you can be authorized and have a failure

2016-10-14 15:15:53 -04:00 · 2016-10-14 15:15:53 -04:00 · a8b471491b
parent 928b8cbdb8
commit a8b471491b
1 changed files with 7 additions and 6 deletions
--- a/pkg/apiserver/filters/authorization.go
+++ b/pkg/apiserver/filters/authorization.go
@ -40,16 +40,17 @@ func WithAuthorization(handler http.Handler, getAttribs RequestAttributeGetter,
 			return
 		}
 		authorized, reason, err := a.Authorize(attrs)
+		if authorized {
+			handler.ServeHTTP(w, req)
+			return
+		}
 		if err != nil {
 			internalError(w, req, err)
 			return
 		}
-		if !authorized {
-			glog.V(4).Infof("Forbidden: %#v, Reason: %s", req.RequestURI, reason)
-			forbidden(w, req)
-			return
-		}
-		handler.ServeHTTP(w, req)
+
+		glog.V(4).Infof("Forbidden: %#v, Reason: %s", req.RequestURI, reason)
+		forbidden(w, req)
 	})
 }