From 479dc63af436358571a06ce69d26d63d0038c694 Mon Sep 17 00:00:00 2001
From: Shawn Tabrizi <shawntabrizi@gmail.com>
Date: Wed, 11 May 2022 07:27:26 -0400
Subject: [PATCH] Only read storage after origin check (#11391)

* only read storage after origin check

* fmt
---
 substrate/frame/nomination-pools/src/lib.rs | 23 ++++++++-------------
 1 file changed, 9 insertions(+), 14 deletions(-)

diff --git a/substrate/frame/nomination-pools/src/lib.rs b/substrate/frame/nomination-pools/src/lib.rs
index 017eac8ee2..0fff470eec 100644
--- a/substrate/frame/nomination-pools/src/lib.rs
+++ b/substrate/frame/nomination-pools/src/lib.rs
@@ -1854,21 +1854,16 @@ pub mod pallet {
 			nominator: Option<T::AccountId>,
 			state_toggler: Option<T::AccountId>,
 		) -> DispatchResult {
-			let o1 = origin;
-			let o2 = o1.clone();
-
-			let mut bonded_pool = BondedPool::<T>::get(pool_id).ok_or(Error::<T>::PoolNotFound)?;
-			let is_pool_root = || -> Result<(), sp_runtime::DispatchError> {
-				let who = ensure_signed(o1)?;
-				ensure!(bonded_pool.can_update_roles(&who), Error::<T>::DoesNotHavePermission);
-				Ok(())
+			let mut bonded_pool = match ensure_root(origin.clone()) {
+				Ok(()) => BondedPool::<T>::get(pool_id).ok_or(Error::<T>::PoolNotFound)?,
+				Err(frame_support::error::BadOrigin) => {
+					let who = ensure_signed(origin)?;
+					let bonded_pool =
+						BondedPool::<T>::get(pool_id).ok_or(Error::<T>::PoolNotFound)?;
+					ensure!(bonded_pool.can_update_roles(&who), Error::<T>::DoesNotHavePermission);
+					bonded_pool
+				},
 			};
-			let is_root = || -> Result<(), sp_runtime::DispatchError> {
-				ensure_root(o2)?;
-				Ok(())
-			};
-
-			let _ = is_root().or_else(|_| is_pool_root())?;
 
 			match root {
 				None => (),