Refactor user lookup during permission checking

No reason to do this on every ProjectRight object, the user is part
of the PatchSetApproval that was passed in as an argument.  It can't
change during the loop.

Change-Id: I6afcbeb0f6bf05e11c2334a37bb6a53f82a6dbb3
Signed-off-by: Shawn O. Pearce <sop@google.com>

src/main/java/com/google/gerrit/server/workflow/FunctionState.java

@@ -16,7 +16,6 @@ package com.google.gerrit.server.workflow;
 
 import com.google.gerrit.client.data.ApprovalType;
 import com.google.gerrit.client.data.ApprovalTypes;
-import com.google.gerrit.client.reviewdb.Account;
 import com.google.gerrit.client.reviewdb.AccountGroup;
 import com.google.gerrit.client.reviewdb.ApprovalCategory;
 import com.google.gerrit.client.reviewdb.ApprovalCategoryValue;
@@ -225,13 +224,14 @@ public class FunctionState {
    * If the record's value was modified, its automatically marked as dirty.
    */
   public void applyRightFloor(final PatchSetApproval a) {
+    final IdentifiedUser user = userFactory.create(a.getAccountId());
+
     // Find the maximal range actually granted to the user.
     //
     short minAllowed = 0, maxAllowed = 0;
     for (final ProjectRight r : getAllRights(a.getCategoryId())) {
-      final Account.Id who = a.getAccountId();
       final AccountGroup.Id grp = r.getAccountGroupId();
-      if (userFactory.create(who).getEffectiveGroups().contains(grp)) {
+      if (user.getEffectiveGroups().contains(grp)) {
         minAllowed = (short) Math.min(minAllowed, r.getMinValue());
         maxAllowed = (short) Math.max(maxAllowed, r.getMaxValue());
       }