Change the "manage" plugin permission to "write". This way we don't need a migration because the plugin manage permission was already saved as "plugin:read,write"

2025-11-13 00:45:44 +01:00 · 2020-05-05 10:55:23 +02:00
parent 55c96ee81d
commit 63e5d2f23d
7 changed files with 14 additions and 13 deletions
--- a/scm-core/src/main/java/sonia/scm/plugin/PluginInformation.java
+++ b/scm-core/src/main/java/sonia/scm/plugin/PluginInformation.java
@@ -47,7 +47,7 @@ import java.io.Serializable;
  value = "plugin",
  generatedClass = "PluginPermissions",
  permissions = {},
-  globalPermissions = {"read", "manage"},
+  globalPermissions = {"read", "write"},
  custom = true, customGlobal = true
 )
@XmlAccessorType(XmlAccessType.FIELD)
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/AvailablePluginResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/AvailablePluginResource.java
@@ -178,7 +178,7 @@ public class AvailablePluginResource {
    )
  )
  public Response installPlugin(@PathParam("name") String name, @QueryParam("restart") boolean restartAfterInstallation) {
-    PluginPermissions.manage().check();
+    PluginPermissions.write().check();
    pluginManager.install(name, restartAfterInstallation);
    return Response.ok().build();
  }
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/IndexDtoGenerator.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/IndexDtoGenerator.java
@@ -82,7 +82,7 @@ public class IndexDtoGenerator extends HalAppenderMapper {
        builder.single(link("installedPlugins", resourceLinks.installedPluginCollection().self()));
        builder.single(link("availablePlugins", resourceLinks.availablePluginCollection().self()));
      }
-      if (PluginPermissions.manage().isPermitted()) {
+      if (PluginPermissions.write().isPermitted()) {
        builder.single(link("pendingPlugins", resourceLinks.pendingPluginCollection().self()));
      }
      if (UserPermissions.list().isPermitted()) {
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PendingPluginResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PendingPluginResource.java
@@ -118,7 +118,7 @@ public class PendingPluginResource {
    List<PluginDto> uninstallDtos = uninstallPlugins.map(i -> mapper.mapInstalled(i, pending)).collect(toList());

    if (
-      PluginPermissions.manage().isPermitted() &&
+      PluginPermissions.write().isPermitted() &&
        (!installDtos.isEmpty() || !updateDtos.isEmpty() || !uninstallDtos.isEmpty())
    ) {
      if (restarter.isSupported()) {
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PluginDtoCollectionMapper.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PluginDtoCollectionMapper.java
@@ -31,6 +31,7 @@ import de.otto.edison.hal.Links;
 import sonia.scm.plugin.AvailablePlugin;
 import sonia.scm.plugin.InstalledPlugin;
 import sonia.scm.plugin.PluginManager;
+import sonia.scm.plugin.PluginPermissions;

 import java.util.List;

@@ -71,7 +72,7 @@ public class PluginDtoCollectionMapper {
    Links.Builder linksBuilder = linkingTo()
      .with(Links.linkingTo().self(baseUrl).build());

-    if (!manager.getUpdatable().isEmpty()) {
+    if (!manager.getUpdatable().isEmpty() && PluginPermissions.write().isPermitted()) {
      linksBuilder.single(link("update", resourceLinks.installedPluginCollection().update()));
    }

--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PluginDtoMapper.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PluginDtoMapper.java
@@ -81,7 +81,7 @@ public abstract class PluginDtoMapper {
      .self(resourceLinks.availablePlugin()
        .self(information.getName()));

-    if (!plugin.isPending() && PluginPermissions.manage().isPermitted()) {
+    if (!plugin.isPending() && PluginPermissions.write().isPermitted()) {
      String href = resourceLinks.availablePlugin().install(information.getName());
      appendLink(links, "install", href);
    }
@@ -106,7 +106,7 @@ public abstract class PluginDtoMapper {
    if (!plugin.isCore()
      && availablePlugin.isPresent()
      && !availablePlugin.get().isPending()
-      && PluginPermissions.manage().isPermitted()
+      && PluginPermissions.write().isPermitted()
    ) {
      String href = resourceLinks.availablePlugin().install(information.getName());
      appendLink(links, "update", href);
@@ -114,7 +114,7 @@ public abstract class PluginDtoMapper {

    if (plugin.isUninstallable()
      && (!availablePlugin.isPresent() || !availablePlugin.get().isPending())
-      && PluginPermissions.manage().isPermitted()
+      && PluginPermissions.write().isPermitted()
    ) {
      String href = resourceLinks.installedPlugin().uninstall(information.getName());
      appendLink(links, "uninstall", href);
--- a/scm-webapp/src/main/java/sonia/scm/plugin/DefaultPluginManager.java
+++ b/scm-webapp/src/main/java/sonia/scm/plugin/DefaultPluginManager.java
@@ -157,7 +157,7 @@ public class DefaultPluginManager implements PluginManager {

  @Override
  public void install(String name, boolean restartAfterInstallation) {
-    PluginPermissions.manage().check();
+    PluginPermissions.write().check();

    getInstalled(name)
      .map(InstalledPlugin::isCore)
@@ -192,7 +192,7 @@ public class DefaultPluginManager implements PluginManager {

  @Override
  public void uninstall(String name, boolean restartAfterInstallation) {
-    PluginPermissions.manage().check();
+    PluginPermissions.write().check();
    InstalledPlugin installed = getInstalled(name)
      .orElseThrow(() -> NotFoundException.notFound(entity(InstalledPlugin.class, name)));
    doThrow().violation("plugin is a core plugin and cannot be uninstalled").when(installed.isCore());
@@ -231,7 +231,7 @@ public class DefaultPluginManager implements PluginManager {

  @Override
  public void executePendingAndRestart() {
-    PluginPermissions.manage().check();
+    PluginPermissions.write().check();
    if (!pendingInstallQueue.isEmpty() || getInstalled().stream().anyMatch(InstalledPlugin::isMarkedForUninstall)) {
      triggerRestart("execute pending plugin changes");
    }
@@ -278,7 +278,7 @@ public class DefaultPluginManager implements PluginManager {

  @Override
  public void cancelPending() {
-    PluginPermissions.manage().check();
+    PluginPermissions.write().check();
    pendingUninstallQueue.forEach(PendingPluginUninstallation::cancel);
    pendingInstallQueue.forEach(PendingPluginInstallation::cancel);
    pendingUninstallQueue.clear();
@@ -288,7 +288,7 @@ public class DefaultPluginManager implements PluginManager {

  @Override
  public void updateAll() {
-    PluginPermissions.manage().check();
+    PluginPermissions.write().check();
    for (InstalledPlugin installedPlugin : getInstalled()) {
      String pluginName = installedPlugin.getDescriptor().getInformation().getName();
      if (isUpdatable(pluginName)) {