From 010f5f80f8819dd1ae80c3823e8f1f5d6124822e Mon Sep 17 00:00:00 2001
From: akumar <arun.kumar@n-fuse.co>
Date: Tue, 2 Jul 2024 17:18:45 +0200
Subject: [PATCH] fix: optimize redis lookup for HR scopes in beginning of
 isAllowed and whatIsAllowed

---
 src/core/accessController.ts | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/core/accessController.ts b/src/core/accessController.ts
index 3ce8088..3442277 100644
--- a/src/core/accessController.ts
+++ b/src/core/accessController.ts
@@ -114,6 +114,13 @@ export class AccessController {
         context.subject.role_associations = subject.payload.role_associations;
       }
     }
+
+    // check if context subject_id contains HR scope if not make request 'createHierarchicalScopes'
+    if (context?.subject?.token &&
+      _.isEmpty(context.subject.hierarchical_scopes)) {
+      context = await this.createHRScope(context);
+    }
+
     for (let [, value] of this.policySets) {
       const policySet: PolicySetWithCombinables = value;
       let policyEffects: EffectEvaluation[] = [];
@@ -327,6 +334,11 @@ export class AccessController {
         context.subject.role_associations = subject.payload.role_associations;
       }
     }
+    // check if context subject_id contains HR scope if not make request 'createHierarchicalScopes'
+    if (context?.subject?.token &&
+      _.isEmpty(context.subject.hierarchical_scopes)) {
+      context = await this.createHRScope(context);
+    }
     let obligations: Attribute[] = [];
     for (let [, value] of this.policySets) {
       let pSet: PolicySetRQ;
@@ -779,11 +791,6 @@ export class AccessController {
   private async checkSubjectMatches(ruleSubAttributes: Attribute[],
     requestSubAttributes: Attribute[], request: Request): Promise<boolean> {
     let context = (request as any)?.context as ContextWithSubResolved;
-    // check if context subject_id contains HR scope if not make request 'createHierarchicalScopes'
-    if (context?.subject?.token &&
-      _.isEmpty(context.subject.hierarchical_scopes)) {
-      context = await this.createHRScope(context);
-    }
     // Just check the Role value matches here in subject
     const roleURN = this.urns.get('role');
     let ruleRole: string;