Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-12 16:35:45 +01:00
Code Issues Packages Projects Releases Activity

improve security

Browse Source
This commit is contained in:
Sebastian Sdorra
2011-02-21 13:54:20 +01:00
parent a1070bd0f5
commit 4591df1163
3 changed files with 84 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
scm-webapp/src/main/java/sonia/scm/api/rest/resources/GroupResource.java
View File

@@ -36,11 +36,14 @@ package sonia.scm.api.rest.resources;
//~--- non-JDK imports --------------------------------------------------------
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import sonia.scm.group.Group;
import sonia.scm.group.GroupException;
import sonia.scm.group.GroupManager;
import sonia.scm.util.SecurityUtil;
import sonia.scm.web.security.WebSecurityContext;
//~--- JDK imports ------------------------------------------------------------
@@ -48,6 +51,8 @@ import java.util.Collection;
import javax.ws.rs.Path;
import javax.ws.rs.core.GenericEntity;
import javax.ws.rs.core.Request;
import javax.ws.rs.core.Response;
/**
*
@@ -68,12 +73,44 @@ public class GroupResource
* Constructs ...
*
*
*
* @param securityContextProvider
* @param groupManager
*/
@Inject
public GroupResource(GroupManager groupManager)
public GroupResource(Provider<WebSecurityContext> securityContextProvider,
GroupManager groupManager)
{
super(groupManager);
this.securityContextProvider = securityContextProvider;
}
//~--- get methods ----------------------------------------------------------
/**
* Method description
*
*
* @param request
* @param id
*
* @return
*/
@Override
public Response get(Request request, String id)
{
Response response = null;
if (SecurityUtil.isAdmin(securityContextProvider))
{
response = super.get(request, id);
}
else
{
response = Response.status(Response.Status.FORBIDDEN).build();
}
return response;
}
//~--- methods --------------------------------------------------------------
@@ -121,4 +158,9 @@ public class GroupResource
{
return PATH_PART;
}
//~--- fields ---------------------------------------------------------------
/** Field description */
private Provider<WebSecurityContext> securityContextProvider;
}

13
scm-webapp/src/main/java/sonia/scm/api/rest/resources/UserResource.java
View File

@@ -106,9 +106,18 @@ public class UserResource extends AbstractManagerResource<User, UserException>
@Override
public Response get(Request request, String id)
{
SecurityUtil.assertIsAdmin(securityContextProvider);
Response response = null;
return super.get(request, id);
if (SecurityUtil.isAdmin(securityContextProvider))
{
response = super.get(request, id);
}
else
{
response = Response.status(Response.Status.FORBIDDEN).build();
}
return response;
}
//~--- methods --------------------------------------------------------------