@@ -366,9 +366,6 @@ func TestAuthorizeAllEndpoints(t *testing.T) {
366366 // By default, all omitted routes check for just "authorize" called
367367 routeAssertions = routeCheck {}
368368 }
369- if routeAssertions .StatusCode == 0 {
370- routeAssertions .StatusCode = http .StatusForbidden
371- }
372369
373370 // Replace all url params with known values
374371 route = strings .ReplaceAll (route , "{organization}" , admin .OrganizationID .String ())
@@ -397,7 +394,14 @@ func TestAuthorizeAllEndpoints(t *testing.T) {
397394
398395 if ! routeAssertions .NoAuthorize {
399396 assert .NotNil (t , authorizer .Called , "authorizer expected" )
400- assert .Equal (t , routeAssertions .StatusCode , resp .StatusCode , "expect unauthorized" )
397+ if routeAssertions .StatusCode != 0 {
398+ assert .Equal (t , routeAssertions .StatusCode , resp .StatusCode , "expect unauthorized" )
399+ } else {
400+ // It's either a 404 or 403.
401+ if resp .StatusCode != http .StatusNotFound {
402+ assert .Equal (t , http .StatusForbidden , resp .StatusCode , "expect unauthorized" )
403+ }
404+ }
401405 if authorizer .Called != nil {
402406 if routeAssertions .AssertAction != "" {
403407 assert .Equal (t , routeAssertions .AssertAction , authorizer .Called .Action , "resource action" )
0 commit comments