Refactor

Signed-off-by: Ryan Liang <jiallian@amazon.com>
RyanL1997 · Oct 30, 2023 · 2323a4a · 2323a4a
1 parent 3a22b79
commit 2323a4a
Showing 1 changed file with 12 additions and 21 deletions.
diff --git a/src/main/java/org/opensearch/security/privileges/SecurityIndexAccessEvaluator.java b/src/main/java/org/opensearch/security/privileges/SecurityIndexAccessEvaluator.java
@@ -253,30 +253,21 @@ private void evaluateSystemIndicesAccess(
         boolean serviceAccountUser = user.isServiceAccount();
 
         if (isSystemIndexPermissionEnabled) {
-            if (serviceAccountUser) {
-                if (!containsSystemIndex && containsRegularIndex) {
-                    auditLog.logSecurityIndexAttempt(request, action, task);
-                    if (log.isInfoEnabled()) {
-                        log.info("{} not permitted for a service account {} on non-system indices.", action, securityRoles);
-                    }
-                    presponse.allowed = false;
-                    presponse.markComplete();
-                    return;
-                } else if (containsSystemIndex && containsRegularIndex) {
-                    if (log.isDebugEnabled()) {
-                        List<String> regularIndices = requestedResolved.getAllIndices()
+            if (serviceAccountUser && containsRegularIndex) {
+                auditLog.logSecurityIndexAttempt(request, action, task);
+                if (!containsSystemIndex && log.isInfoEnabled()) {
+                    log.info("{} not permitted for a service account {} on non-system indices.", action, securityRoles);
+                } else if (containsSystemIndex && log.isDebugEnabled()) {
+                    List<String> regularIndices = requestedResolved.getAllIndices()
                             .stream()
-                            .filter(
-                                index -> !getAllSystemIndices(requestedResolved).contains(index)
-                                    && !getAllProtectedSystemIndices(requestedResolved).contains(index)
-                            )
+                            .filter(index -> !getAllSystemIndices(requestedResolved).contains(index)
+                                    && !getAllProtectedSystemIndices(requestedResolved).contains(index))
                             .collect(Collectors.toList());
-                        log.debug("Service account cannot access regular indices: {}", regularIndices);
-                    }
-                    presponse.allowed = false;
-                    presponse.markComplete();
-                    return;
+                    log.debug("Service account cannot access regular indices: {}", regularIndices);
                 }
+                presponse.allowed = false;
+                presponse.markComplete();
+                return;
             }
             boolean containsProtectedIndex = requestContainsAnyProtectedSystemIndices(requestedResolved);
             if (containsProtectedIndex) {