- if err, ok := err.(arvados.TransactionError); ok && err.StatusCode == http.StatusNotFound {
- debugLogf("perm err: %+q %+q: %s", pc.Client.AuthToken, uuid, err)
- return false, nil
- }
- if err != nil {
- debugLogf("perm !ok: %+q %+q", pc.Client.AuthToken, uuid)
+
+ var allowed bool
+ if err == nil {
+ allowed = true
+ } else if txErr, ok := err.(*arvados.TransactionError); ok && txErr.StatusCode == http.StatusNotFound {
+ allowed = false
+ } else if txErr.StatusCode == http.StatusForbidden {
+ // Some requests are expressly forbidden for reasons
+ // other than "you aren't allowed to know whether this
+ // UUID exists" (404).
+ allowed = false
+ } else {
+ logger.WithError(err).Error("lookup error")