fix race condition on authorization event processing which leads to permission mismatch

CHANGELOG.md

@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## Unreleased
+### Fixed
+- Error on repository initialization with least-privilege user ([#1414](https://github.com/scm-manager/scm-manager/pull/1414))
+
 ## [2.9.0] - 2020-11-06
 ### Added
 - Tracing api ([#1393](https://github.com/scm-manager/scm-manager/pull/#1393))

scm-webapp/src/main/java/sonia/scm/security/AuthorizationChangedEventProducer.java

@@ -140,7 +140,7 @@ public class AuthorizationChangedEventProducer {
    *
    * @param event repository event
    */
-  @Subscribe
+  @Subscribe(async = false)
   public void onEvent(RepositoryEvent event) {
     if (event.getEventType().isPost()) {
       if (isModificationEvent(event)) {

scm-webapp/src/main/java/sonia/scm/security/DefaultAuthorizationCollector.java

@@ -295,7 +295,7 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
     //J+
   }
 
-  @Subscribe
+  @Subscribe(async = false)
   public void invalidateCache(AuthorizationChangedEvent event) {
     if (event.isEveryUserAffected()) {
       invalidateUserCache(event.getNameOfAffectedUser());