Do explicit check for hosted operator membership if user tenant

author: Bjørn Christian Seime <bjorncs@oath.com> 2018-05-07 11:09:37 +0200
committer: Bjørn Christian Seime <bjorncs@oath.com> 2018-05-07 11:09:37 +0200
commit: 0c7fb22f3b6475a4239cc9afd11e706c153e0221 (patch)
tree: 0c9ef2005172eda69fd965a44b7c02c9cf0dd827 /controller-server
parent: 7f4e7753d438b8bb099e966c21f810b605b5a8b9 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java
index 0b1b88c4389..3b8e7e48cb2 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java
@@ -170,7 +170,7 @@ public class ControllerAuthorizationFilter extends CorsRequestFilterBase {
                 return false;
             }
             AthenzUser user = (AthenzUser) identity;
-            return ((UserTenant) tenant).is(user.getName());
+            return ((UserTenant) tenant).is(user.getName()) || isHostedOperator(identity);
         }
         throw new InternalServerErrorException("Unknown tenant type: " + tenant.getClass().getSimpleName());
     }
author	Bjørn Christian Seime <bjorncs@oath.com>	2018-05-07 11:09:37 +0200
committer	Bjørn Christian Seime <bjorncs@oath.com>	2018-05-07 11:09:37 +0200
commit	0c7fb22f3b6475a4239cc9afd11e706c153e0221 (patch)
tree	0c9ef2005172eda69fd965a44b7c02c9cf0dd827 /controller-server
parent	7f4e7753d438b8bb099e966c21f810b605b5a8b9 (diff)