improve cache invalidation on permission change events

2025-11-15 09:46:16 +01:00 · 2016-06-26 12:53:41 +02:00
parent 7bc793ecd5
commit 89660e8ac3
2 changed files with 31 additions and 7 deletions
--- a/scm-webapp/src/main/java/sonia/scm/security/AuthorizationCollector.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/AuthorizationCollector.java
@@ -184,7 +184,7 @@ public class AuthorizationCollector
  }
  private void invalidateUserCache(final String username){
-    logger.debug("invalidate cache of user {}, because user properties have changed", username);
+    logger.debug("invalidate cache of user {}, because of a event which could change the permissions", username);
    cache.removeAll(new Filter<CacheKey>()
    {
      @Override
@@ -248,10 +248,11 @@ public class AuthorizationCollector
  }
  /**
-   * Method description
+   * Invalidates the whole cache if a group permission has changed and invalidates the cached entries of a user, if a
   * user permission has changed.
   *
   *
-   * @param event
+   * @param event permission event
   */
  @Subscribe
  public void onEvent(StoredAssignedPermissionEvent event)
@@ -264,8 +265,17 @@ public class AuthorizationCollector
          event.getPermission().getId());
      }
      StoredAssignedPermission permission = event.getPermission();
      if (permission.isGroupPermission())
      {
        logger.debug("clears the whole cache, because global group permission {} has changed", permission.getId());
        cache.clear();
      }
      else 
      {
        invalidateUserCache(permission.getName());
      }
    }
  }
  /**
--- a/scm-webapp/src/test/java/sonia/scm/security/AuthorizationCollectorTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/AuthorizationCollectorTest.java
@@ -211,11 +211,25 @@ public class AuthorizationCollectorTest {
  @Test
  public void testOnStoredAssignedPermissionEvent()
  {
-    StoredAssignedPermission permission = new StoredAssignedPermission();
+    StoredAssignedPermission groupPermission = new StoredAssignedPermission(
-    collector.onEvent(new StoredAssignedPermissionEvent(HandlerEvent.BEFORE_CREATE, permission));
+      "123", new AssignedPermission("_authenticated", true, "repository:read:*")
    );
    collector.onEvent(new StoredAssignedPermissionEvent(HandlerEvent.BEFORE_CREATE, groupPermission));
    verify(cache, never()).clear();
-    collector.onEvent(new StoredAssignedPermissionEvent(HandlerEvent.CREATE, permission));
+    collector.onEvent(new StoredAssignedPermissionEvent(HandlerEvent.CREATE, groupPermission));
    verify(cache).clear();
    StoredAssignedPermission userPermission = new StoredAssignedPermission(
      "123", new AssignedPermission("trillian", false, "repository:read:*")
    );
    collector.onEvent(new StoredAssignedPermissionEvent(HandlerEvent.BEFORE_CREATE, userPermission));
    verify(cache, never()).removeAll(Mockito.any(Filter.class));
    verify(cache).clear();
    collector.onEvent(new StoredAssignedPermissionEvent(HandlerEvent.CREATE, userPermission));
    verify(cache).removeAll(Mockito.any(Filter.class));
    verify(cache).clear();
  }