Cache resource instead

zalando · Feb 26, 2019 · c7ff9aa · c7ff9aa
1 parent b6841bc
commit c7ff9aa
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 29 deletions.
diff --git a/src/main/java/org/zalando/nakadi/domain/ResourceAuthorization.java b/src/main/java/org/zalando/nakadi/domain/ResourceAuthorization.java
@@ -11,10 +11,8 @@
 import javax.validation.Valid;
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Size;
-import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
-import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
@@ -85,21 +83,19 @@ public List<Permission> toPermissionsList(final String resource) {
     }
 
     public static ResourceAuthorization fromPermissionsList(final List<Permission> permissions) {
-        final List<AuthorizationAttribute> admins = new ArrayList<>();
-        final List<AuthorizationAttribute> writers = new ArrayList<>();
-        final List<AuthorizationAttribute> readers = new ArrayList<>();
-        final Iterator<Permission> iterator = permissions.iterator();
-
-        while (iterator.hasNext()) {
-            final Permission permission = iterator.next();
-            if (permission.getOperation().equals(AuthorizationService.Operation.ADMIN)) {
-                admins.add(permission.getAuthorizationAttribute());
-            } else if (permission.getOperation().equals(AuthorizationService.Operation.WRITE)) {
-                writers.add(permission.getAuthorizationAttribute());
-            } else if (permission.getOperation().equals(AuthorizationService.Operation.READ)) {
-                readers.add(permission.getAuthorizationAttribute());
-            }
-        }
+        final List<AuthorizationAttribute> admins = permissions.stream()
+                .filter(p -> p.getOperation().equals(AuthorizationService.Operation.ADMIN))
+                .map(Permission::getAuthorizationAttribute)
+                .collect(Collectors.toList());
+        final List<AuthorizationAttribute> readers = permissions.stream()
+                .filter(p -> p.getOperation().equals(AuthorizationService.Operation.READ))
+                .map(Permission::getAuthorizationAttribute)
+                .collect(Collectors.toList());
+        final List<AuthorizationAttribute> writers = permissions.stream()
+                .filter(p -> p.getOperation().equals(AuthorizationService.Operation.WRITE))
+                .map(Permission::getAuthorizationAttribute)
+                .collect(Collectors.toList());
+
         return new ResourceAuthorization(admins, readers, writers);
     }
 

diff --git a/src/main/java/org/zalando/nakadi/service/AdminService.java b/src/main/java/org/zalando/nakadi/service/AdminService.java
@@ -40,7 +40,7 @@ public class AdminService {
     private final AuthorizationService authorizationService;
     private final FeatureToggleService featureToggleService;
     private final NakadiSettings nakadiSettings;
-    private Cache<String, List<Permission>> resourceCache;
+    private Cache<String, Resource<Void>> resourceCache;
     private final NakadiAuditLogPublisher auditLogPublisher;
 
     @Autowired
@@ -58,11 +58,7 @@ public AdminService(final AuthorizationDbRepository authorizationDbRepository,
     }
 
     public List<Permission> getAdmins() {
-        try {
-            return addDefaultAdmin(resourceCache.get(ADMIN_RESOURCE, authorizationDbRepository::listAdmins));
-        } catch (ExecutionException e) {
             return addDefaultAdmin(authorizationDbRepository.listAdmins());
-        }
     }
 
     public void updateAdmins(final List<Permission> newAdmins)
@@ -87,20 +83,33 @@ public void updateAdmins(final List<Permission> newAdmins)
                 "-");
     }
 
-    public boolean isAdmin(final AuthorizationService.Operation operation) throws PluginException {
+    private Resource<Void> getAdminResource() {
         final List<Permission> permissions = getAdmins();
-        final Resource<Void> resource = new ResourceImpl<>(ADMIN_RESOURCE, ADMIN_RESOURCE,
+        return new ResourceImpl<>(ADMIN_RESOURCE, ADMIN_RESOURCE,
+                ResourceAuthorization.fromPermissionsList(permissions), null);
+    }
+
+    private Resource<Void> getAllDataAccessResource() {
+        final List<Permission> permissions = authorizationDbRepository.listAllDataAccess();
+        return new ResourceImpl<>(ALL_DATA_ACCESS_RESOURCE,
+                ALL_DATA_ACCESS_RESOURCE,
                 ResourceAuthorization.fromPermissionsList(permissions), null);
+    }
+
+    public boolean isAdmin(final AuthorizationService.Operation operation) throws PluginException {
+        Resource<Void> resource;
+        try {
+            resource = resourceCache.get(ADMIN_RESOURCE, () -> getAdminResource());
+        } catch (ExecutionException e) {
+            resource = getAdminResource();
+        }
         return authorizationService.isAuthorized(operation, resource);
     }
 
     public boolean hasAllDataAccess(final AuthorizationService.Operation operation) throws PluginException {
         try {
-            final List<Permission> permissions = resourceCache.get(ALL_DATA_ACCESS_RESOURCE,
-                    authorizationDbRepository::listAllDataAccess);
-            final Resource<Void> resource = new ResourceImpl<>(ALL_DATA_ACCESS_RESOURCE,
-                    ALL_DATA_ACCESS_RESOURCE,
-                    ResourceAuthorization.fromPermissionsList(permissions), null);
+            final Resource resource = resourceCache.get(ALL_DATA_ACCESS_RESOURCE,
+                    () -> getAllDataAccessResource());
             return authorizationService.isAuthorized(operation, resource);
         } catch (ExecutionException e) {
             LOG.error("Could not determine whether this application has all data access", e);