Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-14 01:15:44 +01:00
Code Issues Packages Projects Releases Activity

use apache shiro to check repository permissions

Browse Source
This commit is contained in:
Sebastian Sdorra
2012-08-29 09:45:08 +02:00
parent d9810da47c
commit 5e05a1a12e
1 changed files with 51 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
scm-webapp/src/main/java/sonia/scm/repository/DefaultRepositoryManager.java
View File

@@ -36,10 +36,14 @@ package sonia.scm.repository;
//~--- non-JDK imports -------------------------------------------------------- //~--- non-JDK imports --------------------------------------------------------
import com.google.common.base.Strings; import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import com.google.inject.Inject; import com.google.inject.Inject;
import com.google.inject.Provider; import com.google.inject.Provider;
import com.google.inject.Singleton; import com.google.inject.Singleton;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@@ -49,20 +53,18 @@ import sonia.scm.HandlerEvent;
import sonia.scm.SCMContextProvider; import sonia.scm.SCMContextProvider;
import sonia.scm.Type; import sonia.scm.Type;
import sonia.scm.config.ScmConfiguration; import sonia.scm.config.ScmConfiguration;
import sonia.scm.security.RepositoryPermission;
import sonia.scm.security.ScmSecurityException; import sonia.scm.security.ScmSecurityException;
import sonia.scm.util.AssertUtil; import sonia.scm.util.AssertUtil;
import sonia.scm.util.CollectionAppender; import sonia.scm.util.CollectionAppender;
import sonia.scm.util.HttpUtil; import sonia.scm.util.HttpUtil;
import sonia.scm.util.IOUtil; import sonia.scm.util.IOUtil;
import sonia.scm.util.SecurityUtil;
import sonia.scm.util.Util; import sonia.scm.util.Util;
import sonia.scm.web.security.WebSecurityContext;
//~--- JDK imports ------------------------------------------------------------ //~--- JDK imports ------------------------------------------------------------
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.Comparator; import java.util.Comparator;
@@ -94,10 +96,6 @@ public class DefaultRepositoryManager extends AbstractRepositoryManager
/** /**
* Constructs ... * Constructs ...
* *
*
*
*
*
* @param configuration * @param configuration
* @param contextProvider * @param contextProvider
* @param securityContextProvider * @param securityContextProvider
@@ -108,14 +106,12 @@ public class DefaultRepositoryManager extends AbstractRepositoryManager
*/ */
@Inject @Inject
public DefaultRepositoryManager(ScmConfiguration configuration, public DefaultRepositoryManager(ScmConfiguration configuration,
SCMContextProvider contextProvider, SCMContextProvider contextProvider, RepositoryDAO repositoryDAO,
Provider<WebSecurityContext> securityContextProvider, Set<RepositoryHandler> handlerSet,
RepositoryDAO repositoryDAO, Set<RepositoryHandler> handlerSet,
Provider<Set<RepositoryListener>> repositoryListenersProvider, Provider<Set<RepositoryListener>> repositoryListenersProvider,
Provider<Set<RepositoryHook>> repositoryHooksProvider) Provider<Set<RepositoryHook>> repositoryHooksProvider)
{ {
this.configuration = configuration; this.configuration = configuration;
this.securityContextProvider = securityContextProvider;
this.repositoryDAO = repositoryDAO; this.repositoryDAO = repositoryDAO;
this.repositoryListenersProvider = repositoryListenersProvider; this.repositoryListenersProvider = repositoryListenersProvider;
this.repositoryHooksProvider = repositoryHooksProvider; this.repositoryHooksProvider = repositoryHooksProvider;
@@ -167,7 +163,7 @@ public class DefaultRepositoryManager extends AbstractRepositoryManager
repository.getType()); repository.getType());
} }
SecurityUtil.assertIsAdmin(securityContextProvider); assertIsAdmin();
AssertUtil.assertIsValid(repository); AssertUtil.assertIsValid(repository);
if (repositoryDAO.contains(repository)) if (repositoryDAO.contains(repository))
@@ -473,7 +469,7 @@ public class DefaultRepositoryManager extends AbstractRepositoryManager
@Override @Override
public Collection<Repository> getAll(Comparator<Repository> comparator) public Collection<Repository> getAll(Comparator<Repository> comparator)
{ {
List<Repository> repositories = new ArrayList<Repository>(); List<Repository> repositories = Lists.newArrayList();
for (Repository repository : repositoryDAO.getAll()) for (Repository repository : repositoryDAO.getAll())
{ {
@@ -601,7 +597,7 @@ public class DefaultRepositoryManager extends AbstractRepositoryManager
@Override @Override
public Collection<Type> getConfiguredTypes() public Collection<Type> getConfiguredTypes()
{ {
List<Type> validTypes = new ArrayList<Type>(); List<Type> validTypes = Lists.newArrayList();
for (RepositoryHandler handler : handlerMap.values()) for (RepositoryHandler handler : handlerMap.values())
{ {
@@ -865,25 +861,44 @@ public class DefaultRepositoryManager extends AbstractRepositoryManager
/** /**
* Method description * Method description
* *
*/
private void assertIsAdmin()
{
if (!SecurityUtils.getSubject().hasRole("admin"))
{
throw new SecurityException("admin role is required");
}
}
/**
* TODO use {@link Subject#checkPermission(org.apache.shiro.authz.Permission)}
* in version 2.x.
*
* *
* @param repository * @param repository
*/ */
private void assertIsOwner(Repository repository) private void assertIsOwner(Repository repository)
{ {
PermissionUtil.assertPermission(repository, securityContextProvider, if (!isPermitted(repository, PermissionType.OWNER))
PermissionType.OWNER); {
throw new ScmSecurityException(
"owner permission is required, access denied");
}
} }
/** /**
* Method description * TODO use {@link Subject#checkPermission(org.apache.shiro.authz.Permission)}
* * in version 2.x.
* *
* @param repository * @param repository
*/ */
private void assertIsReader(Repository repository) private void assertIsReader(Repository repository)
{ {
PermissionUtil.assertPermission(repository, securityContextProvider, if (!isReader(repository))
PermissionType.READ); {
throw new ScmSecurityException(
"reader permission is required, access denied");
}
} }
//~--- get methods ---------------------------------------------------------- //~--- get methods ----------------------------------------------------------
@@ -942,6 +957,21 @@ public class DefaultRepositoryManager extends AbstractRepositoryManager
return result; return result;
} }
/**
* Method description
*
*
* @param repository
* @param type
*
* @return
*/
private boolean isPermitted(Repository repository, PermissionType type)
{
return SecurityUtils.getSubject().isPermitted(
new RepositoryPermission(repository, PermissionType.READ));
}
/** /**
* Method description * Method description
* *
@@ -952,8 +982,7 @@ public class DefaultRepositoryManager extends AbstractRepositoryManager
*/ */
private boolean isReader(Repository repository) private boolean isReader(Repository repository)
{ {
return PermissionUtil.hasPermission(repository, securityContextProvider, return isPermitted(repository, PermissionType.READ);
PermissionType.READ);
} }
//~--- fields --------------------------------------------------------------- //~--- fields ---------------------------------------------------------------
@@ -976,9 +1005,6 @@ public class DefaultRepositoryManager extends AbstractRepositoryManager
/** Field description */ /** Field description */
private Provider<Set<RepositoryListener>> repositoryListenersProvider; private Provider<Set<RepositoryListener>> repositoryListenersProvider;
/** Field description */
private Provider<WebSecurityContext> securityContextProvider;
/** Field description */ /** Field description */
private Set<Type> types; private Set<Type> types;
} }