summaryrefslogtreecommitdiffstats
path: root/controller-server
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@oath.com>2018-02-21 13:53:00 +0100
committerBjørn Christian Seime <bjorncs@oath.com>2018-02-21 13:53:00 +0100
commitebac8e20ecf8a55f79374fdc32848d9aaf70187e (patch)
tree5186ecd0dd4dcc55cb7b280d621847c1cdfaff13 /controller-server
parentb23445f6489045794a219a087bca2b8af15989cf (diff)
Only verify tenant admin membership if tenant exist
Diffstat (limited to 'controller-server')
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java12
1 files changed, 6 insertions, 6 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java
index 7d700914fee..0e703cf4cec 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java
@@ -152,12 +152,12 @@ public class ControllerAuthorizationFilter implements SecurityRequestFilter {
}
private void verifyIsTenantAdmin(AthenzPrincipal principal, TenantId tenantId) {
- boolean isTenantAdmin = controller.tenants().tenant(tenantId)
- .map(tenant -> isTenantAdmin(principal.getIdentity(), tenant))
- .orElse(false);
- if (!isTenantAdmin) {
- throw new ForbiddenException("Tenant admin or Vespa operator role required");
- }
+ controller.tenants().tenant(tenantId)
+ .ifPresent(tenant -> {
+ if (!isTenantAdmin(principal.getIdentity(), tenant)) {
+ throw new ForbiddenException("Tenant admin or Vespa operator role required");
+ }
+ });
}
private boolean isTenantAdmin(AthenzIdentity identity, Tenant tenant) {