From 52d0262a0686ed103056b9a9d7aa08f0becc747e Mon Sep 17 00:00:00 2001
From: pieterlukasse <pieterlukasse@gmail.com>
Date: Wed, 31 Jul 2024 15:50:12 +0200
Subject: [PATCH] fix: do not use session for teamproject role management

---
 .../ohdsi/webapi/shiro/PermissionManager.java   | 17 +++--------------
 1 file changed, 3 insertions(+), 14 deletions(-)

diff --git a/src/main/java/org/ohdsi/webapi/shiro/PermissionManager.java b/src/main/java/org/ohdsi/webapi/shiro/PermissionManager.java
index 239ba58a1..ab8a5909f 100644
--- a/src/main/java/org/ohdsi/webapi/shiro/PermissionManager.java
+++ b/src/main/java/org/ohdsi/webapi/shiro/PermissionManager.java
@@ -83,7 +83,7 @@ public class PermissionManager {
   
   private ThreadLocal<ConcurrentHashMap<String, UserSimpleAuthorizationInfo>> authorizationInfoCache = ThreadLocal.withInitial(ConcurrentHashMap::new);
 
-  private Map<AbstractMap.SimpleEntry<String,String>, String> teamProjectRoles = new HashMap<>();
+  private Map<String, String> teamProjectRoles = new HashMap<>();
 
   public static class PermissionsDTO {
 
@@ -658,25 +658,14 @@ public boolean roleExists(String roleName) {
     return this.roleRepository.existsByName(roleName);
   }
 
-  private String getCurrentUserSessionId() {
-    Subject subject = SecurityUtils.getSubject();
-    return subject.getSession(false).getId().toString();
-  }
-
-  private AbstractMap.SimpleEntry<String,String> getCurrentUserAndSessionTuple() {
-    AbstractMap.SimpleEntry<String, String> userAndSessionTuple = new AbstractMap.SimpleEntry<>
-      (getCurrentUser().getLogin(), getCurrentUserSessionId());
-    return userAndSessionTuple;
-  }
-
   public void setCurrentTeamProjectRoleForCurrentUser(String teamProjectRole, String login) {
     logger.debug("Current user in setCurrentTeamProjectRoleForCurrentUser() {}", login);
-    this.teamProjectRoles.put(getCurrentUserAndSessionTuple(), teamProjectRole);
+    this.teamProjectRoles.put(getCurrentUser().getLogin(), teamProjectRole);
   }
 
   public RoleEntity getCurrentTeamProjectRoleForCurrentUser() {
     logger.debug("Current user in getCurrentTeamProjectRoleForCurrentUser(): {}", getCurrentUser().getLogin());
-    String teamProjectRole = this.teamProjectRoles.get(getCurrentUserAndSessionTuple());
+    String teamProjectRole = this.teamProjectRoles.get(getCurrentUser().getLogin());
     if (teamProjectRole == null) {
       return null;
     } else {