Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2026-01-09 09:02:10 +01:00
Code Issues Packages Projects Releases Activity

Add namespace owner on namespace creation

Browse Source 
Namespace owner may see the namespace configuration page.

Committed-by: René Pfeuffer<rene.pfeuffer@cloudogu.com>
This commit is contained in:
Eduard Heimbuch
2024-02-08 14:18:16 +01:00
parent 5d280a1531
commit 89c4a20dd5
19 changed files with 384 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
gradle/gradle/namespace_config.yaml Normal file
View File

@@ -0,0 +1,4 @@
- type: added
description: Namespace information page
- type: changed
description: Namespace configuration permissions

15
scm-core/src/main/java/sonia/scm/Manager.java
View File

@@ -21,7 +21,7 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm;
import java.util.Collection;
@@ -65,12 +65,23 @@ public interface Manager<T extends ModelObject>
*/
Collection<T> getAll();
/**
* Returns all object of the store unsorted
*
* @param filter to filter the returned objects
* @since 3.1.0
* @return all object of the store sorted by the given {@link java.util.Comparator}
*/
default Collection<T> getAll(Predicate<T> filter) {
return getAll(filter, null);
}
/**
* Returns all object of the store sorted by the given {@link java.util.Comparator}
*
*
* @param filter to filter the returned objects
* @param comparator to sort the returned objects
* @param comparator to sort the returned objects (may be null if no sorting is needed)
* @since 1.4
* @return all object of the store sorted by the given {@link java.util.Comparator}
*/

3
scm-core/src/main/java/sonia/scm/repository/Namespace.java
View File

@@ -41,8 +41,7 @@ import static java.util.Collections.unmodifiableCollection;
@StaticPermissions(
value = "namespace",
globalPermissions = {"permissionRead", "permissionWrite"},
permissions = {},
permissions = {"permissionRead", "permissionWrite"},
custom = true, customGlobal = true
)
@XmlAccessorType(XmlAccessType.FIELD)

2
scm-ui/ui-components/src/layout/NamespaceEntries.tsx
View File

@@ -41,7 +41,7 @@ const DefaultGroupHeader: FC<{ group: RepositoryGroup }> = ({ group }) => {
<Link to={`/repos/${group.name}/`} className="has-text-inherit">
<h3 className="has-text-weight-bold">{group.name}</h3>
</Link>{" "}
<Link to={`/namespace/${group.name}/settings`} aria-label={t("repositoryOverview.settings.tooltip")}>
<Link to={`/namespace/${group.name}/info`} aria-label={t("repositoryOverview.settings.tooltip")}>
<Icon color="inherit" name="cog" title={t("repositoryOverview.settings.tooltip")} className="is-size-6 ml-2" />
</Link>
</>

10
scm-ui/ui-webapp/public/locales/de/namespaces.json
View File

@@ -3,7 +3,15 @@
"menu": {
"navigationLabel": "Namespace",
"settingsNavLink": "Einstellungen",
"permissionsNavLink": "Berechtigungen"
"permissionsNavLink": "Berechtigungen",
"informationNavLink": "Informationen"
},
"infoPage": {
"subtitle": "Informationen",
"repository": "Repository",
"type": "Typ",
"contact": "Kontakt",
"lastModified": "Zuletzt geändert"
}
},
"repositoryOverview": {

10
scm-ui/ui-webapp/public/locales/en/namespaces.json
View File

@@ -3,7 +3,15 @@
"menu": {
"navigationLabel": "Namespace",
"settingsNavLink": "Settings",
"permissionsNavLink": "Permissions"
"permissionsNavLink": "Permissions",
"informationNavLink": "Information"
},
"infoPage": {
"subtitle": "Information",
"repository": "Repository",
"type": "Type",
"contact": "Contact",
"lastModified": "Last modified"
}
},
"repositoryOverview": {

80
scm-ui/ui-webapp/src/repos/namespaces/containers/NamespaceInformation.tsx Normal file
View File

@@ -0,0 +1,80 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
import { Namespace } from "@scm-manager/ui-types";
import React, { FC } from "react";
import { ErrorNotification, Loading, Subtitle } from "@scm-manager/ui-core";
import { useTranslation } from "react-i18next";
import { useRepositories } from "@scm-manager/ui-api";
import { DateFromNow } from "@scm-manager/ui-components";
import { Link } from "react-router-dom";
type Props = {
namespace: Namespace;
};
const NamespaceInformation: FC<Props> = ({ namespace }) => {
const [t] = useTranslation("namespaces");
const { data: repositories, error, isLoading } = useRepositories({ namespace: namespace, pageSize: 9999, page: 0 });
if (error) {
return <ErrorNotification error={error} />;
}
if (isLoading) {
return <Loading />;
}
return (
<div>
<Subtitle subtitle={t("namespaceRoot.infoPage.subtitle")} />
<table className="table">
<thead>
<tr>
<th>{t("namespaceRoot.infoPage.repository")}</th>
<th>{t("namespaceRoot.infoPage.type")}</th>
<th>{t("namespaceRoot.infoPage.contact")}</th>
<th>{t("namespaceRoot.infoPage.lastModified")}</th>
</tr>
</thead>
<tbody>
{repositories?._embedded?.repositories.map((repository) => (
<tr key={repository.name}>
<td>
<Link to={`/repo/${repository.namespace}/${repository.name}`}> {repository.name}</Link>
</td>
<td>{repository.type}</td>
<td>{repository.contact}</td>
<td>
<DateFromNow date={repository.lastModified} />
</td>
</tr>
))}
</tbody>
</table>
</div>
);
};
export default NamespaceInformation;

42
scm-ui/ui-webapp/src/repos/namespaces/containers/NamespaceRoot.tsx
View File

@@ -24,11 +24,12 @@
import React, { FC, useEffect } from "react";
import { useTranslation } from "react-i18next";
import { Redirect, Route, Switch, useRouteMatch } from "react-router-dom";
import { Route, Switch, useRouteMatch } from "react-router-dom";
import {
CustomQueryFlexWrappedColumns,
ErrorPage,
Loading,
NavLink,
Page,
PrimaryContentColumn,
SecondaryNavigation,
@@ -37,9 +38,10 @@ import {
urls,
} from "@scm-manager/ui-components";
import Permissions from "../../permissions/containers/Permissions";
import { ExtensionPoint, extensionPoints } from "@scm-manager/ui-extensions";
import { binder, ExtensionPoint, extensionPoints } from "@scm-manager/ui-extensions";
import PermissionsNavLink from "./PermissionsNavLink";
import { useNamespace, useNamespaceAndNameContext } from "@scm-manager/ui-api";
import NamespaceInformation from "./NamespaceInformation";
type Params = {
namespaceName: string;
@@ -81,7 +83,9 @@ const NamespaceRoot: FC = () => {
<CustomQueryFlexWrappedColumns>
<PrimaryContentColumn>
<Switch>
<Redirect exact from={`${url}/settings`} to={`${url}/settings/permissions`} />
<Route path={`${url}/info`}>
<NamespaceInformation namespace={namespace} />
</Route>
<Route path={`${url}/settings/permissions`}>
<Permissions namespaceOrRepository={namespace} />
</Route>
@@ -94,23 +98,31 @@ const NamespaceRoot: FC = () => {
</PrimaryContentColumn>
<SecondaryNavigationColumn>
<SecondaryNavigation label={t("namespaceRoot.menu.navigationLabel")}>
<NavLink
to={`${url}/info`}
icon="fas fa-info-circle"
label={t("namespaceRoot.menu.informationNavLink")}
title={t("namespaceRoot.menu.informationNavLink")}
/>
<ExtensionPoint<extensionPoints.NamespaceTopLevelNavigation>
name="namespace.navigation.topLevel"
props={extensionProps}
renderAll={true}
/>
<SubNavigation
to={`${url}/settings`}
label={t("namespaceRoot.menu.settingsNavLink")}
title={t("namespaceRoot.menu.settingsNavLink")}
>
<PermissionsNavLink permissionUrl={`${url}/settings/permissions`} namespace={namespace} />
<ExtensionPoint<extensionPoints.NamespaceSetting>
name="namespace.setting"
props={extensionProps}
renderAll={true}
/>
</SubNavigation>
{binder.hasExtension("namespace.setting", extensionProps) || namespace._links.permissions ? (
<SubNavigation
to={`${url}/settings/`}
label={t("namespaceRoot.menu.settingsNavLink")}
title={t("namespaceRoot.menu.settingsNavLink")}
>
<PermissionsNavLink permissionUrl={`${url}/settings/permissions`} namespace={namespace} />
<ExtensionPoint<extensionPoints.NamespaceSetting>
name="namespace.setting"
props={extensionProps}
renderAll={true}
/>
</SubNavigation>
) : null}
</SecondaryNavigation>
</SecondaryNavigationColumn>
</CustomQueryFlexWrappedColumns>

2
scm-webapp/src/main/java/sonia/scm/api/v2/resources/NamespaceToNamespaceDtoMapper.java
View File

@@ -75,7 +75,7 @@ public abstract class NamespaceToNamespaceDtoMapper extends BaseMapper<Namespace
.self(links.namespace().self(namespace.getNamespace()))
.single(link("repositories", links.repositoryCollection().forNamespace(namespace.getNamespace())));
if (NamespacePermissions.permissionRead().isPermitted()) {
if (NamespacePermissions.permissionRead().isPermitted(namespace)) {
linkingTo
.single(link("permissions", links.namespacePermission().all(namespace.getNamespace())));
}

4
scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryPermissionCollectionToDtoMapper.java
View File

@@ -78,10 +78,10 @@ public class RepositoryPermissionCollectionToDtoMapper {
}
private Links createLinks(Namespace namespace) {
NamespacePermissions.permissionRead().check();
NamespacePermissions.permissionRead().check(namespace);
Links.Builder linksBuilder = linkingTo()
.with(Links.linkingTo().self(resourceLinks.namespacePermission().all(namespace.getNamespace())).build());
if (NamespacePermissions.permissionWrite().isPermitted()) {
if (NamespacePermissions.permissionWrite().isPermitted(namespace)) {
linksBuilder.single(link("create", resourceLinks.namespacePermission().create(namespace.getNamespace())));
}
return linksBuilder.build();

2
scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryPermissionToRepositoryPermissionDtoMapper.java
View File

@@ -72,7 +72,7 @@ public abstract class RepositoryPermissionToRepositoryPermissionDtoMapper {
String permissionName = getUrlPermissionName(target);
Links.Builder linksBuilder = linkingTo()
.self(resourceLinks.namespacePermission().self(namespace.getNamespace(), permissionName));
if (NamespacePermissions.permissionWrite().isPermitted()) {
if (NamespacePermissions.permissionWrite().isPermitted(namespace)) {
linksBuilder.single(link("update", resourceLinks.namespacePermission().update(namespace.getNamespace(), permissionName)));
linksBuilder.single(link("delete", resourceLinks.namespacePermission().delete(namespace.getNamespace(), permissionName)));
}

55
scm-webapp/src/main/java/sonia/scm/repository/DefaultNamespaceManager.java
View File

@@ -27,13 +27,15 @@ package sonia.scm.repository;
import com.github.legman.Subscribe;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import org.apache.shiro.SecurityUtils;
import sonia.scm.HandlerEventType;
import sonia.scm.event.ScmEventBus;
import sonia.scm.web.security.AdministrationContext;
import java.util.Collection;
import java.util.Optional;
import java.util.stream.Collectors;
import static java.util.Collections.singletonList;
import static sonia.scm.ContextEntry.ContextBuilder.entity;
import static sonia.scm.NotFoundException.notFound;
@@ -43,12 +45,14 @@ public class DefaultNamespaceManager implements NamespaceManager {
private final RepositoryManager repositoryManager;
private final NamespaceDao dao;
private final ScmEventBus eventBus;
private final AdministrationContext administrationContext;
@Inject
public DefaultNamespaceManager(RepositoryManager repositoryManager, NamespaceDao dao, ScmEventBus eventBus) {
public DefaultNamespaceManager(RepositoryManager repositoryManager, NamespaceDao dao, ScmEventBus eventBus, AdministrationContext administrationContext) {
this.repositoryManager = repositoryManager;
this.dao = dao;
this.eventBus = eventBus;
this.administrationContext = administrationContext;
}
@Override
@@ -67,12 +71,12 @@ public class DefaultNamespaceManager implements NamespaceManager {
.getAllNamespaces()
.stream()
.map(this::createNamespaceForName)
.collect(Collectors.toList());
.toList();
}
@Override
public void modify(Namespace namespace) {
NamespacePermissions.permissionWrite().check();
NamespacePermissions.permissionWrite().check(namespace);
Namespace oldNamespace = get(namespace.getNamespace())
.orElseThrow(() -> notFound(entity(Namespace.class, namespace.getNamespace())));
fireEvent(HandlerEventType.BEFORE_MODIFY, namespace, oldNamespace);
@@ -80,18 +84,41 @@ public class DefaultNamespaceManager implements NamespaceManager {
fireEvent(HandlerEventType.MODIFY, namespace, oldNamespace);
}
@Subscribe
public void cleanupDeletedNamespaces(RepositoryEvent repositoryEvent) {
if (namespaceRelevantChange(repositoryEvent)) {
Collection<String> allNamespaces = repositoryManager.getAllNamespaces();
String oldNamespace = getOldNamespace(repositoryEvent);
if (!allNamespaces.contains(oldNamespace)) {
dao.delete(oldNamespace);
}
@Subscribe(async = false)
public void handleRepositoryEvent(RepositoryEvent repositoryEvent) {
if (repositoryRemovedFromNamespace(repositoryEvent)) {
cleanUpNamespaceIfEmpty(repositoryEvent);
}
if (repositoryCreatedInNamespace(repositoryEvent)) {
initializeIfNeeded(repositoryEvent);
}
}
public boolean namespaceRelevantChange(RepositoryEvent repositoryEvent) {
private static boolean repositoryCreatedInNamespace(RepositoryEvent repositoryEvent) {
return repositoryEvent.getEventType() == HandlerEventType.CREATE;
}
private void cleanUpNamespaceIfEmpty(RepositoryEvent repositoryEvent) {
Collection<String> allNamespaces = repositoryManager.getAllNamespaces();
String oldNamespace = getOldNamespace(repositoryEvent);
if (!allNamespaces.contains(oldNamespace)) {
dao.delete(oldNamespace);
}
}
private void initializeIfNeeded(RepositoryEvent repositoryEvent) {
Namespace namespace = createNamespaceForName(repositoryEvent.getItem().getNamespace());
if (repositoryManager.getAll(r -> r.getNamespace().equals(namespace.getNamespace())).size() == 1) {
String creatingUser = SecurityUtils.getSubject().getPrincipal().toString();
administrationContext.runAsAdmin(() -> {
namespace.setPermissions(singletonList(new RepositoryPermission(creatingUser, "OWNER", false)));
modify(namespace);
}
);
}
}
public boolean repositoryRemovedFromNamespace(RepositoryEvent repositoryEvent) {
HandlerEventType eventType = repositoryEvent.getEventType();
return eventType == HandlerEventType.DELETE
|| eventType == HandlerEventType.MODIFY && !repositoryEvent.getItem().getNamespace().equals(repositoryEvent.getOldItem().getNamespace());
@@ -106,7 +133,7 @@ public class DefaultNamespaceManager implements NamespaceManager {
}
private Namespace createNamespaceForName(String namespace) {
if (NamespacePermissions.permissionRead().isPermitted()) {
if (NamespacePermissions.permissionRead().isPermitted(namespace)) {
return dao.get(namespace)
.map(Namespace::clone)
.orElse(new Namespace(namespace));

79
scm-webapp/src/main/java/sonia/scm/update/security/NamespacePermissionsUpdateStep.java Normal file
View File

@@ -0,0 +1,79 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.update.security;
import jakarta.inject.Inject;
import sonia.scm.migration.UpdateStep;
import sonia.scm.plugin.Extension;
import sonia.scm.security.AssignedPermission;
import sonia.scm.store.ConfigurationEntryStore;
import sonia.scm.store.ConfigurationEntryStoreFactory;
import sonia.scm.version.Version;
import java.util.HashSet;
@Extension
public class NamespacePermissionsUpdateStep implements UpdateStep {
private final ConfigurationEntryStoreFactory configurationEntryStoreFactory;
@Inject
public NamespacePermissionsUpdateStep(ConfigurationEntryStoreFactory configurationEntryStoreFactory) {
this.configurationEntryStoreFactory = configurationEntryStoreFactory;
}
@Override
public void doUpdate() throws Exception {
ConfigurationEntryStore<AssignedPermission> securityStore = createSecurityStore();
HashSet<String> toBeRemoved = new HashSet<>();
HashSet<AssignedPermission> toBeAdded = new HashSet<>();
securityStore.getAll().forEach((k, v) -> {
if (v.getPermission().getValue().equals("namespace:permissionRead")) {
toBeAdded.add(new AssignedPermission(v.getName(), v.isGroupPermission(), "namespace:permissionRead:*"));
toBeRemoved.add(k);
}
if (v.getPermission().getValue().equals("namespace:permissionRead,permissionWrite")) {
toBeAdded.add(new AssignedPermission(v.getName(), v.isGroupPermission(), "namespace:permissionRead,permissionWrite:*"));
toBeRemoved.add(k);
}
});
toBeAdded.forEach(securityStore::put);
toBeRemoved.forEach(securityStore::remove);
}
private ConfigurationEntryStore<AssignedPermission> createSecurityStore() {
return configurationEntryStoreFactory.withType(AssignedPermission.class).withName("security").build();
}
@Override
public Version getTargetVersion() {
return Version.parse("3.1.0");
}
@Override
public String getAffectedDataType() {
return "sonia.scm.security.xml";
}
}

4
scm-webapp/src/main/resources/META-INF/scm/permissions.xml
View File

@@ -53,10 +53,10 @@
<value>repository:read,export:*</value>
</permission>
<permission>
<value>namespace:permissionRead</value>
<value>namespace:permissionRead:*</value>
</permission>
<permission>
<value>namespace:permissionRead,permissionWrite</value>
<value>namespace:permissionRead,permissionWrite:*</value>
</permission>
<permission>
<value>user:*</value>

12
scm-webapp/src/main/resources/locales/de/plugins.json
View File

@@ -117,12 +117,16 @@
},
"namespace": {
"permissionRead": {
"displayName": "Berechtigungen auf Namespaces lesen",
"description": "Darf die Berechtigungen auf Namespace-Ebene sehen"
"*": {
"displayName": "Berechtigungen auf Namespaces lesen",
"description": "Darf die Berechtigungen auf Namespace-Ebene sehen"
}
},
"permissionRead,permissionWrite": {
"displayName": "Berechtigungen auf Namespaces modifizieren",
"description": "Darf die Berechtigungen auf Namespace-Ebene lesen und bearbeiten"
"*": {
"displayName": "Berechtigungen auf Namespaces modifizieren",
"description": "Darf die Berechtigungen auf Namespace-Ebene lesen und bearbeiten"
}
}
},
"metrics": {

12
scm-webapp/src/main/resources/locales/en/plugins.json
View File

@@ -117,12 +117,16 @@
},
"namespace": {
"permissionRead": {
"displayName": "Read permissions on namespaces",
"description": "May see the permissions set for namespaces"
"*": {
"displayName": "Read permissions on namespaces",
"description": "May see the permissions set for namespaces"
}
},
"permissionRead,permissionWrite": {
"displayName": "Modify permissions on namespaces",
"description": "May read and modify the permissions set for namespaces"
"*": {
"displayName": "Modify permissions on namespaces",
"description": "May read and modify the permissions set for namespaces"
}
}
},
"metrics": {

14
scm-webapp/src/test/java/sonia/scm/api/v2/resources/NamespaceRootResourceTest.java
View File

@@ -132,8 +132,8 @@ class NamespaceRootResourceTest {
@BeforeEach
void mockNoPermissions() {
lenient().when(subject.isPermitted(anyString())).thenReturn(false);
lenient().doThrow(AuthorizationException.class).when(subject).checkPermission("namespace:permissionRead");
lenient().doThrow(AuthorizationException.class).when(subject).checkPermission("namespace:permissionWrite");
lenient().doThrow(AuthorizationException.class).when(subject).checkPermission("namespace:permissionRead:space");
lenient().doThrow(AuthorizationException.class).when(subject).checkPermission("namespace:permissionWrite:space");
}
@Test
@@ -202,8 +202,8 @@ class NamespaceRootResourceTest {
@BeforeEach
void grantReadPermission() {
lenient().when(subject.isPermitted("namespace:permissionRead")).thenReturn(true);
lenient().when(subject.isPermitted("namespace:permissionWrite")).thenReturn(false);
lenient().when(subject.isPermitted("namespace:permissionRead:space")).thenReturn(true);
lenient().when(subject.isPermitted("namespace:permissionWrite:space")).thenReturn(false);
lenient().doThrow(AuthorizationException.class).when(subject).checkPermission("namespace:permissionWrite");
}
@@ -259,8 +259,10 @@ class NamespaceRootResourceTest {
@BeforeEach
void grantWritePermission() {
lenient().when(subject.isPermitted("namespace:permissionWrite")).thenReturn(true);
lenient().doNothing().when(subject).checkPermission("namespace:permissionWrite");
lenient().when(subject.isPermitted("namespace:permissionWrite:space")).thenReturn(true);
lenient().when(subject.isPermitted("namespace:permissionWrite:hitchhiker")).thenReturn(true);
lenient().doNothing().when(subject).checkPermission("namespace:permissionWrite:space");
lenient().doNothing().when(subject).checkPermission("namespace:permissionWrite:hitchhiker");
}
@Test

39
scm-webapp/src/test/java/sonia/scm/repository/DefaultNamespaceManagerTest.java
View File

@@ -39,16 +39,23 @@ import sonia.scm.HandlerEventType;
import sonia.scm.event.ScmEventBus;
import sonia.scm.store.InMemoryDataStore;
import sonia.scm.store.InMemoryDataStoreFactory;
import sonia.scm.web.security.AdministrationContext;
import sonia.scm.web.security.PrivilegedAction;
import java.util.Collection;
import java.util.Optional;
import java.util.function.Predicate;
import java.util.stream.Stream;
import static java.util.Arrays.asList;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.argThat;
import static org.mockito.Mockito.doAnswer;
import static org.mockito.Mockito.lenient;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import static sonia.scm.HandlerEventType.CREATE;
import static sonia.scm.HandlerEventType.DELETE;
import static sonia.scm.HandlerEventType.MODIFY;
@@ -61,6 +68,8 @@ class DefaultNamespaceManagerTest {
@Mock
ScmEventBus eventBus;
@Mock
AdministrationContext administrationContext;
@Mock
Subject subject;
Namespace life;
@@ -84,7 +93,7 @@ class DefaultNamespaceManagerTest {
universe = new Namespace("universe");
rest = new Namespace("rest");
manager = new DefaultNamespaceManager(repositoryManager, dao, eventBus);
manager = new DefaultNamespaceManager(repositoryManager, dao, eventBus, administrationContext);
}
@BeforeEach
@@ -108,7 +117,7 @@ class DefaultNamespaceManagerTest {
void shouldCleanUpPermissionWhenLastRepositoryOfNamespaceWasDeleted() {
when(repositoryManager.getAllNamespaces()).thenReturn(asList("universe", "rest"));
manager.cleanupDeletedNamespaces(new RepositoryEvent(DELETE, new Repository("1", "git", "life", "earth")));
manager.handleRepositoryEvent(new RepositoryEvent(DELETE, new Repository("1", "git", "life", "earth")));
assertThat(dao.get("life")).isEmpty();
}
@@ -117,7 +126,7 @@ class DefaultNamespaceManagerTest {
void shouldCleanUpPermissionWhenLastRepositoryOfNamespaceWasRenamed() {
when(repositoryManager.getAllNamespaces()).thenReturn(asList("universe", "rest", "highway"));
manager.cleanupDeletedNamespaces(
manager.handleRepositoryEvent(
new RepositoryModificationEvent(
MODIFY,
new Repository("1", "git", "highway", "earth"),
@@ -126,6 +135,26 @@ class DefaultNamespaceManagerTest {
assertThat(dao.get("life")).isEmpty();
}
@Test
void shouldCreateOwnerPermissionWhenFirstRepositoryOfNamespaceWasCreated() {
when(subject.getPrincipal()).thenReturn("trillian");
when(repositoryManager.getAllNamespaces()).thenReturn(asList("rest", "highway", "universe"));
when(repositoryManager.getAll(any()))
.thenAnswer(invocation -> Stream.of(new Repository("1", "git", "universe", "earth")).filter(invocation.getArgument(0, Predicate.class)).toList());
doAnswer(invocation -> {
invocation.getArgument(0, Runnable.class).run();
return null;
}).when(administrationContext).runAsAdmin(any(PrivilegedAction.class));
manager.handleRepositoryEvent(
new RepositoryModificationEvent(
CREATE,
new Repository("1", "git", "universe", "earth"),
null));
assertThat(dao.get("universe")).isNotEmpty();
assertThat(dao.get("universe").get().getPermissions()).extracting("name").contains("trillian");
}
@Nested
class WithPermissionToReadPermissions {
@@ -183,8 +212,8 @@ class DefaultNamespaceManagerTest {
@BeforeEach
void grantReadPermission() {
when(subject.isPermitted("namespace:permissionRead")).thenReturn(false);
lenient().doThrow(AuthorizationException.class).when(subject).checkPermission("namespace:permissionWrite");
when(subject.isPermitted("namespace:permissionRead:*")).thenReturn(false);
lenient().doThrow(AuthorizationException.class).when(subject).checkPermission("namespace:permissionWrite:*");
}
@Test

56
scm-webapp/src/test/java/sonia/scm/update/security/NamespacePermissionsUpdateStepTest.java Normal file
View File

@@ -0,0 +1,56 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.update.security;
import org.junit.jupiter.api.Test;
import sonia.scm.security.AssignedPermission;
import sonia.scm.store.ConfigurationEntryStore;
import sonia.scm.store.InMemoryByteConfigurationEntryStoreFactory;
import static org.assertj.core.api.Assertions.assertThat;
class NamespacePermissionsUpdateStepTest {
private final InMemoryByteConfigurationEntryStoreFactory entryStoreFactory = new InMemoryByteConfigurationEntryStoreFactory();
private final NamespacePermissionsUpdateStep updateStep = new NamespacePermissionsUpdateStep(entryStoreFactory);
@Test
void shouldUpdatePermissions() throws Exception {
ConfigurationEntryStore<AssignedPermission> securityStore = createSecurityStore();
securityStore.put(new AssignedPermission("trillian", false, "namespace:permissionRead"));
securityStore.put(new AssignedPermission("dent", true, "namespace:permissionRead,permissionWrite"));
updateStep.doUpdate();
assertThat(securityStore.getAll().values())
.hasSize(2)
.contains(new AssignedPermission("trillian", false, "namespace:permissionRead:*"))
.contains(new AssignedPermission("dent", true, "namespace:permissionRead,permissionWrite:*"));
}
private ConfigurationEntryStore<AssignedPermission> createSecurityStore() {
return entryStoreFactory.withType(AssignedPermission.class).withName("security").build();
}
}