Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-12 00:15:44 +01:00
Code Issues Packages Projects Releases Activity

improve permission system

Browse Source
This commit is contained in:
Sebastian Sdorra
2010-11-26 17:33:07 +01:00
parent 591c81d90f
commit 2fdc1d3a7e
5 changed files with 190 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

128
scm-core/src/main/java/sonia/scm/repository/Permission.java
View File

@@ -70,13 +70,10 @@ public class Permission implements Serializable
* *
* *
* @param name * @param name
* @param writeable
*/ */
public Permission(String name, boolean writeable) public Permission(String name)
{ {
this.name = name; this.name = name;
this.writeable = writeable;
this.groupPermission = false;
} }
/** /**
@@ -84,67 +81,12 @@ public class Permission implements Serializable
* *
* *
* @param name * @param name
* @param writeable * @param type
* @param groupPermission
*/ */
public Permission(String name, boolean writeable, boolean groupPermission) public Permission(String name, PermissionType type)
{ {
this.name = name; this.name = name;
this.writeable = writeable; this.type = type;
this.groupPermission = groupPermission;
}
/**
* Constructs ...
*
*
* @param name
* @param writeable
* @param groupPermission
* @param path
*/
public Permission(String name, boolean writeable, boolean groupPermission,
String path)
{
this.name = name;
this.writeable = writeable;
this.groupPermission = groupPermission;
this.path = path;
}
//~--- methods --------------------------------------------------------------
/**
* Method description
*
*
* @return
*/
@Override
public String toString()
{
StringBuilder buffer = new StringBuilder();
buffer.append(name);
if (groupPermission)
{
buffer.append(" (Group)");
}
buffer.append(" - r");
if (writeable)
{
buffer.append("w");
}
if (Util.isNotEmpty(path))
{
buffer.append(" ").append(path);
}
return buffer.toString();
} }
//~--- get methods ---------------------------------------------------------- //~--- get methods ----------------------------------------------------------
@@ -166,42 +108,9 @@ public class Permission implements Serializable
* *
* @return * @return
*/ */
public String getPath() public PermissionType getType()
{ {
return path; return type;
}
/**
* Method description
*
*
* @return
*/
public boolean isGroupPermission()
{
return groupPermission;
}
/**
* Method description
*
*
* @return
*/
public boolean isRootPermission()
{
return Util.isEmpty(path);
}
/**
* Method description
*
*
* @return
*/
public boolean isWriteable()
{
return writeable;
} }
//~--- set methods ---------------------------------------------------------- //~--- set methods ----------------------------------------------------------
@@ -210,24 +119,29 @@ public class Permission implements Serializable
* Method description * Method description
* *
* *
* @param path * @param name
*/ */
public void setPath(String path) public void setName(String name)
{ {
this.path = path; this.name = name;
}
/**
* Method description
*
*
* @param type
*/
public void setType(PermissionType type)
{
this.type = type;
} }
//~--- fields --------------------------------------------------------------- //~--- fields ---------------------------------------------------------------
/** Field description */
private boolean groupPermission;
/** Field description */ /** Field description */
private String name; private String name;
/** Field description */ /** Field description */
private String path = ""; private PermissionType type = PermissionType.READ;
/** Field description */
private boolean writeable;
} }

72
scm-core/src/main/java/sonia/scm/repository/PermissionType.java Normal file
View File

@@ -0,0 +1,72 @@
/**
* Copyright (c) 2010, Sebastian Sdorra
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. Neither the name of SCM-Manager; nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* http://bitbucket.org/sdorra/scm-manager
*
*/
package sonia.scm.repository;
/**
*
* @author Sebastian Sdorra
*/
public enum PermissionType
{
READ(0), WRITE(10), OWNER(100);
/**
* Constructs ...
*
*
* @param value
*/
private PermissionType(int value)
{
this.value = value;
}
//~--- get methods ----------------------------------------------------------
/**
* Method description
*
*
* @return
*/
public int getValue()
{
return value;
}
//~--- fields ---------------------------------------------------------------
/** Field description */
private int value;
}

45
scm-core/src/main/java/sonia/scm/repository/PermissionUtil.java
View File

@@ -55,12 +55,12 @@ public class PermissionUtil
* *
* @param repository * @param repository
* @param user * @param user
* @param write * @param pt
*/ */
public static void assertPermission(Repository repository, User user, public static void assertPermission(Repository repository, User user,
boolean write) PermissionType pt)
{ {
if (!hasPermission(repository, user, write)) if (!hasPermission(repository, user, pt))
{ {
throw new IllegalStateException("action denied"); throw new IllegalStateException("action denied");
} }
@@ -74,38 +74,63 @@ public class PermissionUtil
* *
* @param repository * @param repository
* @param user * @param user
* @param write * @param pt
* *
* @return * @return
*/ */
public static boolean hasPermission(Repository repository, User user, public static boolean hasPermission(Repository repository, User user,
boolean write) PermissionType pt)
{ {
String username = user.getName(); String username = user.getName();
AssertUtil.assertIsNotEmpty(username); AssertUtil.assertIsNotEmpty(username);
boolean result = false; boolean result = false;
if (user.isAdmin())
{
result = true;
}
else
{
List<Permission> permissions = repository.getPermissions(); List<Permission> permissions = repository.getPermissions();
if (permissions != null) if (permissions != null)
{ {
for (Permission p : permissions) result = hasPermission(permissions, username, pt);
}
}
return result;
}
/**
* Method description
*
*
* @param permissions
* @param username
* @param pt
*
* @return
*/
private static boolean hasPermission(List<Permission> permissions,
String username, PermissionType pt)
{ {
if (!p.isGroupPermission()) boolean result = false;
for (Permission p : permissions)
{ {
String name = p.getName(); String name = p.getName();
if ((name != null) && name.equalsIgnoreCase(username) if ((name != null) && name.equalsIgnoreCase(username)
&& (!write || p.isWriteable())) && (p.getType().getValue() >= pt.getValue()))
{ {
result = true; result = true;
break; break;
} }
} }
}
}
return result; return result;
} }

63
scm-core/src/test/java/sonia/scm/repository/PermissionUtilTest.java
View File

@@ -59,9 +59,14 @@ public class PermissionUtilTest
public PermissionUtilTest() public PermissionUtilTest()
{ {
repository = new Repository(); repository = new Repository();
admams.setAdmin(true);
Permission[] permissions = new Permission[] { new Permission("dent", false), Permission[] permissions = new Permission[] {
new Permission("perfect", true) }; new Permission("dent", PermissionType.READ),
new Permission("perfect",
PermissionType.WRITE),
new Permission("marvin",
PermissionType.OWNER) };
repository.setPermissions(Arrays.asList(permissions)); repository.setPermissions(Arrays.asList(permissions));
} }
@@ -75,7 +80,7 @@ public class PermissionUtilTest
@Test(expected = IllegalStateException.class) @Test(expected = IllegalStateException.class)
public void assertFailedPermissionTest() public void assertFailedPermissionTest()
{ {
PermissionUtil.assertPermission(repository, dent, true); PermissionUtil.assertPermission(repository, dent, PermissionType.WRITE);
} }
/** /**
@@ -85,9 +90,15 @@ public class PermissionUtilTest
@Test @Test
public void assertPermissionTest() public void assertPermissionTest()
{ {
PermissionUtil.hasPermission(repository, dent, false); PermissionUtil.assertPermission(repository, dent, PermissionType.READ);
PermissionUtil.hasPermission(repository, perfect, false); PermissionUtil.assertPermission(repository, perfect, PermissionType.READ);
PermissionUtil.hasPermission(repository, perfect, true); PermissionUtil.assertPermission(repository, perfect, PermissionType.WRITE);
PermissionUtil.assertPermission(repository, marvin, PermissionType.READ);
PermissionUtil.assertPermission(repository, marvin, PermissionType.WRITE);
PermissionUtil.assertPermission(repository, marvin, PermissionType.OWNER);
PermissionUtil.assertPermission(repository, admams, PermissionType.READ);
PermissionUtil.assertPermission(repository, admams, PermissionType.WRITE);
PermissionUtil.assertPermission(repository, admams, PermissionType.OWNER);
} }
//~--- get methods ---------------------------------------------------------- //~--- get methods ----------------------------------------------------------
@@ -99,12 +110,30 @@ public class PermissionUtilTest
@Test @Test
public void hasPermissionTest() public void hasPermissionTest()
{ {
assertTrue(PermissionUtil.hasPermission(repository, dent, false)); assertTrue(PermissionUtil.hasPermission(repository, dent,
assertTrue(PermissionUtil.hasPermission(repository, perfect, false)); PermissionType.READ));
assertTrue(PermissionUtil.hasPermission(repository, perfect, true)); assertTrue(PermissionUtil.hasPermission(repository, perfect,
assertFalse(PermissionUtil.hasPermission(repository, dent, true)); PermissionType.READ));
assertFalse(PermissionUtil.hasPermission(repository, slarti, true)); assertTrue(PermissionUtil.hasPermission(repository, perfect,
assertFalse(PermissionUtil.hasPermission(repository, slarti, false)); PermissionType.WRITE));
assertFalse(PermissionUtil.hasPermission(repository, dent,
PermissionType.WRITE));
assertFalse(PermissionUtil.hasPermission(repository, slarti,
PermissionType.WRITE));
assertFalse(PermissionUtil.hasPermission(repository, slarti,
PermissionType.READ));
assertTrue(PermissionUtil.hasPermission(repository, marvin,
PermissionType.READ));
assertTrue(PermissionUtil.hasPermission(repository, marvin,
PermissionType.WRITE));
assertTrue(PermissionUtil.hasPermission(repository, marvin,
PermissionType.OWNER));
assertTrue(PermissionUtil.hasPermission(repository, admams,
PermissionType.READ));
assertTrue(PermissionUtil.hasPermission(repository, admams,
PermissionType.WRITE));
assertTrue(PermissionUtil.hasPermission(repository, admams,
PermissionType.OWNER));
} }
//~--- fields --------------------------------------------------------------- //~--- fields ---------------------------------------------------------------
@@ -122,5 +151,13 @@ public class PermissionUtilTest
/** Field description */ /** Field description */
private User slarti = new User("slarti", "Slartibartfaß", private User slarti = new User("slarti", "Slartibartfaß",
"Slartibartfass@hitchhiker.com"); "slartibartfass@hitchhiker.com");
/** Field description */
private User marvin = new User("marvin", "Marvin",
"paranoid.android@hitchhiker.com");
/** Field description */
private User admams = new User("adams", "Douglas Adams",
"douglas.adams@hitchhiker.com");
} }

5
scm-web-api/src/main/java/sonia/scm/web/filter/PermissionFilter.java
View File

@@ -40,6 +40,7 @@ import com.google.inject.Provider;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import sonia.scm.repository.PermissionType;
import sonia.scm.repository.PermissionUtil; import sonia.scm.repository.PermissionUtil;
import sonia.scm.repository.Repository; import sonia.scm.repository.Repository;
import sonia.scm.user.User; import sonia.scm.user.User;
@@ -134,7 +135,9 @@ public abstract class PermissionFilter extends HttpFilter
boolean writeRequest = isWriteRequest(request); boolean writeRequest = isWriteRequest(request);
if (PermissionUtil.hasPermission(repository, securityContext.getUser(), if (PermissionUtil.hasPermission(repository, securityContext.getUser(),
writeRequest)) writeRequest
? PermissionType.WRITE
: PermissionType.READ))
{ {
chain.doFilter(request, response); chain.doFilter(request, response);
} }