From 7d5ac7b45cbf0ec0d11d6277d0d3efbe6682b47f Mon Sep 17 00:00:00 2001
From: Johannes Batzill <johannes.batzill@harness.io>
Date: Mon, 15 Jul 2024 19:07:14 +0000
Subject: [PATCH] fix: [CODE-2114]: Return 404 if anonymous makes user
 restricted call (#2225)

---
 app/api/middleware/principal/principal.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/api/middleware/principal/principal.go b/app/api/middleware/principal/principal.go
index e733b0fee..4eadb569f 100644
--- a/app/api/middleware/principal/principal.go
+++ b/app/api/middleware/principal/principal.go
@@ -45,7 +45,8 @@ func RestrictTo(pType enum.PrincipalType) func(http.Handler) http.Handler {
 			if p.UID == types.AnonymousPrincipalUID {
 				log.Ctx(ctx).Debug().Msgf("Valid principal is required, received an Anonymous.")
 
-				render.Unauthorized(ctx, w)
+				// TODO: revert to Unauthorized once UI is handling it properly.
+				render.NotFound(ctx, w)
 				return
 			}