Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-13 00:45:44 +01:00
Code Issues Packages Projects Releases Activity

Fix documentation and permission check

Browse Source
This commit is contained in:
René Pfeuffer
2018-06-25 12:45:16 +02:00
parent 9d250920f2
commit 9d03a52ea0
2 changed files with 12 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
scm-webapp/src/main/java/sonia/scm/api/v2/resources/GroupResource.java
View File

@@ -1,11 +1,12 @@
package sonia.scm.api.v2.resources; package sonia.scm.api.v2.resources;
import org.apache.shiro.SecurityUtils; import com.webcohesion.enunciate.metadata.rs.ResponseCode;
import com.webcohesion.enunciate.metadata.rs.StatusCodes;
import com.webcohesion.enunciate.metadata.rs.TypeHint;
import sonia.scm.api.rest.resources.AbstractManagerResource; import sonia.scm.api.rest.resources.AbstractManagerResource;
import sonia.scm.group.Group; import sonia.scm.group.Group;
import sonia.scm.group.GroupException; import sonia.scm.group.GroupException;
import sonia.scm.group.GroupManager; import sonia.scm.group.GroupManager;
import sonia.scm.security.Role;
import sonia.scm.web.VndMediaType; import sonia.scm.web.VndMediaType;
import javax.inject.Inject; import javax.inject.Inject;
@@ -35,21 +36,18 @@ public class GroupResource extends AbstractManagerResource<Group, GroupException
@Path("") @Path("")
@GET @GET
@TypeHint(GroupDto.class)
@StatusCodes({
@ResponseCode(code = 200, condition = "success"),
@ResponseCode(code = 403, condition = "forbidden, the current user has no privileges to read the group"),
@ResponseCode(code = 404, condition = "not found, no group with the specified id/name available"),
@ResponseCode(code = 500, condition = "internal server error")
})
public Response get(@Context Request request, @Context UriInfo uriInfo, @PathParam("id") String id) { public Response get(@Context Request request, @Context UriInfo uriInfo, @PathParam("id") String id) {
if (SecurityUtils.getSubject().hasRole(Role.ADMIN))
{
Group group = manager.get(id); Group group = manager.get(id);
if (group == null) {
return Response.status(Response.Status.NOT_FOUND).build();
}
GroupDto groupDto = groupToGroupDtoMapper.map(group); GroupDto groupDto = groupToGroupDtoMapper.map(group);
return Response.ok(groupDto).build(); return Response.ok(groupDto).build();
} }
else
{
return Response.status(Response.Status.FORBIDDEN).build();
}
}
@Path("") @Path("")
@DELETE @DELETE

4
scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserResource.java
View File

@@ -41,8 +41,8 @@ public class UserResource extends AbstractManagerResource<User, UserException> {
@TypeHint(UserDto.class) @TypeHint(UserDto.class)
@StatusCodes({ @StatusCodes({
@ResponseCode(code = 200, condition = "success"), @ResponseCode(code = 200, condition = "success"),
@ResponseCode(code = 403, condition = "forbidden, the current user has no admin privileges"), @ResponseCode(code = 403, condition = "forbidden, the current user has no privileges to read the user"),
@ResponseCode(code = 404, condition = "not found, no group with the specified id/name available"), @ResponseCode(code = 404, condition = "not found, no user with the specified id/name available"),
@ResponseCode(code = 500, condition = "internal server error") @ResponseCode(code = 500, condition = "internal server error")
}) })
public Response get(@Context Request request, @Context UriInfo uriInfo, @PathParam("id") String id) { public Response get(@Context Request request, @Context UriInfo uriInfo, @PathParam("id") String id) {