Addressed review comments

hpcc-systems · May 22, 2024 · 88deb76 · 88deb76
1 parent 364ed76
commit 88deb76
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 9 deletions.
diff --git a/system/security/LdapSecurity/ldapconnection.cpp b/system/security/LdapSecurity/ldapconnection.cpp
@@ -664,7 +664,6 @@ class CLdapConfig : implements ILdapConfig, public CInterface
             m_sdfieldname.append("aci");
         else if(m_serverType == OPEN_LDAP)
             m_sdfieldname.append("aci");
-
 #ifdef _DEBUG
         debugPrintout();
 #endif

diff --git a/system/security/shared/caching.cpp b/system/security/shared/caching.cpp
@@ -688,29 +688,37 @@ SecAccessFlags CPermissionsCache::queryDefaultPermission(ISecUser& user)
             if (m_secMgr)
                 m_defaultPermission = m_secMgr->queryDefaultPermission(user);
             else
-                m_defaultPermission = SecAccess_None;
+                m_defaultPermission = SecAccess_Full;
 
             DBGLOG("Legacy default file scope permission set to %s(%d) for all users, based on User '%s'", getSecAccessFlagName(m_defaultPermission),
                    m_defaultPermission, user.getName());
         }
         return m_defaultPermission;
     }
 
-    const char *username = user.getName();
     SecAccessFlags defaultPermission = SecAccess_None;
     if (m_secMgr)
     {
+        const std::string username(user.getName());
         ReadLockBlock defaultScopesReadLock(m_defaultScopesRWLock);
         auto it = m_userDefaultFileScopePermissions.find(username);
         if (it == m_userDefaultFileScopePermissions.end())
         {
             defaultScopesReadLock.clear();
             WriteLockBlock defaultScopesWriteLock(m_defaultScopesRWLock);
-            defaultPermission = m_secMgr->queryDefaultPermission(user);
-            std::string userName(username);
-            m_userDefaultFileScopePermissions.emplace(userName, defaultPermission);
-            DBGLOG("Added user '%s' to default file scope permissions with access %s(%d)", username, getSecAccessFlagName(defaultPermission),
-                   defaultPermission);
+
+            auto verifyIt = m_userDefaultFileScopePermissions.find(username);
+            if (verifyIt == m_userDefaultFileScopePermissions.end())
+            {
+                defaultPermission = m_secMgr->queryDefaultPermission(user);
+                m_userDefaultFileScopePermissions.emplace(username, defaultPermission);
+                DBGLOG("Added user '%s' to default file scope permissions with access %s(%d)", username.c_str(), getSecAccessFlagName(defaultPermission),
+                       defaultPermission);
+            }
+            else
+            {
+                defaultPermission = it->second;
+            }
         }
         else
         {
@@ -743,7 +751,7 @@ void CPermissionsCache::flush()
     }
     if (m_useLegacyDefaultFileScopePermissionCache)
     {
-        m_defaultPermission = SecAccess_None;
+        m_defaultPermission = SecAccess_Unknown;
     }
     else
     {