diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-02-21 13:53:00 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-02-22 09:08:33 +0100 |
commit | a3284e95e5b18ec72659caf934d18a44b05f3f5f (patch) | |
tree | e8d2e3991e4ee3ec40ec7813228301319a9b7bb6 /controller-server | |
parent | 88b0bc599324165b71222dbbec2f00be4efb529c (diff) |
Only verify tenant admin membership if tenant exist
Diffstat (limited to 'controller-server')
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java index 7d700914fee..0e703cf4cec 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java @@ -152,12 +152,12 @@ public class ControllerAuthorizationFilter implements SecurityRequestFilter { } private void verifyIsTenantAdmin(AthenzPrincipal principal, TenantId tenantId) { - boolean isTenantAdmin = controller.tenants().tenant(tenantId) - .map(tenant -> isTenantAdmin(principal.getIdentity(), tenant)) - .orElse(false); - if (!isTenantAdmin) { - throw new ForbiddenException("Tenant admin or Vespa operator role required"); - } + controller.tenants().tenant(tenantId) + .ifPresent(tenant -> { + if (!isTenantAdmin(principal.getIdentity(), tenant)) { + throw new ForbiddenException("Tenant admin or Vespa operator role required"); + } + }); } private boolean isTenantAdmin(AthenzIdentity identity, Tenant tenant) { |