From a8b471491b20dd4a17b778a0c986b8eb51be5722 Mon Sep 17 00:00:00 2001
From: deads2k <deads@redhat.com>
Date: Fri, 14 Oct 2016 15:15:53 -0400
Subject: [PATCH] you can be authorized and have a failure

---
 pkg/apiserver/filters/authorization.go | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/pkg/apiserver/filters/authorization.go b/pkg/apiserver/filters/authorization.go
index 4a20c1db2cd..74567cd6246 100644
--- a/pkg/apiserver/filters/authorization.go
+++ b/pkg/apiserver/filters/authorization.go
@@ -40,16 +40,17 @@ func WithAuthorization(handler http.Handler, getAttribs RequestAttributeGetter,
 			return
 		}
 		authorized, reason, err := a.Authorize(attrs)
+		if authorized {
+			handler.ServeHTTP(w, req)
+			return
+		}
 		if err != nil {
 			internalError(w, req, err)
 			return
 		}
-		if !authorized {
-			glog.V(4).Infof("Forbidden: %#v, Reason: %s", req.RequestURI, reason)
-			forbidden(w, req)
-			return
-		}
-		handler.ServeHTTP(w, req)
+
+		glog.V(4).Infof("Forbidden: %#v, Reason: %s", req.RequestURI, reason)
+		forbidden(w, req)
 	})
 }