summaryrefslogtreecommitdiffstats
path: root/controller-server
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@oath.com>2018-02-21 13:53:00 +0100
committerBjørn Christian Seime <bjorncs@oath.com>2018-02-22 09:08:33 +0100
commita3284e95e5b18ec72659caf934d18a44b05f3f5f (patch)
treee8d2e3991e4ee3ec40ec7813228301319a9b7bb6 /controller-server
parent88b0bc599324165b71222dbbec2f00be4efb529c (diff)
Only verify tenant admin membership if tenant exist
Diffstat (limited to 'controller-server')
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java12
1 files changed, 6 insertions, 6 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java
index 7d700914fee..0e703cf4cec 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java
@@ -152,12 +152,12 @@ public class ControllerAuthorizationFilter implements SecurityRequestFilter {
}
private void verifyIsTenantAdmin(AthenzPrincipal principal, TenantId tenantId) {
- boolean isTenantAdmin = controller.tenants().tenant(tenantId)
- .map(tenant -> isTenantAdmin(principal.getIdentity(), tenant))
- .orElse(false);
- if (!isTenantAdmin) {
- throw new ForbiddenException("Tenant admin or Vespa operator role required");
- }
+ controller.tenants().tenant(tenantId)
+ .ifPresent(tenant -> {
+ if (!isTenantAdmin(principal.getIdentity(), tenant)) {
+ throw new ForbiddenException("Tenant admin or Vespa operator role required");
+ }
+ });
}
private boolean isTenantAdmin(AthenzIdentity identity, Tenant tenant) {