fix race condition on authorization event processing which leads to permission mismatch

2026-02-01 04:09:08 +01:00 · 2020-11-09 16:04:54 +01:00
parent 9930d82d32
commit 121c0d1bf2
3 changed files with 6 additions and 2 deletions
--- a/scm-webapp/src/main/java/sonia/scm/security/AuthorizationChangedEventProducer.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/AuthorizationChangedEventProducer.java
@@ -140,7 +140,7 @@ public class AuthorizationChangedEventProducer {
   *
   * @param event repository event
   */
-  @Subscribe
+  @Subscribe(async = false)
  public void onEvent(RepositoryEvent event) {
    if (event.getEventType().isPost()) {
      if (isModificationEvent(event)) {
--- a/scm-webapp/src/main/java/sonia/scm/security/DefaultAuthorizationCollector.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/DefaultAuthorizationCollector.java
@@ -295,7 +295,7 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
    //J+
  }

-  @Subscribe
+  @Subscribe(async = false)
  public void invalidateCache(AuthorizationChangedEvent event) {
    if (event.isEveryUserAffected()) {
      invalidateUserCache(event.getNameOfAffectedUser());