Skip to content
This repository has been archived by the owner on Jun 7, 2024. It is now read-only.

Commit

Permalink
Merge pull request #1025 from zalando/fix-cme
Browse files Browse the repository at this point in the history
Fix CME by caching resource object
  • Loading branch information
ferbncode authored Feb 26, 2019
2 parents 625c300 + c7ff9aa commit 4f05270
Showing 1 changed file with 21 additions and 12 deletions.
33 changes: 21 additions & 12 deletions src/main/java/org/zalando/nakadi/service/AdminService.java
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ public class AdminService {
private final AuthorizationService authorizationService;
private final FeatureToggleService featureToggleService;
private final NakadiSettings nakadiSettings;
private Cache<String, List<Permission>> resourceCache;
private Cache<String, Resource<Void>> resourceCache;
private final NakadiAuditLogPublisher auditLogPublisher;

@Autowired
Expand All @@ -58,11 +58,7 @@ public AdminService(final AuthorizationDbRepository authorizationDbRepository,
}

public List<Permission> getAdmins() {
try {
return addDefaultAdmin(resourceCache.get(ADMIN_RESOURCE, authorizationDbRepository::listAdmins));
} catch (ExecutionException e) {
return addDefaultAdmin(authorizationDbRepository.listAdmins());
}
}

public void updateAdmins(final List<Permission> newAdmins)
Expand All @@ -87,20 +83,33 @@ public void updateAdmins(final List<Permission> newAdmins)
"-");
}

public boolean isAdmin(final AuthorizationService.Operation operation) throws PluginException {
private Resource<Void> getAdminResource() {
final List<Permission> permissions = getAdmins();
final Resource<Void> resource = new ResourceImpl<>(ADMIN_RESOURCE, ADMIN_RESOURCE,
return new ResourceImpl<>(ADMIN_RESOURCE, ADMIN_RESOURCE,
ResourceAuthorization.fromPermissionsList(permissions), null);
}

private Resource<Void> getAllDataAccessResource() {
final List<Permission> permissions = authorizationDbRepository.listAllDataAccess();
return new ResourceImpl<>(ALL_DATA_ACCESS_RESOURCE,
ALL_DATA_ACCESS_RESOURCE,
ResourceAuthorization.fromPermissionsList(permissions), null);
}

public boolean isAdmin(final AuthorizationService.Operation operation) throws PluginException {
Resource<Void> resource;
try {
resource = resourceCache.get(ADMIN_RESOURCE, () -> getAdminResource());
} catch (ExecutionException e) {
resource = getAdminResource();
}
return authorizationService.isAuthorized(operation, resource);
}

public boolean hasAllDataAccess(final AuthorizationService.Operation operation) throws PluginException {
try {
final List<Permission> permissions = resourceCache.get(ALL_DATA_ACCESS_RESOURCE,
authorizationDbRepository::listAllDataAccess);
final Resource<Void> resource = new ResourceImpl<>(ALL_DATA_ACCESS_RESOURCE,
ALL_DATA_ACCESS_RESOURCE,
ResourceAuthorization.fromPermissionsList(permissions), null);
final Resource resource = resourceCache.get(ALL_DATA_ACCESS_RESOURCE,
() -> getAllDataAccessResource());
return authorizationService.isAuthorized(operation, resource);
} catch (ExecutionException e) {
LOG.error("Could not determine whether this application has all data access", e);
Expand Down

0 comments on commit 4f05270

Please sign in to comment.