From c92b82a33f689c15ebacd850228dc2511fa1b230 Mon Sep 17 00:00:00 2001
From: lprimak <lenny@flowlogix.com>
Date: Sun, 3 Sep 2023 13:48:45 -0500
Subject: [PATCH] enh: make assertAuthorized() method more readable fixes #1057

---
 .../shiro/authz/aop/PermissionAnnotationHandler.java       | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/org/apache/shiro/authz/aop/PermissionAnnotationHandler.java b/core/src/main/java/org/apache/shiro/authz/aop/PermissionAnnotationHandler.java
index 839b47333c..a463123ad7 100644
--- a/core/src/main/java/org/apache/shiro/authz/aop/PermissionAnnotationHandler.java
+++ b/core/src/main/java/org/apache/shiro/authz/aop/PermissionAnnotationHandler.java
@@ -81,7 +81,12 @@ public void assertAuthorized(Annotation a) throws AuthorizationException {
         if (Logical.OR.equals(rpAnnotation.logical())) {
             // Avoid processing exceptions unnecessarily - "delay" throwing the exception by calling hasRole first
             boolean hasAtLeastOnePermission = false;
-            for (String permission : perms) if (getSubject().isPermitted(permission)) hasAtLeastOnePermission = true;
+            for (String permission : perms) {
+                if (getSubject().isPermitted(permission)) {
+                    hasAtLeastOnePermission = true;
+                    break;
+                }
+            }
             // Cause the exception if none of the role match, note that the exception message will be a bit misleading
             if (!hasAtLeastOnePermission) getSubject().checkPermission(perms[0]);