perf(cbguard): Use ColdBox 5.6's handler metadata cache

elpete · web-flow · commit 72ba3d054cb7 · 2019-09-05T11:30:30.000-06:00
ColdBox cache's handler metadata as of 5.6.  Use that instead of
instantiating the handler and computing its metadata each time.

BREAKING CHANGE: Must use ColdBox 5.6 for this feature
diff --git a/box.json b/box.json
@@ -16,7 +16,7 @@
     "type":"modules",
     "dependencies":{},
     "devDependencies":{
-        "coldbox":"^5.0.0",
+        "coldbox":"^5.6.0",
         "testbox":"^2.4.0+80"
     },
     "installPaths":{
diff --git a/interceptors/SecuredEventInterceptor.cfc b/interceptors/SecuredEventInterceptor.cfc
@@ -26,17 +26,11 @@ component extends="coldbox.system.Interceptor"{
             }
         }
 
-        if( listFirst( coldboxVersion, "." ) >= 5 ){
-            var handlerBean = handlerService.getHandlerBean( event.getCurrentEvent() );
-        } else {
-            var handlerBean = handlerService.getRegisteredHandler( event.getCurrentEvent() );
+        var handlerBean = handlerService.getHandlerBean( event.getCurrentEvent() );
+        if ( ! handlerBean.isMetadataLoaded() ) {
+            handlerService.getHandler( handlerBean, event );
         }
-        var handler = handlerService.getHandler(
-            handlerBean,
-            event
-        );
-
-        var handlerMetadata = getMetadata( handler );
+        var handlerMetadata = handlerBean.getHandlerMetadata();
 
         return notAuthorizedForHandler( handlerMetadata, event, overrides ) ||
             notAuthorizedForAction( handlerMetadata, event, overrides );
diff --git a/tests/specs/integration/AuthorizationSpec.cfc b/tests/specs/integration/AuthorizationSpec.cfc
@@ -59,13 +59,13 @@ component extends="tests.resources.ModuleIntegrationSpec" appMapping="/app" {
                 expect( event.getValue( "event", "" ) ).toBe( "PermissionActionSecured.fooPermissionAction" );
             } );
 
-            it( "redirects the user if the component has a secured annotatoin with a list of permissions and the user has at least one of the required permissions but the action also has a secured annotation with a list of permissions and the user does not have any of the required permissions", function() {
+            it( "redirects the user if the component has a secured annotation with a list of permissions and the user has at least one of the required permissions but the action also has a secured annotation with a list of permissions and the user does not have any of the required permissions", function() {
                 authenticationService.login( createUser( { permissions = [ "one" ] } ) );
                 var event = execute( event = "DoubleSecured.securedAction" );
                 expect( event.getValue( "relocate_EVENT", "" ) ).toBe( "Main.onAuthorizationFailure" );
             } );
 
-            it( "does not redirect the user if the component has a secured annotatoin with a list of permissions and the user has at least one of the required permissions and the action also has a secured annotation with a list of permissions and the user has at least one of the required permissions", function() {
+            it( "does not redirect the user if the component has a secured annotation with a list of permissions and the user has at least one of the required permissions and the action also has a secured annotation with a list of permissions and the user has at least one of the required permissions", function() {
                 authenticationService.login( createUser( { permissions = [ "one", "two" ] } ) );
                 var event = execute( event = "DoubleSecured.securedAction" );
                 expect( event.getValue( "event", "" ) ).toBe( "DoubleSecured.securedAction" );
diff --git a/tests/specs/integration/ModuleAuthorizationSpec.cfc b/tests/specs/integration/ModuleAuthorizationSpec.cfc
@@ -61,13 +61,13 @@ component extends="tests.resources.ModuleIntegrationSpec" appMapping="/app" {
                 expect( event.getValue( "event", "" ) ).toBe( "myModule:PermissionActionSecured.fooPermissionAction" );
             } );
 
-            it( "redirects the user if the component has a secured annotatoin with a list of permissions and the user has at least one of the required permissions but the action also has a secured annotation with a list of permissions and the user does not have any of the required permissions", function() {
+            it( "redirects the user if the component has a secured annotation with a list of permissions and the user has at least one of the required permissions but the action also has a secured annotation with a list of permissions and the user does not have any of the required permissions", function() {
                 authenticationService.login( createUser( { permissions = [ "one" ] } ) );
                 var event = execute( event = "myModule:DoubleSecured.securedAction" );
                 expect( event.getValue( "relocate_EVENT", "" ) ).toBe( "myModule:Main.onAuthorizationFailure" );
             } );
 
-            it( "does not redirect the user if the component has a secured annotatoin with a list of permissions and the user has at least one of the required permissions and the action also has a secured annotation with a list of permissions and the user has at least one of the required permissions", function() {
+            it( "does not redirect the user if the component has a secured annotation with a list of permissions and the user has at least one of the required permissions and the action also has a secured annotation with a list of permissions and the user has at least one of the required permissions", function() {
                 authenticationService.login( createUser( { permissions = [ "one", "two" ] } ) );
                 var event = execute( event = "myModule:DoubleSecured.securedAction" );
                 expect( event.valueExists( "relocate_EVENT" ) ).toBeFalse();
