Move repository permissions to separate endpoint

scm-webapp/src/main/java/sonia/scm/api/v2/resources/PermissionCollectionResource.java

@@ -0,0 +1,18 @@
+package sonia.scm.api.v2.resources;
+
+import javax.ws.rs.DefaultValue;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Response;
+
+public class PermissionCollectionResource {
+  @GET
+  @Path("")
+  public Response getAll(@DefaultValue("0") @QueryParam("page") int page,
+    @DefaultValue("10") @QueryParam("pageSize") int pageSize,
+    @QueryParam("sortBy") String sortBy,
+    @DefaultValue("false") @QueryParam("desc") boolean desc) {
+    throw new UnsupportedOperationException();
+  }
+}

scm-webapp/src/main/java/sonia/scm/api/v2/resources/PermissionRootResource.java

@@ -0,0 +1,20 @@
+package sonia.scm.api.v2.resources;
+
+import javax.inject.Inject;
+import javax.inject.Provider;
+import javax.ws.rs.Path;
+
+public class PermissionRootResource {
+
+  private final Provider<PermissionCollectionResource> permissionCollectionResource;
+
+  @Inject
+  public PermissionRootResource(Provider<PermissionCollectionResource> permissionCollectionResource) {
+    this.permissionCollectionResource = permissionCollectionResource;
+  }
+
+  @Path("")
+  public PermissionCollectionResource getPermissionCollectionResource() {
+    return permissionCollectionResource.get();
+  }
+}

scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryDto.java

@@ -6,7 +6,6 @@ import de.otto.edison.hal.Links;
 import lombok.Getter;
 import lombok.Setter;
 
-import javax.xml.bind.annotation.XmlElement;
 import java.time.Instant;
 import java.util.List;
 
@@ -21,9 +20,6 @@ public class RepositoryDto extends HalRepresentation {
   private Instant lastModified;
   private String namespace;
   private String name;
-  private List<PermissionDto> permissions;
-  @XmlElement(name = "public")
-  private boolean publicReadable = false;
   private boolean archived = false;
   private String type;
 

scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryResource.java

@@ -28,6 +28,7 @@ public class RepositoryResource {
   private final Provider<BranchRootResource> branchRootResource;
   private final Provider<ChangesetRootResource> changesetRootResource;
   private final Provider<SourceRootResource> sourceRootResource;
+  private final Provider<PermissionRootResource> permissionRootResource;
 
   @Inject
   public RepositoryResource(
@@ -36,7 +37,7 @@ public class RepositoryResource {
     Provider<TagRootResource> tagRootResource,
     Provider<BranchRootResource> branchRootResource,
     Provider<ChangesetRootResource> changesetRootResource,
-    Provider<SourceRootResource> sourceRootResource) {
+    Provider<SourceRootResource> sourceRootResource, Provider<PermissionRootResource> permissionRootResource) {
     this.manager = manager;
     this.repositoryToDtoMapper = repositoryToDtoMapper;
     this.adapter = new SingleResourceManagerAdapter<>(manager);
@@ -44,6 +45,7 @@ public class RepositoryResource {
     this.branchRootResource = branchRootResource;
     this.changesetRootResource = changesetRootResource;
     this.sourceRootResource = sourceRootResource;
+    this.permissionRootResource = permissionRootResource;
   }
 
   @GET
@@ -92,4 +94,9 @@ public class RepositoryResource {
   public SourceRootResource sources() {
     return sourceRootResource.get();
   }
+
+  @Path("permissions/")
+  public PermissionRootResource permissions() {
+    return permissionRootResource.get();
+  }
 }

scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryToRepositoryDtoMapper.java

@@ -6,7 +6,6 @@ import org.mapstruct.AfterMapping;
 import org.mapstruct.Mapper;
 import org.mapstruct.MappingTarget;
 import sonia.scm.repository.HealthCheckFailure;
-import sonia.scm.repository.Permission;
 import sonia.scm.repository.Repository;
 import sonia.scm.repository.RepositoryPermissions;
 
@@ -23,8 +22,6 @@ public abstract class RepositoryToRepositoryDtoMapper extends BaseMapper<Reposit
 
   abstract HealthCheckFailureDto toDto(HealthCheckFailure failure);
 
-  abstract PermissionDto toDto(Permission permission);
-
   @AfterMapping
   void appendLinks(Repository repository, @MappingTarget RepositoryDto target) {
     Links.Builder linksBuilder = linkingTo().self(resourceLinks.repository().self(target.getNamespace(), target.getName()));
@@ -33,6 +30,7 @@ public abstract class RepositoryToRepositoryDtoMapper extends BaseMapper<Reposit
     }
     if (RepositoryPermissions.modify(repository).isPermitted()) {
       linksBuilder.single(link("update", resourceLinks.repository().update(target.getNamespace(), target.getName())));
+      linksBuilder.single(link("permissions", resourceLinks.permissionCollection().self(target.getNamespace(), target.getName())));
     }
     linksBuilder.single(link("tags", resourceLinks.tagCollection().self(target.getNamespace(), target.getName())));
     linksBuilder.single(link("branches", resourceLinks.branchCollection().self(target.getNamespace(), target.getName())));

scm-webapp/src/main/java/sonia/scm/api/v2/resources/ResourceLinks.java

@@ -188,4 +188,20 @@ class ResourceLinks {
       return sourceLinkBuilder.method("getRepositoryResource").parameters(namespace, name).method("sources").parameters().method("getSourceCollectionResource").parameters().method("getAll").parameters().href();
     }
   }
+
+  public PermissionCollectionLinks permissionCollection() {
+    return new PermissionCollectionLinks(uriInfoStore.get());
+  }
+
+  static class PermissionCollectionLinks {
+    private final LinkBuilder permissionLinkBuilder;
+
+    PermissionCollectionLinks(UriInfo uriInfo) {
+      permissionLinkBuilder = new LinkBuilder(uriInfo, RepositoryRootResource.class, RepositoryResource.class, PermissionRootResource.class, PermissionCollectionResource.class);
+    }
+
+    String self(String namespace, String name) {
+      return permissionLinkBuilder.method("getRepositoryResource").parameters(namespace, name).method("permissions").parameters().method("getPermissionCollectionResource").parameters().method("getAll").parameters().href();
+    }
+  }
 }

scm-webapp/src/test/java/sonia/scm/api/v2/resources/RepositoryRootResourceTest.java

@@ -48,7 +48,7 @@ public class RepositoryRootResourceTest {
   @Before
   public void prepareEnvironment() {
     initMocks(this);
-    RepositoryResource repositoryResource = new RepositoryResource(repositoryToDtoMapper, repositoryManager, null, null, null, null);
+    RepositoryResource repositoryResource = new RepositoryResource(repositoryToDtoMapper, repositoryManager, null, null, null, null, null);
     RepositoryRootResource repositoryRootResource = new RepositoryRootResource(MockProvider.of(repositoryResource));
     dispatcher.getRegistry().addSingletonResource(repositoryRootResource);
   }

scm-webapp/src/test/java/sonia/scm/api/v2/resources/RepositoryToRepositoryDtoMapperTest.java

@@ -1,11 +1,11 @@
 package sonia.scm.api.v2.resources;
 
-import org.apache.shiro.subject.Subject;
+import com.github.sdorra.shiro.ShiroRule;
-import org.apache.shiro.subject.support.SubjectThreadState;
+import com.github.sdorra.shiro.SubjectAware;
 import org.apache.shiro.util.ThreadContext;
-import org.apache.shiro.util.ThreadState;
 import org.junit.After;
 import org.junit.Before;
+import org.junit.Rule;
 import org.junit.Test;
 import org.mockito.InjectMocks;
 import sonia.scm.repository.HealthCheckFailure;
@@ -18,29 +18,27 @@ import java.net.URI;
 import static java.util.Arrays.asList;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 import static org.mockito.MockitoAnnotations.initMocks;
 
+@SubjectAware(
+  username = "trillian",
+  password = "secret",
+  configuration = "classpath:sonia/scm/repository/shiro.ini"
+)
 public class RepositoryToRepositoryDtoMapperTest {
 
+  @Rule
+  public final ShiroRule rule = new ShiroRule();
+
   private final URI baseUri = URI.create("http://example.com/base/");
   private final ResourceLinks resourceLinks = ResourceLinksMock.createMock(baseUri);
 
   @InjectMocks
   private RepositoryToRepositoryDtoMapperImpl mapper;
 
-  private final Subject subject = mock(Subject.class);
-  private final ThreadState subjectThreadState = new SubjectThreadState(subject);
-
-  private URI expectedBaseUri;
-
   @Before
   public void init() {
     initMocks(this);
-    expectedBaseUri = baseUri.resolve(RepositoryRootResource.REPOSITORIES_PATH_V2 + "/");
-    subjectThreadState.bind();
-    ThreadContext.bind(subject);
   }
 
   @After
@@ -59,6 +57,7 @@ public class RepositoryToRepositoryDtoMapperTest {
   }
 
   @Test
+  @SubjectAware(username = "unpriv")
   public void shouldCreateLinksForUnprivilegedUser() {
     RepositoryDto dto = mapper.map(createTestRepository());
     assertEquals(
@@ -66,11 +65,11 @@ public class RepositoryToRepositoryDtoMapperTest {
       dto.getLinks().getLinkBy("self").get().getHref());
     assertFalse(dto.getLinks().getLinkBy("update").isPresent());
     assertFalse(dto.getLinks().getLinkBy("delete").isPresent());
+    assertFalse(dto.getLinks().getLinkBy("permissions").isPresent());
   }
 
   @Test
   public void shouldCreateDeleteLink() {
-    when(subject.isPermitted("repository:delete:1")).thenReturn(true);
     RepositoryDto dto = mapper.map(createTestRepository());
     assertEquals(
       "http://example.com/base/v2/repositories/testspace/test",
@@ -79,7 +78,6 @@ public class RepositoryToRepositoryDtoMapperTest {
 
   @Test
   public void shouldCreateUpdateLink() {
-    when(subject.isPermitted("repository:modify:1")).thenReturn(true);
     RepositoryDto dto = mapper.map(createTestRepository());
     assertEquals(
       "http://example.com/base/v2/repositories/testspace/test",
@@ -93,14 +91,6 @@ public class RepositoryToRepositoryDtoMapperTest {
     assertEquals("summary", dto.getHealthCheckFailures().get(0).getSummary());
   }
 
-  @Test
-  public void shouldMapPermissions() {
-    RepositoryDto dto = mapper.map(createTestRepository());
-    assertEquals(1, dto.getPermissions().size());
-    assertEquals("permission", dto.getPermissions().get(0).getName());
-    assertEquals("READ", dto.getPermissions().get(0).getType());
-  }
-
   @Test
   public void shouldCreateTagsLink() {
     RepositoryDto dto = mapper.map(createTestRepository());
@@ -133,6 +123,14 @@ public class RepositoryToRepositoryDtoMapperTest {
       dto.getLinks().getLinkBy("sources").get().getHref());
   }
 
+  @Test
+  public void shouldCreatePermissionsLink() {
+    RepositoryDto dto = mapper.map(createTestRepository());
+    assertEquals(
+      "http://example.com/base/v2/repositories/testspace/test/permissions/",
+      dto.getLinks().getLinkBy("permissions").get().getHref());
+  }
+
   private Repository createTestRepository() {
     Repository repository = new Repository();
     repository.setNamespace("testspace");

scm-webapp/src/test/java/sonia/scm/api/v2/resources/ResourceLinksMock.java

@@ -22,6 +22,7 @@ public class ResourceLinksMock {
     when(resourceLinks.branchCollection()).thenReturn(new ResourceLinks.BranchCollectionLinks(uriInfo));
     when(resourceLinks.changesetCollection()).thenReturn(new ResourceLinks.ChangesetCollectionLinks(uriInfo));
     when(resourceLinks.sourceCollection()).thenReturn(new ResourceLinks.SourceCollectionLinks(uriInfo));
+    when(resourceLinks.permissionCollection()).thenReturn(new ResourceLinks.PermissionCollectionLinks(uriInfo));
     return resourceLinks;
   }
 }

scm-webapp/src/test/java/sonia/scm/api/v2/resources/ResourceLinksTest.java

@@ -126,6 +126,12 @@ public class ResourceLinksTest {
     assertEquals(BASE_URL + RepositoryRootResource.REPOSITORIES_PATH_V2 + "space/repo/sources/", url);
   }
 
+  @Test
+  public void shouldCreateCorrectPermissionCollectionUrl() {
+    String url = resourceLinks.sourceCollection().self("space", "repo");
+    assertEquals(BASE_URL + RepositoryRootResource.REPOSITORIES_PATH_V2 + "space/repo/sources/", url);
+  }
+
   @Before
   public void initUriInfo() {
     initMocks(this);