9397: pre-populate output with mounts under output_dir (wip)

[arvados.git] / services / ws / permission.go

diff --git a/services/ws/permission.go b/services/ws/permission.go
index 30276e4f6fa8ca75d4eabfd7ddc7368a0082d800..e467e067205a765ef9bd097c5d95ceda65037abb 100644 (file)
--- a/services/ws/permission.go
+++ b/services/ws/permission.go
@@ -18,7 +18,7 @@ type permChecker interface {
        Check(uuid string) (bool, error)
 }
 
-func NewPermChecker(ac arvados.Client) permChecker {
+func newPermChecker(ac arvados.Client) permChecker {
        ac.AuthToken = ""
        return &cachingPermChecker{
                Client:     &ac,
@@ -66,6 +66,11 @@ func (pc *cachingPermChecker) Check(uuid string) (bool, error) {
                allowed = true
        } else if txErr, ok := err.(*arvados.TransactionError); ok && txErr.StatusCode == http.StatusNotFound {
                allowed = false
+       } else if txErr.StatusCode == http.StatusForbidden {
+               // Some requests are expressly forbidden for reasons
+               // other than "you aren't allowed to know whether this
+               // UUID exists" (404).
+               allowed = false
        } else {
                logger.WithError(err).Error("lookup error")
                return false, err