diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-02-21 13:53:00 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-02-21 13:53:00 +0100 |
commit | ebac8e20ecf8a55f79374fdc32848d9aaf70187e (patch) | |
tree | 5186ecd0dd4dcc55cb7b280d621847c1cdfaff13 /controller-server | |
parent | b23445f6489045794a219a087bca2b8af15989cf (diff) |
Only verify tenant admin membership if tenant exist
Diffstat (limited to 'controller-server')
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java index 7d700914fee..0e703cf4cec 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java @@ -152,12 +152,12 @@ public class ControllerAuthorizationFilter implements SecurityRequestFilter { } private void verifyIsTenantAdmin(AthenzPrincipal principal, TenantId tenantId) { - boolean isTenantAdmin = controller.tenants().tenant(tenantId) - .map(tenant -> isTenantAdmin(principal.getIdentity(), tenant)) - .orElse(false); - if (!isTenantAdmin) { - throw new ForbiddenException("Tenant admin or Vespa operator role required"); - } + controller.tenants().tenant(tenantId) + .ifPresent(tenant -> { + if (!isTenantAdmin(principal.getIdentity(), tenant)) { + throw new ForbiddenException("Tenant admin or Vespa operator role required"); + } + }); } private boolean isTenantAdmin(AthenzIdentity identity, Tenant tenant) { |