Prevent needless provider checks

- if a hosts DN is listed in ALLOWED_TO_POST, they will be allowed to POST regardless of whether they are listed as as a provider or not. So why not check ALLOWED_TO_POST first and avoid a potentially expensive provider check - this changes preserves the fact that BANNED_FROM_POST overwrites both ALLOWED_TO_POST and any provider lists
apel · Feb 8, 2018 · 2c498f5 · 2c498f5
1 parent dbc2ba5
commit 2c498f5
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/api/views/CloudRecordView.py b/api/views/CloudRecordView.py
@@ -152,15 +152,15 @@ def _signer_is_valid(self, signer_dn):
             self.logger.info("Host %s is banned.", signer)
             return False
 
+        if signer_dn in settings.ALLOWED_TO_POST:
+            self.logger.info("Host %s has special access.", signer)
+            return True
+
         if signer in self._get_indigo_providers():
             self.logger.info("Host %s is listed as an INDIGO provider.",
                              signer)
             return True
 
-        if signer_dn in settings.ALLOWED_TO_POST:
-            self.logger.info("Host %s has special access.", signer)
-            return True
-
         # If we have not returned already
         # then site must be invalid
         self.logger.info('Site is not found on list of providers')