fix assignment of administrator privileges by configuration

scm-webapp/src/main/java/sonia/scm/security/DefaultAuthorizationCollector.java

@@ -51,6 +51,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import sonia.scm.cache.Cache;
 import sonia.scm.cache.CacheManager;
+import sonia.scm.config.ScmConfiguration;
 import sonia.scm.group.GroupNames;
 import sonia.scm.group.GroupPermissions;
 import sonia.scm.plugin.Extension;
@@ -76,9 +77,6 @@ import java.util.Set;
 public class DefaultAuthorizationCollector implements AuthorizationCollector
 {
 
-  // TODO move to util class
-  private static final String SEPARATOR = System.getProperty("line.separator", "\n");
-
   /** Field description */
   private static final String ADMIN_PERMISSION = "*";
 
@@ -98,14 +96,16 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
    *
    *
    *
+   * @param configuration
    * @param cacheManager
    * @param repositoryDAO
    * @param securitySystem
    */
   @Inject
-  public DefaultAuthorizationCollector(CacheManager cacheManager,
-    RepositoryDAO repositoryDAO, SecuritySystem securitySystem)
+  public DefaultAuthorizationCollector(ScmConfiguration configuration, CacheManager cacheManager,
+                                       RepositoryDAO repositoryDAO, SecuritySystem securitySystem)
   {
+    this.configuration = configuration;
     this.cache = cacheManager.getCache(CACHE_NAME);
     this.repositoryDAO = repositoryDAO;
     this.securitySystem = securitySystem;
@@ -239,7 +239,7 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
     Set<String> roles;
     Set<String> permissions;
 
-    if (user.isAdmin())
+    if (isAdmin(user, groups))
     {
       if (logger.isDebugEnabled())
       {
@@ -270,6 +270,37 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
     return info;
   }
 
+  private boolean isAdmin(User user, GroupNames groups) {
+    boolean admin = user.isAdmin();
+    if (admin) {
+      logger.debug("user {} is marked as admin, because of the user flag", user.getName());
+      return true;
+    }
+    if (isUserAdminInConfiguration(user)) {
+      logger.debug("user {} is marked as admin, because of the admin user configuration", user.getName());
+      return true;
+    }
+    return isUserAdminInGroupConfiguration(user, groups);
+  }
+
+  private boolean isUserAdminInGroupConfiguration(User user, GroupNames groups) {
+    Set<String> adminGroups = configuration.getAdminGroups();
+    if (adminGroups != null && groups != null) {
+      for (String group : groups) {
+        if (adminGroups.contains(group)) {
+          logger.debug("user {} is marked as admin, because of the admin group configuration for group {}", user.getName(), group);
+          return true;
+        }
+      }
+    }
+    return false;
+  }
+
+  private boolean isUserAdminInConfiguration(User user) {
+    Set<String> adminUsers = configuration.getAdminUsers();
+    return adminUsers != null && adminUsers.contains(user.getName());
+  }
+
   private String getGroupAutocompletePermission() {
     return GroupPermissions.autocomplete().asShiroString();
   }
@@ -373,6 +404,8 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
 
   //~--- fields ---------------------------------------------------------------
 
+  private final ScmConfiguration configuration;
+
   /** authorization cache */
   private final Cache<CacheKey, AuthorizationInfo> cache;