Fail assignment on not existing permission

scm-webapp/src/main/java/sonia/scm/security/PermissionAssigner.java

@@ -1,5 +1,8 @@
 package sonia.scm.security;
 
+import sonia.scm.ContextEntry;
+import sonia.scm.NotFoundException;
+
 import javax.inject.Inject;
 import java.util.Collection;
 import java.util.List;
@@ -62,9 +65,21 @@ public class PermissionAssigner {
       .collect(Collectors.toList());
     toRemove.forEach(securitySystem::deletePermission);
 
+    Collection<PermissionDescriptor> availablePermissions = this.getAvailablePermissions();
+
     permissions.stream()
+      .filter(permissionExists(availablePermissions))
       .map(p -> new AssignedPermission(id, groupPermission, p))
       .filter(p -> !existingPermissions.contains(p))
       .forEach(securitySystem::addPermission);
   }
+
+  private Predicate<PermissionDescriptor> permissionExists(Collection<PermissionDescriptor> availablePermissions) {
+    return p -> {
+      if (!availablePermissions.contains(p)) {
+        throw NotFoundException.notFound(ContextEntry.ContextBuilder.entity("permission", p.getValue()));
+      }
+      return true;
+    };
+  }
 }

scm-webapp/src/test/java/sonia/scm/security/PermissionAssignerTest.java

@@ -8,11 +8,14 @@ import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
+import sonia.scm.NotFoundException;
 import sonia.scm.plugin.PluginLoader;
 import sonia.scm.store.InMemoryConfigurationEntryStoreFactory;
 import sonia.scm.util.ClassLoaders;
 
+import java.util.Arrays;
 import java.util.Collection;
+import java.util.stream.Collectors;
 
 import static java.util.Arrays.asList;
 import static org.mockito.Mockito.mock;
@@ -35,7 +38,14 @@ public class PermissionAssignerTest {
     PluginLoader pluginLoader = mock(PluginLoader.class);
     when(pluginLoader.getUberClassLoader()).thenReturn(ClassLoaders.getContextClassLoader(DefaultSecuritySystem.class));
 
-    securitySystem = new DefaultSecuritySystem(new InMemoryConfigurationEntryStoreFactory(), pluginLoader);
+    securitySystem = new DefaultSecuritySystem(new InMemoryConfigurationEntryStoreFactory(), pluginLoader) {
+      @Override
+      public Collection<PermissionDescriptor> getAvailablePermissions() {
+        return Arrays.stream(new String[]{"perm:read:1", "perm:read:2", "perm:read:3", "perm:read:4"})
+          .map(PermissionDescriptor::new)
+          .collect(Collectors.toList());
+      }
+    };
 
     try {
       securitySystem.addPermission(new AssignedPermission("1", "perm:read:1"));
@@ -86,4 +96,10 @@ public class PermissionAssignerTest {
 
     permissionAssigner.setPermissionsForUser("2", asList(new PermissionDescriptor("perm:read:3"), new PermissionDescriptor("perm:read:4")));
   }
+
+  @Test
+  public void shouldFailForNotExistingPermissions() {
+    expectedException.expect(NotFoundException.class);
+    permissionAssigner.setPermissionsForUser("2", asList(new PermissionDescriptor("perm:read:5"), new PermissionDescriptor("perm:read:4")));
+  }
 }