Handle failed authz requests to Arborist (#308)

uc-cdis · May 25, 2021 · 0101d52 · 0101d52
1 parent 1f95a9b
commit 0101d52
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/indexd/auth/drivers/alchemy.py b/indexd/auth/drivers/alchemy.py
@@ -133,9 +133,16 @@ def authz(self, method, resource):
 
         try:
             # A successful call from arborist returns a bool, else returns ArboristError
-            if not self.arborist.auth_request(
-                get_jwt_token(), "indexd", method, resource
-            ):
+            try:
+                authorized = self.arborist.auth_request(
+                    get_jwt_token(), "indexd", method, resource
+                )
+            except Exception as e:
+                logger.error(
+                    f"Request to Arborist failed; now checking admin access. Details:\n{e}"
+                )
+                authorized = False
+            if not authorized:
                 # admins can perform all operations
                 is_admin = self.arborist.auth_request(
                     get_jwt_token(), "indexd", method, ["/services/indexd/admin"]