check permission in RepositoryManager

2025-11-16 18:26:16 +01:00 · 2010-11-26 17:57:05 +01:00
parent 2fdc1d3a7e
commit 0bf318e0fa
13 changed files with 187 additions and 36 deletions
--- a/plugins/scm-git-plugin/src/main/java/sonia/scm/web/GitPermissionFilter.java
+++ b/plugins/scm-git-plugin/src/main/java/sonia/scm/web/GitPermissionFilter.java
@@ -42,7 +42,7 @@ import com.google.inject.Singleton;
 import sonia.scm.repository.GitRepositoryHandler;
 import sonia.scm.repository.RepositoryManager;
 import sonia.scm.web.filter.RegexPermissionFilter;
-import sonia.scm.web.security.SecurityContext;
+import sonia.scm.web.security.WebSecurityContext;
 //~--- JDK imports ------------------------------------------------------------
@@ -70,7 +70,7 @@ public class GitPermissionFilter extends RegexPermissionFilter
   * @param repositoryManager
   */
  @Inject
-  public GitPermissionFilter(Provider<SecurityContext> securityContextProvider,
+  public GitPermissionFilter(Provider<WebSecurityContext> securityContextProvider,
                             RepositoryManager repositoryManager)
  {
    super(securityContextProvider, repositoryManager);
--- a/plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgPermissionFilter.java
+++ b/plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgPermissionFilter.java
@@ -44,7 +44,7 @@ import sonia.scm.repository.Repository;
 import sonia.scm.repository.RepositoryManager;
 import sonia.scm.web.filter.PermissionFilter;
 import sonia.scm.web.filter.RegexPermissionFilter;
-import sonia.scm.web.security.SecurityContext;
+import sonia.scm.web.security.WebSecurityContext;
 //~--- JDK imports ------------------------------------------------------------
@@ -66,7 +66,7 @@ public class HgPermissionFilter extends RegexPermissionFilter
   * @param repositoryManager
   */
  @Inject
-  public HgPermissionFilter(Provider<SecurityContext> securityContextProvider,
+  public HgPermissionFilter(Provider<WebSecurityContext> securityContextProvider,
                            RepositoryManager repositoryManager)
  {
    super(securityContextProvider, repositoryManager);
--- a/plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnPermissionFilter.java
+++ b/plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnPermissionFilter.java
@@ -44,7 +44,7 @@ import sonia.scm.repository.RepositoryManager;
 import sonia.scm.repository.SvnRepositoryHandler;
 import sonia.scm.web.filter.PermissionFilter;
 import sonia.scm.web.filter.RegexPermissionFilter;
-import sonia.scm.web.security.SecurityContext;
+import sonia.scm.web.security.WebSecurityContext;
 //~--- JDK imports ------------------------------------------------------------
@@ -79,7 +79,7 @@ public class SvnPermissionFilter extends RegexPermissionFilter
   * @param repositoryManager
   */
  @Inject
-  public SvnPermissionFilter(Provider<SecurityContext> securityContextProvider,
+  public SvnPermissionFilter(Provider<WebSecurityContext> securityContextProvider,
                             RepositoryManager repositoryManager)
  {
    super(securityContextProvider, repositoryManager);
--- a/scm-core/src/main/java/sonia/scm/repository/xml/XmlRepositoryManager.java
+++ b/scm-core/src/main/java/sonia/scm/repository/xml/XmlRepositoryManager.java
@@ -36,6 +36,7 @@ package sonia.scm.repository.xml;
 //~--- non-JDK imports --------------------------------------------------------
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import com.google.inject.Singleton;
 import org.slf4j.Logger;
@@ -47,11 +48,15 @@ import sonia.scm.SCMContext;
 import sonia.scm.SCMContextProvider;
 import sonia.scm.Type;
 import sonia.scm.repository.AbstractRepositoryManager;
 import sonia.scm.repository.PermissionType;
 import sonia.scm.repository.PermissionUtil;
 import sonia.scm.repository.Repository;
 import sonia.scm.repository.RepositoryAllreadyExistExeption;
 import sonia.scm.repository.RepositoryException;
 import sonia.scm.repository.RepositoryHandler;
 import sonia.scm.repository.RepositoryHandlerNotFoundException;
 import sonia.scm.security.SecurityContext;
 import sonia.scm.user.User;
 import sonia.scm.util.AssertUtil;
 import sonia.scm.util.IOUtil;
@@ -92,11 +97,16 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
   * Constructs ...
   *
   *
   *
   * @param securityContextProvider
   * @param handlerSet
   */
  @Inject
-  public XmlRepositoryManager(Set<RepositoryHandler> handlerSet)
+  public XmlRepositoryManager(
          Provider<SecurityContext> securityContextProvider,
          Set<RepositoryHandler> handlerSet)
  {
    this.securityContextProvider = securityContextProvider;
    handlerMap = new HashMap<String, RepositoryHandler>();
    types = new HashSet<Type>();
@@ -142,6 +152,7 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
                  repository.getType());
    }
    assertIsAdmin();
    AssertUtil.assertIsValid(repository);
    if (repositoryDB.contains(repository))
@@ -181,6 +192,8 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
                  repository.getType());
    }
    assertIsOwner(repository);
    if (repositoryDB.contains(repository))
    {
      getHandler(repository).delete(repository);
@@ -244,6 +257,7 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
                  repository.getType());
    }
    assertIsOwner(repository);
    AssertUtil.assertIsValid(repository);
    if (repositoryDB.contains(repository))
@@ -281,6 +295,7 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
          throws RepositoryException, IOException
  {
    AssertUtil.assertIsNotNull(repository);
    assertIsReader(repository);
    Repository fresh = repositoryDB.get(repository.getType(),
                         repository.getName());
@@ -315,6 +330,7 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
    if (repository != null)
    {
      assertIsReader(repository);
      repository = repository.clone();
    }
@@ -339,9 +355,16 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
    Repository repository = repositoryDB.get(type, name);
    if (repository != null)
    {
      if (isReader(repository))
      {
        repository = repository.clone();
      }
      else
      {
        repository = null;
      }
    }
    return repository;
  }
@@ -358,9 +381,12 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
    LinkedList<Repository> repositories = new LinkedList<Repository>();
    for (Repository repository : repositoryDB.values())
    {
      if (isReader(repository))
      {
        repositories.add(repository.clone());
      }
    }
    return repositories;
  }
@@ -424,6 +450,44 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
    types.add(type);
  }
  /**
   * Method description
   *
   *
   * @throws RepositoryException
   */
  private void assertIsAdmin() throws RepositoryException
  {
    if (!getCurrentUser().isAdmin())
    {
      throw new RepositoryException("admin permsission required");
    }
  }
  /**
   * Method description
   *
   *
   * @param repository
   */
  private void assertIsOwner(Repository repository)
  {
    PermissionUtil.assertPermission(repository, getCurrentUser(),
                                    PermissionType.OWNER);
  }
  /**
   * Method description
   *
   *
   * @param repository
   */
  private void assertIsReader(Repository repository)
  {
    PermissionUtil.assertPermission(repository, getCurrentUser(),
                                    PermissionType.READ);
  }
  /**
   * Method description
   *
@@ -446,6 +510,25 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
  //~--- get methods ----------------------------------------------------------
  /**
   * Method description
   *
   *
   * @return
   */
  private User getCurrentUser()
  {
    SecurityContext context = securityContextProvider.get();
    AssertUtil.assertIsNotNull(context);
    User user = context.getUser();
    AssertUtil.assertIsNotNull(user);
    return user;
  }
  /**
   * Method description
   *
@@ -476,6 +559,20 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
    return handler;
  }
  /**
   * Method description
   *
   *
   * @param repository
   *
   * @return
   */
  private boolean isReader(Repository repository)
  {
    return PermissionUtil.hasPermission(repository, getCurrentUser(),
            PermissionType.READ);
  }
  //~--- fields ---------------------------------------------------------------
  /** Field description */
@@ -487,6 +584,9 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
  /** Field description */
  private File repositoryDBFile;
  /** Field description */
  private Provider<SecurityContext> securityContextProvider;
  /** Field description */
  private Set<Type> types;
 }
--- a/scm-core/src/main/java/sonia/scm/security/SecurityContext.java
+++ b/scm-core/src/main/java/sonia/scm/security/SecurityContext.java
@@ -0,0 +1,54 @@
 /**
 * Copyright (c) 2010, Sebastian Sdorra
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * 1. Redistributions of source code must retain the above copyright notice,
 *    this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright notice,
 *    this list of conditions and the following disclaimer in the documentation
 *    and/or other materials provided with the distribution.
 * 3. Neither the name of SCM-Manager; nor the names of its
 *    contributors may be used to endorse or promote products derived from this
 *    software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * http://bitbucket.org/sdorra/scm-manager
 *
 */
 package sonia.scm.security;
 //~--- non-JDK imports --------------------------------------------------------
 import sonia.scm.user.User;
 /**
 *
 * @author Sebastian Sdorra
 */
 public interface SecurityContext
 {
  /**
   * Method description
   *
   *
   * @return
   */
  public User getUser();
 }
--- a/scm-web-api/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java
+++ b/scm-web-api/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java
@@ -39,7 +39,7 @@ import com.google.inject.Singleton;
 import sonia.scm.user.User;
 import sonia.scm.util.Util;
-import sonia.scm.web.security.SecurityContext;
+import sonia.scm.web.security.WebSecurityContext;
 //~--- JDK imports ------------------------------------------------------------
@@ -91,7 +91,7 @@ public class BasicAuthenticationFilter extends HttpFilter
   */
  @Inject
  public BasicAuthenticationFilter(
-          Provider<SecurityContext> securityContextProvider)
+          Provider<WebSecurityContext> securityContextProvider)
  {
    this.securityContextProvider = securityContextProvider;
  }
@@ -114,7 +114,7 @@ public class BasicAuthenticationFilter extends HttpFilter
                          HttpServletResponse response, FilterChain chain)
          throws IOException, ServletException
  {
-    SecurityContext securityContext = securityContextProvider.get();
+    WebSecurityContext securityContext = securityContextProvider.get();
    User user = null;
    if (securityContext != null)
@@ -179,5 +179,5 @@ public class BasicAuthenticationFilter extends HttpFilter
  //~--- fields ---------------------------------------------------------------
  /** Field description */
-  private Provider<SecurityContext> securityContextProvider;
+  private Provider<WebSecurityContext> securityContextProvider;
 }
--- a/scm-web-api/src/main/java/sonia/scm/web/filter/PermissionFilter.java
+++ b/scm-web-api/src/main/java/sonia/scm/web/filter/PermissionFilter.java
@@ -45,7 +45,7 @@ import sonia.scm.repository.PermissionUtil;
 import sonia.scm.repository.Repository;
 import sonia.scm.user.User;
 import sonia.scm.util.AssertUtil;
-import sonia.scm.web.security.SecurityContext;
+import sonia.scm.web.security.WebSecurityContext;
 //~--- JDK imports ------------------------------------------------------------
@@ -75,7 +75,7 @@ public abstract class PermissionFilter extends HttpFilter
   *
   * @param securityContextProvider
   */
-  public PermissionFilter(Provider<SecurityContext> securityContextProvider)
+  public PermissionFilter(Provider<WebSecurityContext> securityContextProvider)
  {
    this.securityContextProvider = securityContextProvider;
  }
@@ -120,7 +120,7 @@ public abstract class PermissionFilter extends HttpFilter
                          HttpServletResponse response, FilterChain chain)
          throws IOException, ServletException
  {
-    SecurityContext securityContext = securityContextProvider.get();
+    WebSecurityContext securityContext = securityContextProvider.get();
    AssertUtil.assertIsNotNull(securityContext);
@@ -179,5 +179,5 @@ public abstract class PermissionFilter extends HttpFilter
  //~--- fields ---------------------------------------------------------------
  /** Field description */
-  protected Provider<SecurityContext> securityContextProvider;
+  protected Provider<WebSecurityContext> securityContextProvider;
 }
--- a/scm-web-api/src/main/java/sonia/scm/web/filter/RegexPermissionFilter.java
+++ b/scm-web-api/src/main/java/sonia/scm/web/filter/RegexPermissionFilter.java
@@ -39,7 +39,7 @@ import com.google.inject.Provider;
 import sonia.scm.repository.Repository;
 import sonia.scm.repository.RepositoryManager;
-import sonia.scm.web.security.SecurityContext;
+import sonia.scm.web.security.WebSecurityContext;
 //~--- JDK imports ------------------------------------------------------------
@@ -69,7 +69,7 @@ public abstract class RegexPermissionFilter extends PermissionFilter
   * @param repositoryManager
   */
  public RegexPermissionFilter(
-          Provider<SecurityContext> securityContextProvider,
+          Provider<WebSecurityContext> securityContextProvider,
          RepositoryManager repositoryManager)
  {
    super(securityContextProvider);
--- a/scm-web-api/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
+++ b/scm-web-api/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
@@ -48,7 +48,7 @@ import javax.servlet.http.HttpServletResponse;
 * @author Sebastian Sdorra
 */
@SessionScoped
-public class BasicSecurityContext implements SecurityContext
+public class BasicSecurityContext implements WebSecurityContext
 {
  /**
--- a/scm-web-api/src/main/java/sonia/scm/web/security/WebSecurityContext.java
+++ b/scm-web-api/src/main/java/sonia/scm/web/security/WebSecurityContext.java
@@ -29,10 +29,13 @@
 *
 */
 package sonia.scm.web.security;
 //~--- non-JDK imports --------------------------------------------------------
 import sonia.scm.security.SecurityContext;
 import sonia.scm.user.User;
 //~--- JDK imports ------------------------------------------------------------
@@ -44,7 +47,7 @@ import javax.servlet.http.HttpServletResponse;
 *
 * @author Sebastian Sdorra
 */
-public interface SecurityContext
+public interface WebSecurityContext extends SecurityContext
 {
  /**
@@ -73,14 +76,6 @@ public interface SecurityContext
  //~--- get methods ----------------------------------------------------------
  /**
   * Method description
   *
   *
   * @return
   */
  public User getUser();
  /**
   * Method description
   *
--- a/scm-webapp/src/main/java/sonia/scm/ScmServletModule.java
+++ b/scm-webapp/src/main/java/sonia/scm/ScmServletModule.java
@@ -62,7 +62,7 @@ import sonia.scm.web.plugin.ScmWebPluginContext;
 import sonia.scm.web.plugin.SecurityConfig;
 import sonia.scm.web.security.Authenticator;
 import sonia.scm.web.security.BasicSecurityContext;
-import sonia.scm.web.security.SecurityContext;
+import sonia.scm.web.security.WebSecurityContext;
 import sonia.scm.web.security.XmlAuthenticator;
 //~--- JDK imports ------------------------------------------------------------
@@ -81,6 +81,7 @@ import java.util.Map;
 import java.util.Set;
 import javax.xml.bind.JAXB;
 import sonia.scm.security.SecurityContext;
 /**
 *
@@ -161,6 +162,7 @@ public class ScmServletModule extends ServletModule
    // bind(EncryptionHandler.class).to(MessageDigestEncryptionHandler.class);
    // bind(Authenticator.class).to(XmlAuthenticator.class);
    bind(SecurityContext.class).to(BasicSecurityContext.class);
    bind(WebSecurityContext.class).to(BasicSecurityContext.class);
    loadPlugins(pluginManager);
    bind(CacheManager.class).to(EhCacheManager.class);
--- a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AuthenticationResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AuthenticationResource.java
@@ -45,7 +45,7 @@ import sonia.scm.ScmState;
 import sonia.scm.Type;
 import sonia.scm.repository.RepositoryManager;
 import sonia.scm.user.User;
-import sonia.scm.web.security.SecurityContext;
+import sonia.scm.web.security.WebSecurityContext;
 //~--- JDK imports ------------------------------------------------------------
@@ -193,5 +193,5 @@ public class AuthenticationResource
  /** Field description */
  @Inject
-  private SecurityContext securityContext;
+  private WebSecurityContext securityContext;
 }
--- a/scm-webapp/src/main/java/sonia/scm/filter/SecurityFilter.java
+++ b/scm-webapp/src/main/java/sonia/scm/filter/SecurityFilter.java
@@ -39,7 +39,7 @@ import com.google.inject.Singleton;
 import sonia.scm.web.filter.HttpFilter;
 import sonia.scm.web.filter.SecurityHttpServletRequestWrapper;
-import sonia.scm.web.security.SecurityContext;
+import sonia.scm.web.security.WebSecurityContext;
 //~--- JDK imports ------------------------------------------------------------
@@ -70,7 +70,7 @@ public class SecurityFilter extends HttpFilter
   * @param securityContextProvider
   */
  @Inject
-  public SecurityFilter(Provider<SecurityContext> securityContextProvider)
+  public SecurityFilter(Provider<WebSecurityContext> securityContextProvider)
  {
    this.securityContextProvider = securityContextProvider;
  }
@@ -93,7 +93,7 @@ public class SecurityFilter extends HttpFilter
                          HttpServletResponse response, FilterChain chain)
          throws IOException, ServletException
  {
-    SecurityContext securityContext = securityContextProvider.get();
+    WebSecurityContext securityContext = securityContextProvider.get();
    if (securityContext != null)
    {
@@ -126,5 +126,5 @@ public class SecurityFilter extends HttpFilter
  //~--- fields ---------------------------------------------------------------
  /** Field description */
-  private Provider<SecurityContext> securityContextProvider;
+  private Provider<WebSecurityContext> securityContextProvider;
 }