fix: return first request group straight away

atsareg · atsareg · commit 84c6a76f0747 · 2023-02-23T17:34:53.000+01:00
diff --git a/src/DIRAC/FrameworkSystem/API/AuthHandler.py b/src/DIRAC/FrameworkSystem/API/AuthHandler.py
@@ -437,6 +437,10 @@ def __researchDIRACGroup(self, extSession, chooseScope, state):
         provider = firstRequest.provider
         self.log.debug("The following groups found", f"for {username}: {', '.join(firstRequest.groups)}")
 
+        # If group is already defined in the first request, just return it as it was already validated
+        if firstRequest.groups:
+            return extSession["authed"], firstRequest
+
         # Look for DIRAC groups valid for the user
         result = getGroupsForUser(username)
         if not result["OK"]:
@@ -460,10 +464,6 @@ def __researchDIRACGroup(self, extSession, chooseScope, state):
 
         self.log.debug(f"The state of {username} user groups has been checked:", pprint.pformat(validGroups))
 
-        # If group already defined in first request, just return it
-        if firstRequest.groups:
-            return extSession["authed"], firstRequest
-
         # If not and we found only one valid group, apply this group
         if len(validGroups) == 1:
             firstRequest.addScopes([f"g:{validGroups[0]}"])
