From 28d7ed94b33411909941c72289bc227a38e80cda Mon Sep 17 00:00:00 2001
From: Tom Clegg <tom@curii.com>
Date: Tue, 20 Sep 2022 13:44:12 -0400
Subject: [PATCH] 19428: Fix failing request on normal failed user lookup case.

refs #19428

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
---
 services/keep-web/handler.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go
index b04add1c49..0c75ac56cf 100644
--- a/services/keep-web/handler.go
+++ b/services/keep-web/handler.go
@@ -6,6 +6,7 @@ package keepweb
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"html"
 	"html/template"
@@ -490,7 +491,11 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
 		http.Error(w, "session cache: "+err.Error(), http.StatusInternalServerError)
 	}
 	tokenUser, err = h.Cache.GetTokenUser(arv.ApiToken)
-	if err != nil {
+	if e := (interface{ HTTPStatus() int })(nil); errors.As(err, &e) && e.HTTPStatus() == http.StatusForbidden {
+		// Ignore expected error looking up user record when
+		// using a scoped token that allows getting
+		// collections/X but not users/current
+	} else if err != nil {
 		http.Error(w, "user lookup: "+err.Error(), http.StatusInternalServerError)
 	}
 
-- 
2.30.2