From 14ba382e4fa3f1ca7f2aedf77d871c7823b6ec79 Mon Sep 17 00:00:00 2001
From: Gavin Cabbage <gavincabbage@users.noreply.github.com>
Date: Fri, 13 Mar 2020 15:35:33 -0400
Subject: [PATCH] fix(buckets): return unauthorized if no org is found for user
 (#17264)

---
 authorizer/bucket.go | 2 +-
 http/api_handler.go  | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/authorizer/bucket.go b/authorizer/bucket.go
index 6111b0f8e6..49a2971528 100644
--- a/authorizer/bucket.go
+++ b/authorizer/bucket.go
@@ -100,7 +100,7 @@ func authorizeReadSystemBucket(ctx context.Context, b *influxdb.Bucket, u influx
 
 	return &influxdb.Error{
 		Code: influxdb.EUnauthorized,
-		Msg:  fmt.Sprintf("unauthorized"),
+		Msg:  "unauthorized",
 	}
 }
 
diff --git a/http/api_handler.go b/http/api_handler.go
index 83d8a56cc3..fd9803b066 100644
--- a/http/api_handler.go
+++ b/http/api_handler.go
@@ -117,6 +117,7 @@ func NewAPIHandler(b *APIBackend, opts ...APIHandlerOptFn) *APIHandler {
 		Router: newBaseChiRouter(b.HTTPErrorHandler),
 	}
 
+	noAuthUserResourceMappingService := b.UserResourceMappingService
 	b.UserResourceMappingService = authorizer.NewURMService(b.OrgLookupService, b.UserResourceMappingService)
 
 	h.Mount("/api/v2", serveLinksHandler(b.HTTPErrorHandler))
@@ -126,7 +127,7 @@ func NewAPIHandler(b *APIBackend, opts ...APIHandlerOptFn) *APIHandler {
 	h.Mount(prefixAuthorization, NewAuthorizationHandler(b.Logger, authorizationBackend))
 
 	bucketBackend := NewBucketBackend(b.Logger.With(zap.String("handler", "bucket")), b)
-	bucketBackend.BucketService = authorizer.NewBucketService(b.BucketService, b.UserResourceMappingService)
+	bucketBackend.BucketService = authorizer.NewBucketService(b.BucketService, noAuthUserResourceMappingService)
 	bucketBackend.LabelService = authorizer.NewLabelServiceWithOrg(b.LabelService, b.OrgLookupService)
 	h.Mount(prefixBuckets, NewBucketHandler(b.Logger, bucketBackend))
 
@@ -186,7 +187,7 @@ func NewAPIHandler(b *APIBackend, opts ...APIHandlerOptFn) *APIHandler {
 
 	sourceBackend := NewSourceBackend(b.Logger.With(zap.String("handler", "source")), b)
 	sourceBackend.SourceService = authorizer.NewSourceService(b.SourceService)
-	sourceBackend.BucketService = authorizer.NewBucketService(b.BucketService, b.UserResourceMappingService)
+	sourceBackend.BucketService = authorizer.NewBucketService(b.BucketService, noAuthUserResourceMappingService)
 	h.Mount(prefixSources, NewSourceHandler(b.Logger, sourceBackend))
 
 	h.Mount("/api/v2/swagger.json", newSwaggerLoader(b.Logger.With(zap.String("service", "swagger-loader")), b.HTTPErrorHandler))