8460: Accept 403 response from API as "not permitted", instead of "unexpected error".

author Tom Clegg <tom@curoverse.com>

Fri, 18 Nov 2016 23:00:59 +0000 (18:00 -0500)

committer Tom Clegg <tom@curoverse.com>

Fri, 18 Nov 2016 23:00:59 +0000 (18:00 -0500)
author Tom Clegg <tom@curoverse.com>
Fri, 18 Nov 2016 23:00:59 +0000 (18:00 -0500)
committer Tom Clegg <tom@curoverse.com>
Fri, 18 Nov 2016 23:00:59 +0000 (18:00 -0500)
diff --git a/services/ws/permission.go b/services/ws/permission.go

index 30276e4f6fa8ca75d4eabfd7ddc7368a0082d800..42f7b374331e60d46e7b4aeae56cbfe5abac265b 100644 (file)
--- a/services/ws/permission.go
+++ b/services/ws/permission.go
@@ -66,6 +66,11 @@ func (pc *cachingPermChecker) Check(uuid string) (bool, error) {
                 allowed = true
         } else if txErr, ok := err.(*arvados.TransactionError); ok && txErr.StatusCode == http.StatusNotFound {
                 allowed = false
+       } else if txErr.StatusCode == http.StatusForbidden {
+               // Some requests are expressly forbidden for reasons
+               // other than "you aren't allowed to know whether this
+               // UUID exists" (404).
+               allowed = false
         } else {
                 logger.WithError(err).Error("lookup error")
                 return false, err
author	Tom Clegg <tom@curoverse.com>
	Fri, 18 Nov 2016 23:00:59 +0000 (18:00 -0500)
committer	Tom Clegg <tom@curoverse.com>
	Fri, 18 Nov 2016 23:00:59 +0000 (18:00 -0500)