start implementation of new security system

2025-11-11 07:55:47 +01:00 · 2013-04-30 16:27:08 +02:00
parent c7cc0fabb0
commit 7b00a4e52d
2 changed files with 142 additions and 56 deletions
--- a/scm-webapp/src/main/java/sonia/scm/security/DefaultSecuritySystem.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/DefaultSecuritySystem.java
@@ -33,17 +33,26 @@ package sonia.scm.security;

 //~--- non-JDK imports --------------------------------------------------------

+import com.google.common.base.Predicate;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableList.Builder;
 import com.google.inject.Inject;
 import com.google.inject.Singleton;

 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.subject.PrincipalCollection;

-import sonia.scm.event.ScmEventBus;
-import sonia.scm.store.Store;
-import sonia.scm.store.StoreFactory;
+import sonia.scm.store.ConfigurationEntryStore;
+import sonia.scm.store.ConfigurationEntryStoreFactory;
+
+//~--- JDK imports ------------------------------------------------------------
+
+import java.util.Collections;
+import java.util.List;
+import java.util.Map.Entry;

 /**
+ * TODO add events
 *
 * @author Sebastian Sdorra
 * @since 1.31
@@ -64,9 +73,73 @@ public class DefaultSecuritySystem implements SecuritySystem
   * @param storeFactory
   */
  @Inject
-  public DefaultSecuritySystem(StoreFactory storeFactory)
+  public DefaultSecuritySystem(ConfigurationEntryStoreFactory storeFactory)
  {
-    store = storeFactory.getStore(SecurityConfiguration.class, NAME);
+    store = storeFactory.getStore(AssignedPermission.class, NAME);
+  }
+
+  //~--- methods --------------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @param permission
+   *
+   * @return
+   */
+  @Override
+  public StoredAssignedPermission addPermission(AssignedPermission permission)
+  {
+    assertIsAdmin();
+
+    String id = store.put(permission);
+
+    return new StoredAssignedPermission(id, permission);
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param permission
+   */
+  @Override
+  public void deletePermission(StoredAssignedPermission permission)
+  {
+    assertIsAdmin();
+    deletePermission(permission.getId());
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param id
+   */
+  @Override
+  public void deletePermission(String id)
+  {
+    assertIsAdmin();
+    store.remove(id);
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param permission
+   */
+  @Override
+  public void modifyPermission(StoredAssignedPermission permission)
+  {
+    assertIsAdmin();
+
+    synchronized (store)
+    {
+      store.remove(permission.getId());
+      store.put(permission.getId(), new AssignedPermission(permission));
+    }
  }

  //~--- get methods ----------------------------------------------------------
@@ -78,16 +151,48 @@ public class DefaultSecuritySystem implements SecuritySystem
   * @return
   */
  @Override
-  public SecurityConfiguration getConfiguration()
+  public List<StoredAssignedPermission> getAllPermissions()
  {
-    SecurityConfiguration configuration = store.get();
-
-    if (configuration == null)
-    {
-      configuration = new SecurityConfiguration();
+    return getPermissions(null);
  }

-    return configuration;
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  @Override
+  public List<PermissionDescriptor> getAvailablePermissions()
+  {
+
+    // TODO
+    return Collections.EMPTY_LIST;
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param predicate
+   *
+   * @return
+   */
+  @Override
+  public List<StoredAssignedPermission> getPermissions(
+    Predicate<AssignedPermission> predicate)
+  {
+    Builder<StoredAssignedPermission> permissions = ImmutableList.builder();
+
+    for (Entry<String, AssignedPermission> e : store.getAll().entrySet())
+    {
+      if ((predicate == null) || predicate.apply(e.getValue()))
+      {
+        permissions.add(new StoredAssignedPermission(e.getKey(), e.getValue()));
+      }
+    }
+
+    return permissions.build();
  }

  /**
@@ -99,34 +204,24 @@ public class DefaultSecuritySystem implements SecuritySystem
  @Override
  public PrincipalCollection getSystemAccount()
  {
-    throw new UnsupportedOperationException("Not supported yet.");    // To change body of generated methods, choose Tools | Templates.
+
+    // TODO
+    throw new UnsupportedOperationException("Not supported yet.");
  }

-  //~--- set methods ----------------------------------------------------------
+  //~--- methods --------------------------------------------------------------

  /**
   * Method description
   *
-   *
-   * @param newConfiguration
   */
-  @Override
-  public void setConfiguration(SecurityConfiguration newConfiguration)
+  private void assertIsAdmin()
  {
    SecurityUtils.getSubject().checkRole(Role.ADMIN);
-
-    SecurityConfiguration oldConfiguration = store.get();
-
-    store.set(newConfiguration);
-    //J-
-    ScmEventBus.getInstance().post(
-      new SecurityConfigurationChangedEvent(oldConfiguration, newConfiguration)
-    );
-    //J+
  }

  //~--- fields ---------------------------------------------------------------

  /** Field description */
-  private Store<SecurityConfiguration> store;
+  private final ConfigurationEntryStore<AssignedPermission> store;
 }
--- a/scm-webapp/src/main/java/sonia/scm/security/ScmRealm.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/ScmRealm.java
@@ -36,6 +36,7 @@ package sonia.scm.security;
 //~--- non-JDK imports --------------------------------------------------------

 import com.google.common.base.Joiner;
+import com.google.common.base.Predicate;
 import com.google.common.collect.Lists;
 import com.google.common.collect.Sets;
 import com.google.common.eventbus.Subscribe;
@@ -197,23 +198,6 @@ public class ScmRealm extends AuthorizingRealm
    }
  }

-  /**
-   * Method description
-   *
-   *
-   * @param event
-   */
-  @Subscribe
-  public void onEvent(SecurityConfigurationChangedEvent event)
-  {
-    if (logger.isDebugEnabled())
-    {
-      logger.debug("clear cache, because security configuration has changed");
-    }
-
-    cache.clear();
-  }
-
  /**
   * Method description
   *
@@ -503,7 +487,8 @@ public class ScmRealm extends AuthorizingRealm
   *
   * @return
   */
-  private List<String> collectGlobalPermissions(User user, GroupNames groups)
+  private List<String> collectGlobalPermissions(final User user,
+    final GroupNames groups)
  {
    if (logger.isTraceEnabled())
    {
@@ -512,12 +497,18 @@ public class ScmRealm extends AuthorizingRealm

    List<String> permissions = Lists.newArrayList();

-    List<GlobalPermission> globalPermissions =
-      securitySystem.getConfiguration().getGlobalPermissions();
-
-    for (GlobalPermission gp : globalPermissions)
+    List<StoredAssignedPermission> globalPermissions =
+      securitySystem.getPermissions(new Predicate<AssignedPermission>()
    {
-      if (isUserPermission(user, groups, gp))
+
+      @Override
+      public boolean apply(AssignedPermission input)
+      {
+        return isUserPermission(user, groups, input);
+      }
+    });
+
+    for (StoredAssignedPermission gp : globalPermissions)
    {
      if (logger.isTraceEnabled())
      {
@@ -526,7 +517,7 @@ public class ScmRealm extends AuthorizingRealm
      }

      permissions.add(gp.getPermission());
-      }
+
    }

    return permissions;