Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-14 17:26:22 +01:00
Code Issues Packages Projects Releases Activity

use ssp for user and repository permission checks

Browse Source
This commit is contained in:
Sebastian Sdorra
2016-12-06 22:04:13 +01:00
parent a5d2cfc7b1
commit 26ece65363
13 changed files with 70 additions and 776 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scm-webapp/src/main/java/sonia/scm/plugin/MultiParentClassLoader.java
View File

@@ -74,7 +74,7 @@ public class MultiParentClassLoader extends ClassLoader
public MultiParentClassLoader(Collection<? extends ClassLoader> parents)
{
super(null);
this.parents = new CopyOnWriteArrayList<>(parents);
this.parents = new CopyOnWriteArrayList<ClassLoader>(parents);
}
//~--- get methods ----------------------------------------------------------

2
scm-webapp/src/main/java/sonia/scm/repository/DefaultRepositoryManager.java
View File

@@ -35,6 +35,7 @@ package sonia.scm.repository;
//~--- non-JDK imports --------------------------------------------------------
import com.github.sdorra.ssp.PermissionActionCheck;
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import com.google.common.util.concurrent.ThreadFactoryBuilder;
@@ -53,7 +54,6 @@ import sonia.scm.SCMContextProvider;
import sonia.scm.Type;
import sonia.scm.config.ScmConfiguration;
import sonia.scm.security.KeyGenerator;
import sonia.scm.security.PermissionActionCheck;
import sonia.scm.util.AssertUtil;
import sonia.scm.util.CollectionAppender;
import sonia.scm.util.HttpUtil;

6
scm-webapp/src/main/java/sonia/scm/repository/HealthChecker.java
View File

@@ -33,6 +33,7 @@ package sonia.scm.repository;
//~--- non-JDK imports --------------------------------------------------------
import com.github.sdorra.ssp.PermissionActionCheck;
import com.google.common.collect.ImmutableList;
import com.google.inject.Inject;
@@ -43,7 +44,6 @@ import org.slf4j.LoggerFactory;
import java.io.IOException;
import java.util.Set;
import sonia.scm.security.PermissionActionCheck;
/**
*
@@ -91,7 +91,7 @@ public final class HealthChecker
public void check(String id)
throws RepositoryNotFoundException, RepositoryException, IOException
{
RepositoryPermissions.healthCheck(id);
RepositoryPermissions.healthCheck(id).check();
Repository repository = repositoryManager.get(id);
@@ -116,7 +116,7 @@ public final class HealthChecker
public void check(Repository repository)
throws RepositoryException, IOException
{
RepositoryPermissions.healthCheck(repository);
RepositoryPermissions.healthCheck(repository).check();
doCheck(repository);
}

93
scm-webapp/src/main/java/sonia/scm/user/DefaultUserManager.java
View File

@@ -35,12 +35,10 @@ package sonia.scm.user;
//~--- non-JDK imports --------------------------------------------------------
import com.github.sdorra.ssp.PermissionActionCheck;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -49,12 +47,9 @@ import sonia.scm.SCMContextProvider;
import sonia.scm.TransformFilter;
import sonia.scm.search.SearchRequest;
import sonia.scm.search.SearchUtil;
import sonia.scm.security.Role;
import sonia.scm.security.ScmSecurityException;
import sonia.scm.util.AssertUtil;
import sonia.scm.util.CollectionAppender;
import sonia.scm.util.IOUtil;
import sonia.scm.util.SecurityUtil;
import sonia.scm.util.Util;
//~--- JDK imports ------------------------------------------------------------
@@ -99,10 +94,6 @@ public class DefaultUserManager extends AbstractUserManager
/**
* Constructs ...
*
<<<<<<< mine
=======
*
>>>>>>> theirs
* @param userDAO
*/
@Inject
@@ -164,17 +155,7 @@ public class DefaultUserManager extends AbstractUserManager
logger.info("create user {} of type {}", user.getName(), user.getType());
}
Subject subject = SecurityUtils.getSubject();
if (!subject.hasRole(Role.USER))
{
throw new ScmSecurityException("user is not authenticated");
}
if (!subject.hasRole(Role.ADMIN))
{
throw new ScmSecurityException("admin account is required");
}
UserPermissions.create().check();
if (userDAO.contains(user.getName()))
{
@@ -205,9 +186,8 @@ public class DefaultUserManager extends AbstractUserManager
logger.info("delete user {} of type {}", user.getName(), user.getType());
}
SecurityUtil.assertIsAdmin();
String name = user.getName();
UserPermissions.delete(name).check();
if (userDAO.contains(name))
{
@@ -250,28 +230,13 @@ public class DefaultUserManager extends AbstractUserManager
@Override
public void modify(User user) throws UserException, IOException
{
String name = user.getName();
if (logger.isInfoEnabled())
{
logger.info("modify user {} of type {}", user.getName(), user.getType());
}
Subject subject = SecurityUtils.getSubject();
if (!subject.isAuthenticated())
{
throw new ScmSecurityException("user is not authenticated");
}
User currentUser = subject.getPrincipals().oneByType(User.class);
if (!user.getName().equals(currentUser.getName())
&&!subject.hasRole(Role.ADMIN))
{
throw new ScmSecurityException("admin account is required");
}
String name = user.getName();
UserPermissions.modify(user).check();
User oldUser = userDAO.get(name);
if (oldUser != null)
@@ -305,8 +270,7 @@ public class DefaultUserManager extends AbstractUserManager
logger.info("refresh user {} of type {}", user.getName(), user.getType());
}
SecurityUtil.assertIsAdmin();
UserPermissions.read(user).check();
User fresh = userDAO.get(user.getName());
if (fresh == null)
@@ -333,24 +297,23 @@ public class DefaultUserManager extends AbstractUserManager
logger.debug("search user with query {}", searchRequest.getQuery());
}
return SearchUtil.search(searchRequest, userDAO.getAll(),
new TransformFilter<User>()
{
final PermissionActionCheck<User> check = UserPermissions.read();
return SearchUtil.search(searchRequest, userDAO.getAll(), new TransformFilter<User>() {
@Override
public User accept(User user)
{
User result = null;
if (SearchUtil.matchesOne(searchRequest, user.getName(),
user.getDisplayName(), user.getMail()))
{
if (check.isPermitted(user) && matches(searchRequest, user)) {
result = user.clone();
}
return result;
}
});
}
private boolean matches(SearchRequest searchRequest, User user) {
return SearchUtil.matchesOne(searchRequest, user.getName(), user.getDisplayName(), user.getMail());
}
//~--- get methods ----------------------------------------------------------
@@ -365,8 +328,8 @@ public class DefaultUserManager extends AbstractUserManager
@Override
public User get(String id)
{
// SecurityUtil.assertIsAdmin(scurityContextProvider);
UserPermissions.read().check(id);
User user = userDAO.get(id);
if (user != null)
@@ -400,17 +363,16 @@ public class DefaultUserManager extends AbstractUserManager
@Override
public Collection<User> getAll(Comparator<User> comparator)
{
SecurityUtil.assertIsAdmin();
List<User> users = new ArrayList<>();
List<User> users = new ArrayList<User>();
for (User user : userDAO.getAll())
{
users.add(user.clone());
PermissionActionCheck<User> check = UserPermissions.read();
for (User user : userDAO.getAll()) {
if (check.isPermitted(user)) {
users.add(user.clone());
}
}
if (comparator != null)
{
if (comparator != null) {
Collections.sort(users, comparator);
}
@@ -429,18 +391,17 @@ public class DefaultUserManager extends AbstractUserManager
* @return
*/
@Override
public Collection<User> getAll(Comparator<User> comaparator, int start,
int limit)
{
SecurityUtil.assertIsAdmin();
public Collection<User> getAll(Comparator<User> comaparator, int start, int limit) {
final PermissionActionCheck<User> check = UserPermissions.read();
return Util.createSubCollection(userDAO.getAll(), comaparator,
new CollectionAppender<User>()
{
@Override
public void append(Collection<User> collection, User item)
{
collection.add(item.clone());
if (check.isPermitted(item)) {
collection.add(item.clone());
}
}
}, start, limit);
}