diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-05-07 11:09:37 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-05-07 11:09:37 +0200 |
commit | 0c7fb22f3b6475a4239cc9afd11e706c153e0221 (patch) | |
tree | 0c9ef2005172eda69fd965a44b7c02c9cf0dd827 /controller-server | |
parent | 7f4e7753d438b8bb099e966c21f810b605b5a8b9 (diff) |
Do explicit check for hosted operator membership if user tenant
Diffstat (limited to 'controller-server')
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java index 0b1b88c4389..3b8e7e48cb2 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java @@ -170,7 +170,7 @@ public class ControllerAuthorizationFilter extends CorsRequestFilterBase { return false; } AthenzUser user = (AthenzUser) identity; - return ((UserTenant) tenant).is(user.getName()); + return ((UserTenant) tenant).is(user.getName()) || isHostedOperator(identity); } throw new InternalServerErrorException("Unknown tenant type: " + tenant.getClass().getSimpleName()); } |