Merge pull request #34848 from deads2k/rbac-16-fix-authorization-filter

Automatic merge from submit-queue you can be authorized and have a failure Fix the authorization filter to allow you through and to avoid showing internal errors to users when authorization failed.
2016-10-15 13:00:25 -07:00 · 2016-10-15 13:00:25 -07:00 · b988eed233
parent c32a05333b a8b471491b
commit b988eed233
1 changed files with 7 additions and 6 deletions
--- a/pkg/apiserver/filters/authorization.go
+++ b/pkg/apiserver/filters/authorization.go
@ -40,16 +40,17 @@ func WithAuthorization(handler http.Handler, getAttribs RequestAttributeGetter,
 			return
 		}
 		authorized, reason, err := a.Authorize(attrs)
+		if authorized {
+			handler.ServeHTTP(w, req)
+			return
+		}
 		if err != nil {
 			internalError(w, req, err)
 			return
 		}
-		if !authorized {
-			glog.V(4).Infof("Forbidden: %#v, Reason: %s", req.RequestURI, reason)
-			forbidden(w, req)
-			return
-		}
-		handler.ServeHTTP(w, req)
+
+		glog.V(4).Infof("Forbidden: %#v, Reason: %s", req.RequestURI, reason)
+		forbidden(w, req)
 	})
 }