Add permission for permissions

scm-core/src/main/java/sonia/scm/security/Permission.java

@@ -0,0 +1,12 @@
+package sonia.scm.security;
+
+import com.github.sdorra.ssp.PermissionObject;
+import com.github.sdorra.ssp.StaticPermissions;
+
+@StaticPermissions(
+  value = "permission",
+  permissions = {},
+  globalPermissions = {"list", "assign"}
+)
+public interface Permission extends PermissionObject {
+}

scm-webapp/src/main/java/sonia/scm/security/DefaultSecuritySystem.java

@@ -126,7 +126,7 @@ public class DefaultSecuritySystem implements SecuritySystem
   @Override
   public void addPermission(AssignedPermission permission)
   {
-    assertIsAdmin();
+    assertHasPermission();
     validatePermission(permission);
 
     String id = store.put(permission);
@@ -149,7 +149,7 @@ public class DefaultSecuritySystem implements SecuritySystem
   @Override
   public void deletePermission(AssignedPermission permission)
   {
-    assertIsAdmin();
+    assertHasPermission();
     boolean deleted = deletePermissions(sap -> Objects.equal(sap.getName(), permission.getName())
       && Objects.equal(sap.isGroupPermission(), permission.isGroupPermission())
       && Objects.equal(sap.getPermission(), permission.getPermission()));
@@ -203,7 +203,7 @@ public class DefaultSecuritySystem implements SecuritySystem
   @Override
   public Collection<PermissionDescriptor> getAvailablePermissions()
   {
-    assertIsAdmin();
+    assertHasPermission();
 
     return availablePermissions;
   }
@@ -238,9 +238,9 @@ public class DefaultSecuritySystem implements SecuritySystem
    * Method description
    *
    */
-  private void assertIsAdmin()
+  private void assertHasPermission()
   {
-    SecurityUtils.getSubject().checkRole(Role.ADMIN);
+    PermissionPermissions.assign().check();
   }
 
   /**