Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-16 18:26:16 +01:00
Code Issues Packages Projects Releases Activity

start implementation of repository permissions

Browse Source
This commit is contained in:
Sebastian Sdorra
2015-07-09 20:29:07 +02:00
parent 480a188763
commit 6dd765e3be
22 changed files with 730 additions and 701 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
scm-webapp/src/main/java/sonia/scm/security/DefaultAuthorizationCollector.java
View File

@@ -47,9 +47,7 @@ import com.google.inject.Singleton;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.authz.permission.PermissionResolver;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
@@ -61,7 +59,6 @@ import sonia.scm.cache.CacheManager;
import sonia.scm.group.GroupEvent;
import sonia.scm.group.GroupNames;
import sonia.scm.plugin.Extension;
import sonia.scm.repository.PermissionType;
import sonia.scm.repository.Repository;
import sonia.scm.repository.RepositoryDAO;
import sonia.scm.repository.RepositoryEvent;
@@ -83,6 +80,9 @@ import java.util.Set;
public class DefaultAuthorizationCollector implements AuthorizationCollector
{
/** Field description */
private static final String ADMIN_PERMISSION = "*";
/** Field description */
private static final String CACHE_NAME = "sonia.cache.authorizing";
@@ -102,17 +102,14 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
* @param cacheManager
* @param repositoryDAO
* @param securitySystem
* @param resolver
*/
@Inject
public DefaultAuthorizationCollector(CacheManager cacheManager,
RepositoryDAO repositoryDAO, SecuritySystem securitySystem,
PermissionResolver resolver)
RepositoryDAO repositoryDAO, SecuritySystem securitySystem)
{
this.cache = cacheManager.getCache(CACHE_NAME);
this.repositoryDAO = repositoryDAO;
this.securitySystem = securitySystem;
this.resolver = resolver;
}
//~--- methods --------------------------------------------------------------
@@ -271,7 +268,7 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
return info;
}
private void collectGlobalPermissions(Builder<Permission> builder,
private void collectGlobalPermissions(Builder<String> builder,
final User user, final GroupNames groups)
{
if (logger.isTraceEnabled())
@@ -292,23 +289,15 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
for (StoredAssignedPermission gp : globalPermissions)
{
if (logger.isTraceEnabled())
{
logger.trace("add permission {} for user {}", gp.getPermission(),
user.getName());
}
String permission = gp.getPermission();
Permission permission = resolver.resolvePermission(gp.getPermission());
if (permission != null)
{
builder.add(permission);
}
logger.trace("add permission {} for user {}", permission, user.getName());
builder.add(permission);
}
}
private void collectRepositoryPermissions(Builder<Permission> builder,
User user, GroupNames groups)
private void collectRepositoryPermissions(Builder<String> builder, User user,
GroupNames groups)
{
for (Repository repository : repositoryDAO.getAll())
{
@@ -322,7 +311,7 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
}
}
private void collectRepositoryPermissions(Builder<Permission> builder,
private void collectRepositoryPermissions(Builder<String> builder,
Repository repository, User user, GroupNames groups)
{
List<sonia.scm.repository.Permission> repositoryPermissions =
@@ -335,16 +324,14 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
{
if (isUserPermission(user, groups, permission))
{
RepositoryPermission rp = new RepositoryPermission(repository,
permission.getType());
if (logger.isTraceEnabled())
{
logger.trace("add repository permission {} for user {}", rp,
user.getName());
}
String perm = permission.getType().getPermissionPrefix().concat(
repository.getId());
builder.add(rp);
logger.trace("add repository permission {} for user {}", perm,
user.getName());
builder.add(perm);
}
}
}
@@ -359,7 +346,7 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
GroupNames groups)
{
Set<String> roles;
Set<Permission> permissions;
Set<String> permissions;
if (user.isAdmin())
{
@@ -370,20 +357,13 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
roles = ImmutableSet.of(Role.USER, Role.ADMIN);
//J-
Permission adminPermission = new RepositoryPermission(
RepositoryPermission.WILDCARD,
PermissionType.OWNER
);
//J+
permissions = ImmutableSet.of(adminPermission);
permissions = ImmutableSet.of(ADMIN_PERMISSION);
}
else
{
roles = ImmutableSet.of(Role.USER);
Builder<Permission> builder = ImmutableSet.builder();
Builder<String> builder = ImmutableSet.builder();
collectGlobalPermissions(builder, user, groups);
collectRepositoryPermissions(builder, user, groups);
@@ -392,7 +372,7 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roles);
info.addObjectPermissions(permissions);
info.addStringPermissions(permissions);
return info;
}
@@ -472,9 +452,6 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
/** repository dao */
private final RepositoryDAO repositoryDAO;
/** permission resolver */
private final PermissionResolver resolver;
/** security system */
private final SecuritySystem securitySystem;
}

157
scm-webapp/src/main/java/sonia/scm/security/RepositoryPermissionResolver.java
View File

@@ -1,157 +0,0 @@
/**
* Copyright (c) 2010, Sebastian Sdorra
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. Neither the name of SCM-Manager; nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* http://bitbucket.org/sdorra/scm-manager
*
*/
package sonia.scm.security;
//~--- non-JDK imports --------------------------------------------------------
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import org.apache.shiro.authz.permission.PermissionResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sonia.scm.repository.PermissionType;
//~--- JDK imports ------------------------------------------------------------
import java.util.Iterator;
import java.util.Locale;
/**
*
* @author Sebastian Sdorra
*/
public class RepositoryPermissionResolver implements PermissionResolver
{
/**
* the logger for RepositoryPermissionResolver
*/
private static final Logger logger =
LoggerFactory.getLogger(RepositoryPermissionResolver.class);
//~--- methods --------------------------------------------------------------
/**
* Method description
*
*
* @param permissionString
*
* @return
*/
@Override
public RepositoryPermission resolvePermission(String permissionString)
{
RepositoryPermission permission = null;
if (!Strings.isNullOrEmpty(permissionString))
{
Iterator<String> permissionIt =
Splitter.on(':').omitEmptyStrings().trimResults().split(
permissionString).iterator();
if (permissionIt.hasNext())
{
String type = permissionIt.next();
if (type.equals(RepositoryPermission.TYPE))
{
permission = createRepositoryPermission(permissionIt);
}
else if (logger.isWarnEnabled())
{
logger.warn("permission '{}' is not a repository permission",
permissionString);
}
}
}
else
{
logger.warn(
"permision string is empty, could not resolve empty permission");
}
return permission;
}
/**
* Method description
*
*
* @param permissionIt
*
* @return
*/
private RepositoryPermission createRepositoryPermission(
Iterator<String> permissionIt)
{
RepositoryPermission permission = null;
if (permissionIt.hasNext())
{
String repositoryId = permissionIt.next();
if (permissionIt.hasNext())
{
try
{
String typeString = permissionIt.next();
typeString = typeString.trim().toUpperCase(Locale.ENGLISH);
PermissionType type = PermissionType.valueOf(typeString);
permission = new RepositoryPermission(repositoryId, type);
}
catch (IllegalArgumentException ex)
{
logger.warn("type is not a valid permission type", ex);
}
}
else if (logger.isWarnEnabled())
{
logger.warn("permission type is missing");
}
}
else if (logger.isWarnEnabled())
{
logger.warn("repository id and permission type is missing");
}
return permission;
}
}