Forbidden: You don't have permission to access this directory!

#!/usr/bin/python3
#encoding:utf-8


import cgitb
cgitb.enable(display=0, logdir="/var/www/http/log")
from sitepackage.cgiweb import template, cgi_cover
from sitepackage.thissql import sqlw, sqlr
import mimetypes
import os
import datetime
import json
import traceback


__config__ = {
  "files_path":"files",
  'log_dir_path':'log'}


def main(geted_simple_cookies, info, parametrs, files):
  errors, ok = None, False
  content_type = None
  try:
    if 'session_id' in geted_simple_cookies:
      session_id = geted_simple_cookies['session_id'].value
      sessions_data = sqlr("SELECT login,expires FROM admin_sessions WHERE session_id=?",
        [session_id])
      if len(sessions_data) == 1:
        login, expires = sessions_data[0]
        utcnow = datetime.datetime.utcnow()
        if expires > str(utcnow.timestamp()):
          role = sqlr("SELECT role FROM admins WHERE login=?", [login])
          if "files" in role[0][0].split(" "):
            split_url = info["url"].split("/")
            file_id = split_url[-1]
            file_name = sqlr("SELECT file_name FROM files WHERE file_id=?", [file_id])
            if len(file_name) == 1:
              file_name = file_name[0][0]
              mimetype = mimetypes.MimeTypes().guess_type(file_name)[0]
              if mimetype is None:
                mimetype = "application/octet-stream"
              content_type = '\
Content-Type:%s; name = "%s"\r\n\
Content-Disposition: inline; filename = "%s"\r\n' % (
                mimetype, file_name, file_name)# attachment
              page = open(os.path.join(__config__["files_path"], file_id), "rb")
            else:
              errors = "error5.404 Not Found"
          else:
            errors = "error4.no access"
        else:
          errors = "error4.session expire"
      else:
        errors = "error3.session expire"
    else:
      errors = "error2.session_id not in cookies"
  except:
    errors = "error1.unexpected error"
    index = 1
    name = os.path.join(
      __config__['log_dir_path'],
      'file_log_' + datetime.datetime.now().strftime('%Y%m%d%H%M%S%f') + '_1')
    while os.path.exists(name+ '.txt'):
        index += 1
        name = '_'.join(name.split('_')[:-1])+ '_'+str(index)
    savefile = open(name + '.txt', 'w', encoding="utf-8")
    savefile.write(errors)
    savefile.write(str(traceback.format_exc()))
    savefile.close()
  if errors is not None:
    if "error5.403 Forbidden" in errors:
      content_type = "\
Status: 403 Forbidden\r\n\
Content-Type: text/html\r\n\r\n"
      page = "<h1>Forbidden: You don't have permission to access this directory!</h1>"
    else:
      page = str({"result":"bad", "error":errors})
  if content_type is not None:
    return {'page':page, 'content-type':content_type}
  else:
    return {'page':page}


if __name__ == "__main__":
  cgi_cover(main)