all cases where a request references an object (Note or NoteContent) that does not belong to the authenticated user in the request.

Here are three high profile scenarios:

• POST of a NoteContent referencing a note that exists on the server for another user. This behavior is implemented in reference implementation tuhi-flask, but is somewhat unclear in the docs
• POST of a Note with a note_id that exists on the server but for another user. This is behavior NOT implemented in reference implementation tuhi-flask and is unclear in the docs
• POST of a NoteContent with a note_content_id that exists on the server but for another user. This is behavior NOT implemented in reference implementation tuhi-flask and is unclear in the docs

For the last two scenarios, the current behavior in the reference implementation tuhi-flask (a behavior that the docs are somewhat conducive of) uses Error Code 19 (Conflict) instead of Error Code 90 (Forbidden), and that does not make much sense.

Error Code 19 (Conflict) should only be used if the conflicting object on the server belongs to the authenticated user of the request.

These behaviors have been implemented in server reference implementation tuhi-flask and client tuhi-gtk. The docs need to be reworded and updated to match reference behavior.

Error codes will be deprecated in v0.4. See #2.