Fix bug for repository owners without global role permission

Repository owners got an frontend error when they hat no permission to read the global repository roles. We therefore remove the dedicated permission to read repository. Additionally we fix the 'write' permission to match the entry in the 'permissions.xml' file.
2025-11-12 00:15:44 +01:00 · 2019-05-31 10:20:44 +02:00
parent ecbc7b67e6
commit 84ae5646a4
6 changed files with 8 additions and 16 deletions
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/IndexDtoGenerator.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/IndexDtoGenerator.java
@@ -63,9 +63,7 @@ public class IndexDtoGenerator extends HalAppenderMapper {

      builder.single(link("repositoryTypes", resourceLinks.repositoryTypeCollection().self()));
      builder.single(link("namespaceStrategies", resourceLinks.namespaceStrategies().self()));
-      if (RepositoryRolePermissions.read().isPermitted()) {
-        builder.single(link("repositoryRoles", resourceLinks.repositoryRoleCollection().self()));
-      }
+      builder.single(link("repositoryRoles", resourceLinks.repositoryRoleCollection().self()));
    } else {
      builder.single(link("login", resourceLinks.authentication().jsonLogin()));
    }
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryRoleCollectionToDtoMapper.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryRoleCollectionToDtoMapper.java
@@ -25,7 +25,7 @@ public class RepositoryRoleCollectionToDtoMapper extends BasicCollectionToDtoMap
  }

  Optional<String> createCreateLink() {
-    return RepositoryRolePermissions.modify().isPermitted() ? of(resourceLinks.repositoryRoleCollection().create()): empty();
+    return RepositoryRolePermissions.write().isPermitted() ? of(resourceLinks.repositoryRoleCollection().create()): empty();
  }

  String createSelfLink() {
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryRoleToRepositoryRoleDtoMapper.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryRoleToRepositoryRoleDtoMapper.java
@@ -27,7 +27,7 @@ public abstract class RepositoryRoleToRepositoryRoleDtoMapper extends BaseMapper
  @ObjectFactory
  RepositoryRoleDto createDto(RepositoryRole repositoryRole) {
    Links.Builder linksBuilder = linkingTo().self(resourceLinks.repositoryRole().self(repositoryRole.getName()));
-    if (!"system".equals(repositoryRole.getType()) && RepositoryRolePermissions.modify().isPermitted()) {
+    if (!"system".equals(repositoryRole.getType()) && RepositoryRolePermissions.write().isPermitted()) {
      linksBuilder.single(link("delete", resourceLinks.repositoryRole().delete(repositoryRole.getName())));
      linksBuilder.single(link("update", resourceLinks.repositoryRole().update(repositoryRole.getName())));
    }
--- a/scm-webapp/src/main/java/sonia/scm/repository/DefaultRepositoryRoleManager.java
+++ b/scm-webapp/src/main/java/sonia/scm/repository/DefaultRepositoryRoleManager.java
@@ -88,7 +88,7 @@ public class DefaultRepositoryRoleManager extends AbstractRepositoryRoleManager

    return managerDaoAdapter.create(
      repositoryRole,
-      RepositoryRolePermissions::modify,
+      RepositoryRolePermissions::write,
      newRepositoryRole -> fireEvent(HandlerEventType.BEFORE_CREATE, newRepositoryRole),
      newRepositoryRole -> fireEvent(HandlerEventType.CREATE, newRepositoryRole)
    );
@@ -100,7 +100,7 @@ public class DefaultRepositoryRoleManager extends AbstractRepositoryRoleManager
    logger.info("delete repositoryRole {} of type {}", repositoryRole.getName(), repositoryRole.getType());
    managerDaoAdapter.delete(
      repositoryRole,
-      RepositoryRolePermissions::modify,
+      RepositoryRolePermissions::write,
      toDelete -> fireEvent(HandlerEventType.BEFORE_DELETE, toDelete),
      toDelete -> fireEvent(HandlerEventType.DELETE, toDelete)
    );
@@ -116,7 +116,7 @@ public class DefaultRepositoryRoleManager extends AbstractRepositoryRoleManager
    logger.info("modify repositoryRole {} of type {}", repositoryRole.getName(), repositoryRole.getType());
    managerDaoAdapter.modify(
      repositoryRole,
-      x -> RepositoryRolePermissions.modify(),
+      x -> RepositoryRolePermissions.write(),
      notModified -> fireEvent(HandlerEventType.BEFORE_MODIFY, repositoryRole, notModified),
      notModified -> fireEvent(HandlerEventType.MODIFY, repositoryRole, notModified));
  }
@@ -125,7 +125,6 @@ public class DefaultRepositoryRoleManager extends AbstractRepositoryRoleManager
  public void refresh(RepositoryRole repositoryRole) {
    logger.info("refresh repositoryRole {} of type {}", repositoryRole.getName(), repositoryRole.getType());

-    RepositoryRolePermissions.read().check();
    RepositoryRole fresh = repositoryRoleDAO.get(repositoryRole.getName());

    if (fresh == null) {
@@ -135,8 +134,6 @@ public class DefaultRepositoryRoleManager extends AbstractRepositoryRoleManager

  @Override
  public RepositoryRole get(String id) {
-    RepositoryRolePermissions.read().check();
-
    return findSystemRole(id).orElse(findCustomRole(id));
  }

@@ -168,9 +165,6 @@ public class DefaultRepositoryRoleManager extends AbstractRepositoryRoleManager
  public List<RepositoryRole> getAll() {
    List<RepositoryRole> repositoryRoles = new ArrayList<>();

-    if (!RepositoryRolePermissions.read().isPermitted()) {
-      return Collections.emptyList();
-    }
    for (RepositoryRole repositoryRole : repositoryPermissionProvider.availableRoles()) {
      repositoryRoles.add(repositoryRole.clone());
    }