use ssp for user and repository permission checks

2025-11-08 14:35:45 +01:00 · 2016-12-06 22:04:13 +01:00
parent a5d2cfc7b1
commit 26ece65363
13 changed files with 70 additions and 776 deletions
--- a/pom.xml
+++ b/pom.xml
@@ -83,6 +83,15 @@
      <url>http://maven.scm-manager.org/nexus/content/groups/public</url>
    </repository>
    
+    <repository>
+      <id>ossrh</id>
+      <url>https://oss.sonatype.org/content/repositories/snapshots</url>
+      <snapshots>
+        <enabled>true</enabled>
+        <updatePolicy>daily</updatePolicy>
+      </snapshots>
+    </repository>
+
  </repositories>

  <pluginRepositories>
@@ -493,6 +502,7 @@
    <jetty.version>9.2.10.v20150310</jetty.version>

    <!-- security libraries -->
+    <ssp.version>1.0.0-SNAPSHOT</ssp.version>
    <shiro.version>1.2.3</shiro.version>

    <!-- repostitory libraries -->
--- a/scm-core/pom.xml
+++ b/scm-core/pom.xml
@@ -114,6 +114,19 @@
      <scope>provided</scope>
    </dependency>
    
+    <dependency>
+      <groupId>com.github.sdorra</groupId>
+      <artifactId>ssp-lib</artifactId>
+      <version>${ssp.version}</version>
+    </dependency>
+
+    <dependency>
+      <groupId>com.github.sdorra</groupId>
+      <artifactId>ssp-processor</artifactId>
+      <version>${ssp.version}</version>
+      <optional>true</optional>
+    </dependency>
+    
    <!-- test -->
    
    <dependency>
--- a/scm-core/src/main/java/sonia/scm/group/Group.java
+++ b/scm-core/src/main/java/sonia/scm/group/Group.java
@@ -35,6 +35,8 @@ package sonia.scm.group;

 //~--- non-JDK imports --------------------------------------------------------

+import com.github.sdorra.ssp.PermissionObject;
+import com.github.sdorra.ssp.StaticPermissions;
 import com.google.common.base.Objects;
 import com.google.common.collect.Lists;

@@ -60,10 +62,11 @@ import javax.xml.bind.annotation.XmlRootElement;
 *
 * @author Sebastian Sdorra
 */
+@StaticPermissions("group")
@XmlRootElement(name = "groups")
@XmlAccessorType(XmlAccessType.FIELD)
 public class Group extends BasicPropertiesAware
-  implements ModelObject, Iterable<String>
+  implements ModelObject, Iterable<String>, PermissionObject
 {

  /** Field description */
--- a/scm-core/src/main/java/sonia/scm/repository/Repository.java
+++ b/scm-core/src/main/java/sonia/scm/repository/Repository.java
@@ -35,6 +35,8 @@ package sonia.scm.repository;

 //~--- non-JDK imports --------------------------------------------------------

+import com.github.sdorra.ssp.PermissionObject;
+import com.github.sdorra.ssp.StaticPermissions;
 import com.google.common.base.Objects;
 import com.google.common.collect.Lists;

@@ -61,9 +63,13 @@ import javax.xml.bind.annotation.XmlRootElement;
 *
 * @author Sebastian Sdorra
 */
+@StaticPermissions(
+  value = "repository", 
+  permissions = {"read", "write", "modify", "delete", "healthCheck"}
+)
@XmlAccessorType(XmlAccessType.FIELD)
@XmlRootElement(name = "repositories")
-public class Repository extends BasicPropertiesAware implements ModelObject
+public class Repository extends BasicPropertiesAware implements ModelObject, PermissionObject
 {

  /** Field description */
--- a/scm-core/src/main/java/sonia/scm/repository/RepositoryPermissions.java
+++ b/scm-core/src/main/java/sonia/scm/repository/RepositoryPermissions.java
@@ -1,272 +0,0 @@
-/**
- * Copyright (c) 2014, Sebastian Sdorra All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer. 2. Redistributions in
- * binary form must reproduce the above copyright notice, this list of
- * conditions and the following disclaimer in the documentation and/or other
- * materials provided with the distribution. 3. Neither the name of SCM-Manager;
- * nor the names of its contributors may be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
- * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * http://bitbucket.org/sdorra/scm-manager
- *
- */
-
-
-
-package sonia.scm.repository;
-
-//~--- non-JDK imports --------------------------------------------------------
-
-import sonia.scm.security.PermissionActionCheck;
-import sonia.scm.security.PermissionCheck;
-
-/**
- * Permission checks for repository related permissions.
- *
- * @author Sebastian Sdorra
- * @since 2.0.0
- */
-public final class RepositoryPermissions
-{
-
-  /** create permission */
-  public static final String ACTION_CREATE = "create";
-
-  /** delete permission */
-  public static final String ACTION_DELETE = "delete";
-
-  /** modify permission */
-  public static final String ACTION_MODIFY = "modify";
-
-  /** health check permission implies modify permission */
-  public static final String ACTION_HC = "hc,".concat(ACTION_MODIFY);
-
-  /** read permission */
-  public static final String ACTION_READ = "read";
-
-  /** write permission */
-  public static final String ACTION_WRITE = "write";
-
-  /** permission separator */
-  public static final String SEPARATOR = ":";
-  
-  /** permission action separator */
-  public static final String SEPERATOR_ACTION = ",";
-
-  /** permission main type */
-  public static final String TYPE = "repository";
-
-  //~--- constructors ---------------------------------------------------------
-
-  private RepositoryPermissions() {}
-
-  //~--- methods --------------------------------------------------------------
-
-  /**
-   * Returns permission check for create action.
-   *
-   * @return permission check for create action
-   */
-  public static PermissionCheck create()
-  {
-    return check(ACTION_CREATE);
-  }
-
-  /**
-   * Returns permission check for delete action.
-   *
-   * @param r repository for permission check
-   *
-   * @return permission check for delete action
-   */
-  public static PermissionCheck delete(Repository r)
-  {
-    return delete(r.getId());
-  }
-
-  /**
-   * Returns permission check for delete action.
-   *
-   * @param id id of repository for permission check
-   *
-   * @return permission check for delete action
-   */
-  public static PermissionCheck delete(String id)
-  {
-    return check(ACTION_DELETE.concat(SEPARATOR).concat(id));
-  }
-
-  /**
-   * Returns permission action check for delete action.
-   *
-   * @return permission action check for delete action
-   */
-  public static PermissionActionCheck<Repository> delete()
-  {
-    return actionCheck(ACTION_DELETE);
-  }
-
-  /**
-   * Returns permission check for health check action.
-   *
-   * @param id id of repository for permission check
-   *
-   * @return permission check for health check action
-   */
-  public static PermissionCheck healthCheck(String id)
-  {
-    return check(ACTION_HC.concat(SEPARATOR).concat(id));
-  }
-
-  /**
-   * Returns permission action check for health check action.
-   *
-   * @return permission action check for health check action.
-   */
-  public static PermissionActionCheck<Repository> healthCheck()
-  {
-    return new PermissionActionCheck<>(
-      TYPE.concat(SEPARATOR).concat(ACTION_HC));
-  }
-
-  /**
-   * Returns permission check for health check action.
-   *
-   * @param r repository for permission check
-   *
-   * @return permission check for health check action
-   */
-  public static PermissionCheck healthCheck(Repository r)
-  {
-    return healthCheck(r.getId());
-  }
-
-  /**
-   * Returns permission action check for modify action.
-   *
-   * @param r repository for permission check
-   *
-   * @return permission action check for modify action
-   */
-  public static PermissionCheck modify(Repository r)
-  {
-    return modify(r.getId());
-  }
-
-  /**
-   * Returns permission action check for modify action.
-   *
-   *
-   * @param id id of repository for permission check
-   *
-   * @return permission action check for modify action
-   */
-  public static PermissionCheck modify(String id)
-  {
-    return check(ACTION_MODIFY.concat(SEPARATOR).concat(id));
-  }
-
-  /**
-   * Returns permission action check for modify action.
-   *
-   * @return permission action check for modify action
-   */
-  public static PermissionActionCheck<Repository> modify()
-  {
-    return actionCheck(ACTION_MODIFY);
-  }
-
-  /**
-   * Returns permission check for read action.
-   *
-   * @param id id of repository for permission check
-   *
-   * @return permission check for read action
-   */
-  public static PermissionCheck read(String id)
-  {
-    return check(ACTION_READ.concat(SEPARATOR).concat(id));
-  }
-
-  /**
-   * Returns permission check for read action.
-   *
-   * @param r repository for permission check
-   *
-   * @return permission check for read action
-   */
-  public static PermissionCheck read(Repository r)
-  {
-    return read(r.getId());
-  }
-
-  /**
-   * Returns permission action check for read action.
-   *
-   * @return permission action check for read action
-   */
-  public static PermissionActionCheck<Repository> read()
-  {
-    return actionCheck(ACTION_READ);
-  }
-
-  /**
-   * Returns permission check for write action.
-   *
-   * @param id id of repository for permission check
-   *
-   * @return permission check for write action
-   */
-  public static PermissionCheck write(String id)
-  {
-    return check(ACTION_WRITE.concat(SEPARATOR).concat(id));
-  }
-
-  /**
-   * Returns permission check for write action.
-   *
-   * @param r repository for permission check
-   *
-   * @return permission check for write action
-   */
-  public static PermissionCheck write(Repository r)
-  {
-    return write(r.getId());
-  }
-
-  /**
-   * Return permission action check for write action.
-   *
-   * @return permission action check for write action
-   */
-  public static PermissionActionCheck<Repository> write()
-  {
-    return actionCheck(ACTION_WRITE);
-  }
-
-  private static PermissionActionCheck<Repository> actionCheck(String action)
-  {
-    return new PermissionActionCheck<>(TYPE.concat(SEPARATOR).concat(action));
-  }
-
-  private static PermissionCheck check(String permission)
-  {
-    return new PermissionCheck(TYPE.concat(SEPARATOR).concat(permission));
-  }
-}
--- a/scm-core/src/main/java/sonia/scm/security/PermissionActionCheck.java
+++ b/scm-core/src/main/java/sonia/scm/security/PermissionActionCheck.java
@@ -1,121 +0,0 @@
-/**
- * Copyright (c) 2014, Sebastian Sdorra All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer. 2. Redistributions in
- * binary form must reproduce the above copyright notice, this list of
- * conditions and the following disclaimer in the documentation and/or other
- * materials provided with the distribution. 3. Neither the name of SCM-Manager;
- * nor the names of its contributors may be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
- * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * http://bitbucket.org/sdorra/scm-manager
- *
- */
-
-
-
-package sonia.scm.security;
-
-//~--- non-JDK imports --------------------------------------------------------
-
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.subject.Subject;
-
-import sonia.scm.ModelObject;
-
-/**
- *
- * @author Sebastian Sdorra
- * @param <T>
- *
- * @since 2.0.0
- */
-public final class PermissionActionCheck<T extends ModelObject>
-{
-
-  /**
-   * Constructs ...
-   *
-   * @param typedAction
-   */
-  public PermissionActionCheck(String typedAction)
-  {
-    this.prefix = typedAction.concat(":");
-    this.subject = SecurityUtils.getSubject();
-  }
-
-  //~--- methods --------------------------------------------------------------
-
-  /**
-   * Method description
-   *
-   *
-   * @param id
-   */
-  public void check(String id)
-  {
-    subject.checkPermission(prefix.concat(id));
-  }
-
-  /**
-   * Method description
-   *
-   *
-   * @param item
-   */
-  public void check(T item)
-  {
-    subject.checkPermission(prefix.concat(item.getId()));
-  }
-
-  //~--- get methods ----------------------------------------------------------
-
-  /**
-   * Method description
-   *
-   *
-   * @param id
-   *
-   * @return
-   */
-  public boolean isPermitted(String id)
-  {
-    return subject.isPermitted(prefix.concat(id));
-  }
-
-  /**
-   * Method description
-   *
-   *
-   * @param item
-   *
-   * @return
-   */
-  public boolean isPermitted(T item)
-  {
-    return subject.isPermitted(prefix.concat(item.getId()));
-  }
-
-  //~--- fields ---------------------------------------------------------------
-
-  /** Field description */
-  private final String prefix;
-
-  /** Field description */
-  private final Subject subject;
-}
--- a/scm-core/src/main/java/sonia/scm/security/PermissionCheck.java
+++ b/scm-core/src/main/java/sonia/scm/security/PermissionCheck.java
@@ -1,85 +0,0 @@
-/**
- * Copyright (c) 2014, Sebastian Sdorra All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer. 2. Redistributions in
- * binary form must reproduce the above copyright notice, this list of
- * conditions and the following disclaimer in the documentation and/or other
- * materials provided with the distribution. 3. Neither the name of SCM-Manager;
- * nor the names of its contributors may be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
- * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * http://bitbucket.org/sdorra/scm-manager
- *
- */
-
-
-
-package sonia.scm.security;
-
-//~--- non-JDK imports --------------------------------------------------------
-
-import org.apache.shiro.SecurityUtils;
-
-/**
- *
- * @author Sebastian Sdorra
- * @since 2.0.0
- */
-public final class PermissionCheck
-{
-
-  /**
-   * Constructs ...
-   *
-   *
-   * @param permission
-   */
-  public PermissionCheck(String permission)
-  {
-    this.permission = permission;
-  }
-
-  //~--- methods --------------------------------------------------------------
-
-  /**
-   * Method description
-   *
-   */
-  public void check()
-  {
-    SecurityUtils.getSubject().checkPermission(permission);
-  }
-
-  //~--- get methods ----------------------------------------------------------
-
-  /**
-   * Method description
-   *
-   *
-   * @return
-   */
-  public boolean isPermitted()
-  {
-    return SecurityUtils.getSubject().isPermitted(permission);
-  }
-
-  //~--- fields ---------------------------------------------------------------
-
-  /** Field description */
-  private final String permission;
-}
--- a/scm-core/src/main/java/sonia/scm/user/User.java
+++ b/scm-core/src/main/java/sonia/scm/user/User.java
@@ -35,6 +35,8 @@ package sonia.scm.user;

 //~--- non-JDK imports --------------------------------------------------------

+import com.github.sdorra.ssp.PermissionObject;
+import com.github.sdorra.ssp.StaticPermissions;
 import com.google.common.base.Objects;

 import sonia.scm.BasicPropertiesAware;
@@ -54,9 +56,10 @@ import javax.xml.bind.annotation.XmlRootElement;
 *
 * @author Sebastian Sdorra
 */
+@StaticPermissions("user")
@XmlRootElement(name = "users")
@XmlAccessorType(XmlAccessType.FIELD)
-public class User extends BasicPropertiesAware implements Principal, ModelObject
+public class User extends BasicPropertiesAware implements Principal, ModelObject, PermissionObject
 {

  /** Field description */
--- a/scm-core/src/test/java/sonia/scm/repository/RepositoryPermissionsTest.java
+++ b/scm-core/src/test/java/sonia/scm/repository/RepositoryPermissionsTest.java
@@ -1,224 +0,0 @@
-/**
- * Copyright (c) 2014, Sebastian Sdorra
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- *    this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright notice,
- *    this list of conditions and the following disclaimer in the documentation
- *    and/or other materials provided with the distribution.
- * 3. Neither the name of SCM-Manager; nor the names of its
- *    contributors may be used to endorse or promote products derived from this
- *    software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * http://bitbucket.org/sdorra/scm-manager
- *
- */
-package sonia.scm.repository;
-
-import com.github.sdorra.shiro.ShiroRule;
-import com.github.sdorra.shiro.SubjectAware;
-import java.util.function.Supplier;
-import org.apache.shiro.authz.UnauthorizedException;
-import org.junit.Test;
-import static org.junit.Assert.*;
-import org.junit.Rule;
-import org.junit.runner.RunWith;
-import org.mockito.Mock;
-import static org.mockito.Mockito.*;
-import org.mockito.runners.MockitoJUnitRunner;
-import sonia.scm.security.PermissionActionCheck;
-import sonia.scm.security.PermissionCheck;
-
-/**
- * Unit tests for {@link RepositoryPermissions}.
- *
- * @author Sebastian Sdorra
- */
-@RunWith(MockitoJUnitRunner.class)
-@SubjectAware(configuration = "classpath:sonia/scm/repository/repository-permissions.ini")
-public class RepositoryPermissionsTest {
-
-  @Mock
-  private Repository repository;
-
-  /**
-   * Shiro rule.
-   */
-  @Rule
-  public ShiroRule shiro = new ShiroRule();
-
-  /**
-   * Test permission checks with id successful.
-   */
-  @Test
-  @SubjectAware(username = "permitted", password = "secret")
-  public void testPermissionCheckWithId() {
-    assertPermissionCheckId(RepositoryPermissions::read);
-    assertPermissionCheckId(RepositoryPermissions::write);
-    assertPermissionCheckId(RepositoryPermissions::delete);
-    assertPermissionCheckId(RepositoryPermissions::modify);
-    assertPermissionCheckId(RepositoryPermissions::healthCheck);
-  }
-
-  /**
-   * Test permission checks with id successful.
-   */
-  @Test
-  @SubjectAware(username = "permitted", password = "secret")
-  public void testPermissionActionCheck() {
-    assertPermissionActionCheck(RepositoryPermissions::read);
-    assertPermissionActionCheck(RepositoryPermissions::write);
-    assertPermissionActionCheck(RepositoryPermissions::delete);
-    assertPermissionActionCheck(RepositoryPermissions::modify);
-    assertPermissionActionCheck(RepositoryPermissions::healthCheck);
-  }
-
-  @Test
-  @SubjectAware(username = "notpermitted", password = "secret")
-  public void testPermissionActionCheckWithoutRequired() {
-    assertFailedPermissionActionCheck(RepositoryPermissions::read);
-    assertFailedPermissionActionCheck(RepositoryPermissions::write);
-    assertFailedPermissionActionCheck(RepositoryPermissions::delete);
-    assertFailedPermissionActionCheck(RepositoryPermissions::modify);
-    assertFailedPermissionActionCheck(RepositoryPermissions::healthCheck);
-  }
-  
-  /**
-   * Test permission checks with repository successful.
-   */
-  @Test
-  @SubjectAware(username = "permitted", password = "secret")
-  public void testPermissionCheckWithRepository() {
-    assertPermissionCheckRepository(RepositoryPermissions::read);
-    assertPermissionCheckRepository(RepositoryPermissions::write);
-    assertPermissionCheckRepository(RepositoryPermissions::delete);
-    assertPermissionCheckRepository(RepositoryPermissions::modify);
-    assertPermissionCheckRepository(RepositoryPermissions::healthCheck);
-  }
-
-  /**
-   * Test permission checks with id and without the required permissions.
-   */
-  @Test
-  @SubjectAware(username = "notpermitted", password = "secret")
-  public void testPermissionCheckWithIdAndWithoutRequiredPermissions() {
-    assertFailedPermissionCheckId(RepositoryPermissions::read);
-    assertFailedPermissionCheckId(RepositoryPermissions::write);
-    assertFailedPermissionCheckId(RepositoryPermissions::delete);
-    assertFailedPermissionCheckId(RepositoryPermissions::modify);
-    assertFailedPermissionCheckId(RepositoryPermissions::healthCheck);
-  }
-
-  /**
-   * Tests permission checks with repository and without the required permissions.
-   */
-  @Test
-  @SubjectAware(username = "notpermitted", password = "secret")
-  public void testPermissionCheckWithRepositoryAndWithoutRequiredPermissions() {
-    assertFailedPermissionCheckRepository(RepositoryPermissions::read);
-    assertFailedPermissionCheckRepository(RepositoryPermissions::write);
-    assertFailedPermissionCheckRepository(RepositoryPermissions::delete);
-    assertFailedPermissionCheckRepository(RepositoryPermissions::modify);
-    assertFailedPermissionCheckRepository(RepositoryPermissions::healthCheck);
-  }
-
-  private void assertFailedPermissionCheckRepository(RepositoryPermissionChecker<Repository> checker) {
-    when(repository.getId()).thenReturn("abc");
-    assertFailedPermissionCheck(checker.get(repository));
-  }
-
-  private void assertFailedPermissionCheckId(RepositoryPermissionChecker<String> checker) {
-    assertFailedPermissionCheck(checker.get("abc"));
-  }
-
-  private void assertFailedPermissionCheck(PermissionCheck check) {
-    assertNotNull(check);
-    assertFalse(check.isPermitted());
-    boolean fail = false;
-    try {
-      check.check();
-    }
-    catch (UnauthorizedException ex) {
-      fail = true;
-    }
-    assertTrue(fail);
-  }
-
-  private void assertPermissionCheckRepository(RepositoryPermissionChecker<Repository> checker) {
-    when(repository.getId()).thenReturn("abc");
-    assertPermissionCheck(checker.get(repository));
-  }
-
-  private void assertPermissionCheckId(RepositoryPermissionChecker<String> checker) {
-    assertPermissionCheck(checker.get("abc"));
-  }
-
-  private void assertPermissionCheck(PermissionCheck check) {
-    assertNotNull(check);
-    assertTrue(check.isPermitted());
-    check.check();
-  }
-
-  private void assertPermissionActionCheck(Supplier<PermissionActionCheck<Repository>> supplier) {
-    assertPermissionActionCheck(supplier.get());
-  }
-
-  private void assertFailedPermissionActionCheck(Supplier<PermissionActionCheck<Repository>> supplier) {
-    assertFailedPermissionActionCheck(supplier.get());
-  }
-  
-  private void assertFailedPermissionActionCheck(PermissionActionCheck<Repository> check) {
-    assertNotNull(check);
-    assertFalse(check.isPermitted("abc"));
-    boolean fail = false;
-    try {
-      check.check("abc");
-    }
-    catch (UnauthorizedException ex) {
-      fail = true;
-    }
-    assertTrue(fail);
-    fail = false;
-    when(repository.getId()).thenReturn("abc");
-    assertFalse(check.isPermitted(repository));
-    try {
-      check.check(repository);
-    }
-    catch (UnauthorizedException ex) {
-      fail = true;
-    }
-    assertTrue(fail);
-  }
-
-  private void assertPermissionActionCheck(PermissionActionCheck<Repository> check) {
-    assertNotNull(check);
-    assertTrue(check.isPermitted("abc"));
-    check.check("abc");
-    when(repository.getId()).thenReturn("abc");
-    assertTrue(check.isPermitted(repository));
-    check.check(repository);
-  }
-
-  @FunctionalInterface
-  private static interface RepositoryPermissionChecker<T> {
-
-    public PermissionCheck get(T type);
-
-  }
-
-}
--- a/scm-webapp/src/main/java/sonia/scm/plugin/MultiParentClassLoader.java
+++ b/scm-webapp/src/main/java/sonia/scm/plugin/MultiParentClassLoader.java
@@ -74,7 +74,7 @@ public class MultiParentClassLoader extends ClassLoader
  public MultiParentClassLoader(Collection<? extends ClassLoader> parents)
  {
    super(null);
-    this.parents = new CopyOnWriteArrayList<>(parents);
+    this.parents = new CopyOnWriteArrayList<ClassLoader>(parents);
  }

  //~--- get methods ----------------------------------------------------------
--- a/scm-webapp/src/main/java/sonia/scm/repository/DefaultRepositoryManager.java
+++ b/scm-webapp/src/main/java/sonia/scm/repository/DefaultRepositoryManager.java
@@ -35,6 +35,7 @@ package sonia.scm.repository;

 //~--- non-JDK imports --------------------------------------------------------

+import com.github.sdorra.ssp.PermissionActionCheck;
 import com.google.common.base.Strings;
 import com.google.common.collect.Lists;
 import com.google.common.util.concurrent.ThreadFactoryBuilder;
@@ -53,7 +54,6 @@ import sonia.scm.SCMContextProvider;
 import sonia.scm.Type;
 import sonia.scm.config.ScmConfiguration;
 import sonia.scm.security.KeyGenerator;
-import sonia.scm.security.PermissionActionCheck;
 import sonia.scm.util.AssertUtil;
 import sonia.scm.util.CollectionAppender;
 import sonia.scm.util.HttpUtil;
--- a/scm-webapp/src/main/java/sonia/scm/repository/HealthChecker.java
+++ b/scm-webapp/src/main/java/sonia/scm/repository/HealthChecker.java
@@ -33,6 +33,7 @@ package sonia.scm.repository;

 //~--- non-JDK imports --------------------------------------------------------

+import com.github.sdorra.ssp.PermissionActionCheck;
 import com.google.common.collect.ImmutableList;
 import com.google.inject.Inject;

@@ -43,7 +44,6 @@ import org.slf4j.LoggerFactory;
 import java.io.IOException;

 import java.util.Set;
-import sonia.scm.security.PermissionActionCheck;

 /**
 *
@@ -91,7 +91,7 @@ public final class HealthChecker
  public void check(String id)
    throws RepositoryNotFoundException, RepositoryException, IOException
  {
-    RepositoryPermissions.healthCheck(id);
+    RepositoryPermissions.healthCheck(id).check();

    Repository repository = repositoryManager.get(id);

@@ -116,7 +116,7 @@ public final class HealthChecker
  public void check(Repository repository)
    throws RepositoryException, IOException
  {
-    RepositoryPermissions.healthCheck(repository);
+    RepositoryPermissions.healthCheck(repository).check();

    doCheck(repository);
  }
--- a/scm-webapp/src/main/java/sonia/scm/user/DefaultUserManager.java
+++ b/scm-webapp/src/main/java/sonia/scm/user/DefaultUserManager.java
@@ -35,12 +35,10 @@ package sonia.scm.user;

 //~--- non-JDK imports --------------------------------------------------------

+import com.github.sdorra.ssp.PermissionActionCheck;
 import com.google.inject.Inject;
 import com.google.inject.Singleton;

-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.subject.Subject;
-
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

@@ -49,12 +47,9 @@ import sonia.scm.SCMContextProvider;
 import sonia.scm.TransformFilter;
 import sonia.scm.search.SearchRequest;
 import sonia.scm.search.SearchUtil;
-import sonia.scm.security.Role;
-import sonia.scm.security.ScmSecurityException;
 import sonia.scm.util.AssertUtil;
 import sonia.scm.util.CollectionAppender;
 import sonia.scm.util.IOUtil;
-import sonia.scm.util.SecurityUtil;
 import sonia.scm.util.Util;

 //~--- JDK imports ------------------------------------------------------------
@@ -99,10 +94,6 @@ public class DefaultUserManager extends AbstractUserManager
  /**
   * Constructs ...
   *
-<<<<<<< mine
-=======
-   *
->>>>>>> theirs
   * @param userDAO
   */
  @Inject
@@ -164,17 +155,7 @@ public class DefaultUserManager extends AbstractUserManager
      logger.info("create user {} of type {}", user.getName(), user.getType());
    }

-    Subject subject = SecurityUtils.getSubject();
-
-    if (!subject.hasRole(Role.USER))
-    {
-      throw new ScmSecurityException("user is not authenticated");
-    }
-
-    if (!subject.hasRole(Role.ADMIN))
-    {
-      throw new ScmSecurityException("admin account is required");
-    }
+    UserPermissions.create().check();

    if (userDAO.contains(user.getName()))
    {
@@ -205,9 +186,8 @@ public class DefaultUserManager extends AbstractUserManager
      logger.info("delete user {} of type {}", user.getName(), user.getType());
    }

-    SecurityUtil.assertIsAdmin();
-
    String name = user.getName();
+    UserPermissions.delete(name).check();

    if (userDAO.contains(name))
    {
@@ -250,28 +230,13 @@ public class DefaultUserManager extends AbstractUserManager
  @Override
  public void modify(User user) throws UserException, IOException
  {
+    String name = user.getName();
    if (logger.isInfoEnabled())
    {
      logger.info("modify user {} of type {}", user.getName(), user.getType());
    }
    
-    Subject subject = SecurityUtils.getSubject();
-
-    if (!subject.isAuthenticated())
-    {
-      throw new ScmSecurityException("user is not authenticated");
-    }
-
-    User currentUser = subject.getPrincipals().oneByType(User.class);
-
-    if (!user.getName().equals(currentUser.getName())
-      &&!subject.hasRole(Role.ADMIN))
-    {
-      throw new ScmSecurityException("admin account is required");
-    }
-
-    String name = user.getName();
-    
+    UserPermissions.modify(user).check();
    User oldUser = userDAO.get(name);

    if (oldUser != null)
@@ -305,8 +270,7 @@ public class DefaultUserManager extends AbstractUserManager
      logger.info("refresh user {} of type {}", user.getName(), user.getType());
    }

-    SecurityUtil.assertIsAdmin();
-
+    UserPermissions.read(user).check();
    User fresh = userDAO.get(user.getName());

    if (fresh == null)
@@ -333,25 +297,24 @@ public class DefaultUserManager extends AbstractUserManager
      logger.debug("search user with query {}", searchRequest.getQuery());
    }

-    return SearchUtil.search(searchRequest, userDAO.getAll(),
-      new TransformFilter<User>()
-    {
+    final PermissionActionCheck<User> check = UserPermissions.read();
+    return SearchUtil.search(searchRequest, userDAO.getAll(), new TransformFilter<User>() {
      @Override
      public User accept(User user)
      {
        User result = null;
-
-        if (SearchUtil.matchesOne(searchRequest, user.getName(),
-          user.getDisplayName(), user.getMail()))
-        {
+        if (check.isPermitted(user) && matches(searchRequest, user)) {
          result = user.clone();
        }
-
        return result;
      }
    });
  }
  
+  private boolean matches(SearchRequest searchRequest, User user) {
+    return SearchUtil.matchesOne(searchRequest, user.getName(), user.getDisplayName(), user.getMail());
+  }
+
  //~--- get methods ----------------------------------------------------------

  /**
@@ -365,8 +328,8 @@ public class DefaultUserManager extends AbstractUserManager
  @Override
  public User get(String id)
  {
+    UserPermissions.read().check(id);
    
-    // SecurityUtil.assertIsAdmin(scurityContextProvider);
    User user = userDAO.get(id);

    if (user != null)
@@ -400,17 +363,16 @@ public class DefaultUserManager extends AbstractUserManager
  @Override
  public Collection<User> getAll(Comparator<User> comparator)
  {
-    SecurityUtil.assertIsAdmin();
+    List<User> users = new ArrayList<>();

-    List<User> users = new ArrayList<User>();
-
-    for (User user : userDAO.getAll())
-    {
+    PermissionActionCheck<User> check = UserPermissions.read();
+    for (User user : userDAO.getAll()) {
+      if (check.isPermitted(user)) {
        users.add(user.clone());
      }
+    }

-    if (comparator != null)
-    {
+    if (comparator != null) {
      Collections.sort(users, comparator);
    }

@@ -429,19 +391,18 @@ public class DefaultUserManager extends AbstractUserManager
   * @return
   */
  @Override
-  public Collection<User> getAll(Comparator<User> comaparator, int start,
-    int limit)
-  {
-    SecurityUtil.assertIsAdmin();
-
+  public Collection<User> getAll(Comparator<User> comaparator, int start, int limit) {
+    final PermissionActionCheck<User> check = UserPermissions.read();
    return Util.createSubCollection(userDAO.getAll(), comaparator,
      new CollectionAppender<User>()
    {
      @Override
      public void append(Collection<User> collection, User item)
      {
+        if (check.isPermitted(item)) {
          collection.add(item.clone());
        }
+      }
    }, start, limit);
  }