Merge pull request #1025 from zalando/fix-cme

Fix CME by caching resource object
zalando · Feb 26, 2019 · 4f05270 · 4f05270
2 parents 625c300 + c7ff9aa
commit 4f05270
Showing 1 changed file with 21 additions and 12 deletions.
diff --git a/src/main/java/org/zalando/nakadi/service/AdminService.java b/src/main/java/org/zalando/nakadi/service/AdminService.java
@@ -40,7 +40,7 @@ public class AdminService {
     private final AuthorizationService authorizationService;
     private final FeatureToggleService featureToggleService;
     private final NakadiSettings nakadiSettings;
-    private Cache<String, List<Permission>> resourceCache;
+    private Cache<String, Resource<Void>> resourceCache;
     private final NakadiAuditLogPublisher auditLogPublisher;
 
     @Autowired
@@ -58,11 +58,7 @@ public AdminService(final AuthorizationDbRepository authorizationDbRepository,
     }
 
     public List<Permission> getAdmins() {
-        try {
-            return addDefaultAdmin(resourceCache.get(ADMIN_RESOURCE, authorizationDbRepository::listAdmins));
-        } catch (ExecutionException e) {
             return addDefaultAdmin(authorizationDbRepository.listAdmins());
-        }
     }
 
     public void updateAdmins(final List<Permission> newAdmins)
@@ -87,20 +83,33 @@ public void updateAdmins(final List<Permission> newAdmins)
                 "-");
     }
 
-    public boolean isAdmin(final AuthorizationService.Operation operation) throws PluginException {
+    private Resource<Void> getAdminResource() {
         final List<Permission> permissions = getAdmins();
-        final Resource<Void> resource = new ResourceImpl<>(ADMIN_RESOURCE, ADMIN_RESOURCE,
+        return new ResourceImpl<>(ADMIN_RESOURCE, ADMIN_RESOURCE,
+                ResourceAuthorization.fromPermissionsList(permissions), null);
+    }
+
+    private Resource<Void> getAllDataAccessResource() {
+        final List<Permission> permissions = authorizationDbRepository.listAllDataAccess();
+        return new ResourceImpl<>(ALL_DATA_ACCESS_RESOURCE,
+                ALL_DATA_ACCESS_RESOURCE,
                 ResourceAuthorization.fromPermissionsList(permissions), null);
+    }
+
+    public boolean isAdmin(final AuthorizationService.Operation operation) throws PluginException {
+        Resource<Void> resource;
+        try {
+            resource = resourceCache.get(ADMIN_RESOURCE, () -> getAdminResource());
+        } catch (ExecutionException e) {
+            resource = getAdminResource();
+        }
         return authorizationService.isAuthorized(operation, resource);
     }
 
     public boolean hasAllDataAccess(final AuthorizationService.Operation operation) throws PluginException {
         try {
-            final List<Permission> permissions = resourceCache.get(ALL_DATA_ACCESS_RESOURCE,
-                    authorizationDbRepository::listAllDataAccess);
-            final Resource<Void> resource = new ResourceImpl<>(ALL_DATA_ACCESS_RESOURCE,
-                    ALL_DATA_ACCESS_RESOURCE,
-                    ResourceAuthorization.fromPermissionsList(permissions), null);
+            final Resource resource = resourceCache.get(ALL_DATA_ACCESS_RESOURCE,
+                    () -> getAllDataAccessResource());
             return authorizationService.isAuthorized(operation, resource);
         } catch (ExecutionException e) {
             LOG.error("Could not determine whether this application has all data access", e);