Skip to content

Commit a086afd

Browse files
RubenVerborghRubenVerborgh
committed
Cache the permission set.
1 parent 4b2ac7a commit a086afd

File tree

1 file changed

+16
-13
lines changed

1 file changed

+16
-13
lines changed

lib/acl-checker.js

Lines changed: 16 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -19,29 +19,32 @@ class ACLChecker {
1919
this.suffix = options.suffix || DEFAULT_ACL_SUFFIX
2020
}
2121

22+
// Returns a fulfilled promise when the user can access the resource
23+
// in the given mode, or a rejected promise otherwise
2224
can (user, mode) {
23-
const debug = this.debug
2425
this.debug(`Can ${user || 'an agent'} ${mode} ${this.resource}?`)
2526
// If this is an ACL, Control mode must be present for any operations
2627
if (this.isAcl(this.resource)) {
2728
mode = 'Control'
2829
}
2930

30-
// Check the permissions within the nearest ACL
31-
return this.getNearestACL(this.resource)
32-
.then(nearestAcl => {
33-
const acls = this.getPermissionSet(nearestAcl)
34-
return this.checkAccess(acls, user, mode, this.resource)
35-
})
36-
.then(() => { debug('ACL policy found') })
31+
// Obtain the permission set for the resource
32+
if (!this._permissionSet) {
33+
this._permissionSet = this.getNearestACL()
34+
.then(acl => this.getPermissionSet(acl))
35+
}
36+
37+
// Check the permissions
38+
return this._permissionSet.then(acls => this.checkAccess(acls, user, mode))
39+
.then(() => { this.debug('ACL policy found') })
3740
.catch(err => {
38-
debug(`Error: ${err.message}`)
41+
this.debug(`Error: ${err.message}`)
3942
if (!user) {
40-
debug('Authentication required')
43+
this.debug('Authentication required')
4144
throw new HTTPError(401, `Access to ${this.resource} requires authorization`)
4245
} else {
43-
debug(`${mode} access denied for ${user}`)
44-
throw new HTTPError(403, `Access denied for ${user}`)
46+
this.debug(`${mode} access denied for ${user}`)
47+
throw new HTTPError(403, `Access to ${this.resource} denied for ${user}`)
4548
}
4649
})
4750
}
@@ -112,7 +115,7 @@ class ACLChecker {
112115
})
113116
}
114117

115-
// Gets the permission set for the given resource
118+
// Gets the permission set for the given ACL
116119
getPermissionSet ({ acl, graph, isContainer }) {
117120
const debug = this.debug
118121
if (!graph || graph.length === 0) {

0 commit comments

Comments
 (0)