From acdb8aa2a60da2675ccd3f49a21ecd91de0c03c2 Mon Sep 17 00:00:00 2001
From: Xiangliang Meng <xlmeng@amazon.com>
Date: Thu, 1 Sep 2022 18:56:37 +0000
Subject: [PATCH] Refactor AuthorizationFilter::hasAnyPermission to avoid
 always returning true

---
 .../notification/auth/AuthorizationFilter.java   | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/notification-core/src/main/java/org/opengroup/osdu/notification/auth/AuthorizationFilter.java b/notification-core/src/main/java/org/opengroup/osdu/notification/auth/AuthorizationFilter.java
index 0d4693068..a69afee52 100644
--- a/notification-core/src/main/java/org/opengroup/osdu/notification/auth/AuthorizationFilter.java
+++ b/notification-core/src/main/java/org/opengroup/osdu/notification/auth/AuthorizationFilter.java
@@ -63,25 +63,23 @@ public class AuthorizationFilter {
         if (Arrays.asList(requiredRoles).contains(Config.CRON) && requestInfoExt.isCronRequest()) {
             dpsHeaders.put(DpsHeaders.USER_EMAIL, Config.CRON);
             requestInfoExt.setHeaders(dpsHeaders);
-            return true;
         } else if (Arrays.asList(requiredRoles).contains(Config.PUBSUB)) {
             String jwt = dpsHeaders.getAuthorization().substring(BEARER_PREFIX.length());
             if (!this.validator.isValidPublisherServiceAccount(jwt)) {
-                if (!this.authorizeWithEntitlements(requiredRoles)) {
-                    throw new AppException(401, "Invalid User Identity", "this user is not authorized for this operation");
-                }
+                this.authorizeWithEntitlements(requiredRoles);
+            } else {
+                return false;
             }
-            return true;
         } else {
-            return authorizeWithEntitlements(requiredRoles);
+            authorizeWithEntitlements(requiredRoles);
         }
+        return true;
     }
 
-    private boolean authorizeWithEntitlements(String... requiredRoles) {
-        AuthorizationResponse authorizationResponse = authService.authorizeAny(requestInfoExt.getHeaders(), requiredRoles);
+    private void authorizeWithEntitlements(String... requiredRoles) {
         DpsHeaders dpsHeaders = requestInfoExt.getHeaders();
+        AuthorizationResponse authorizationResponse = authService.authorizeAny(dpsHeaders, requiredRoles);
         dpsHeaders.put(DpsHeaders.USER_EMAIL, authorizationResponse.getUser());
         requestInfoExt.setHeaders(dpsHeaders);
-        return true;
     }
 }
-- 
GitLab