mirror of
https://github.com/scm-manager/scm-manager.git
synced 2025-11-15 17:56:17 +01:00
Use PermissionDescriptor instead of String
This commit is contained in:
René Pfeuffer
@@ -86,15 +86,15 @@ public class GlobalPermissionPocResource {
|
||||
@Path("")
|
||||
public Response getAll() {
|
||||
String[] permissions = securitySystem.getAvailablePermissions().stream().map(PermissionDescriptor::getValue).toArray(String[]::new);
|
||||
return Response.ok(new PerminssionListDto(permissions)).build();
|
||||
return Response.ok(new PermissionListDto(permissions)).build();
|
||||
}
|
||||
|
||||
protected void assignExemplaryPermissions() {
|
||||
AssignedPermission groupPermission = new AssignedPermission("configurers", true,"configuration:*");
|
||||
AssignedPermission groupPermission = new AssignedPermission("configurers", true, new PermissionDescriptor("configuration:*"));
|
||||
log.info("try to add new permission: {}", groupPermission);
|
||||
securitySystem.addPermission(groupPermission);
|
||||
|
||||
AssignedPermission userPermission = new AssignedPermission("rene", "group:*");
|
||||
AssignedPermission userPermission = new AssignedPermission("rene", new PermissionDescriptor("group:*"));
|
||||
log.info("try to add new permission: {}", userPermission);
|
||||
securitySystem.addPermission(userPermission);
|
||||
}
|
||||
|
||||
@@ -9,7 +9,7 @@ import lombok.Setter;
|
||||
@Setter
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
public class PerminssionListDto {
|
||||
public class PermissionListDto {
|
||||
|
||||
private String[] permissions;
|
||||
}
|
||||
@@ -5,6 +5,7 @@ import com.webcohesion.enunciate.metadata.rs.StatusCodes;
|
||||
import com.webcohesion.enunciate.metadata.rs.TypeHint;
|
||||
import org.apache.shiro.authc.credential.PasswordService;
|
||||
import sonia.scm.security.AssignedPermission;
|
||||
import sonia.scm.security.PermissionDescriptor;
|
||||
import sonia.scm.security.SecuritySystem;
|
||||
import sonia.scm.user.User;
|
||||
import sonia.scm.user.UserManager;
|
||||
@@ -153,7 +154,34 @@ public class UserResource {
|
||||
@ResponseCode(code = 500, condition = "internal server error")
|
||||
})
|
||||
public Response getPermissions(@PathParam("id") String id) {
|
||||
String[] permissions = securitySystem.getPermissions(p -> !p.isGroupPermission() && p.getName().equals(id)).stream().map(AssignedPermission::getPermission).toArray(String[]::new);
|
||||
return Response.ok(new PerminssionListDto(permissions)).build();
|
||||
String[] permissions =
|
||||
securitySystem.getPermissions(p -> !p.isGroupPermission() && p.getName().equals(id))
|
||||
.stream()
|
||||
.map(AssignedPermission::getPermission)
|
||||
.map(PermissionDescriptor::getValue)
|
||||
.toArray(String[]::new);
|
||||
return Response.ok(new PermissionListDto(permissions)).build();
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets permissions for a user. Overwrites all existing permissions.
|
||||
*
|
||||
* @param id id of the user to be modified
|
||||
* @param newPermissions New list of permissions for the user
|
||||
*/
|
||||
@PUT
|
||||
@Path("permissions")
|
||||
@Consumes(VndMediaType.PASSWORD_OVERWRITE)
|
||||
@StatusCodes({
|
||||
@ResponseCode(code = 204, condition = "update success"),
|
||||
@ResponseCode(code = 400, condition = "Invalid body"),
|
||||
@ResponseCode(code = 401, condition = "not authenticated / invalid credentials"),
|
||||
@ResponseCode(code = 403, condition = "not authorized, the current user does not have the correct privilege"),
|
||||
@ResponseCode(code = 404, condition = "not found, no user with the specified id/name available"),
|
||||
@ResponseCode(code = 500, condition = "internal server error")
|
||||
})
|
||||
@TypeHint(TypeHint.NO_CONTENT.class)
|
||||
public Response overwritePermissions(@PathParam("id") String id, PermissionListDto newPermissions) {
|
||||
return Response.noContent().build();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -180,7 +180,7 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
|
||||
|
||||
for (AssignedPermission gp : globalPermissions)
|
||||
{
|
||||
String permission = gp.getPermission();
|
||||
String permission = gp.getPermission().getValue();
|
||||
|
||||
logger.trace("add permission {} for user {}", permission, user.getName());
|
||||
builder.add(permission);
|
||||
|
||||
@@ -39,11 +39,10 @@ import com.github.legman.Subscribe;
|
||||
import com.google.common.base.Objects;
|
||||
import com.google.common.base.Preconditions;
|
||||
import com.google.common.base.Strings;
|
||||
import com.google.common.collect.ImmutableSet.Builder;
|
||||
import com.google.common.collect.ImmutableSet;
|
||||
import com.google.common.collect.ImmutableSet.Builder;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Singleton;
|
||||
import org.apache.shiro.SecurityUtils;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import sonia.scm.HandlerEventType;
|
||||
@@ -68,6 +67,9 @@ import java.util.Enumeration;
|
||||
import java.util.List;
|
||||
import java.util.Map.Entry;
|
||||
import java.util.function.Predicate;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import static java.util.Objects.isNull;
|
||||
|
||||
//~--- JDK imports ------------------------------------------------------------
|
||||
|
||||
@@ -251,14 +253,13 @@ public class DefaultSecuritySystem implements SecuritySystem
|
||||
*/
|
||||
private boolean deletePermissions(Predicate<AssignedPermission> predicate)
|
||||
{
|
||||
boolean found = false;
|
||||
for (Entry<String, AssignedPermission> e : store.getAll().entrySet()) {
|
||||
if ((predicate == null) || predicate.test(e.getValue())) {
|
||||
store.remove(e.getKey());
|
||||
found = true;
|
||||
}
|
||||
}
|
||||
return found;
|
||||
List<Entry<String, AssignedPermission>> toRemove =
|
||||
store.getAll()
|
||||
.entrySet()
|
||||
.stream()
|
||||
.filter(e -> (predicate == null) || predicate.test(e.getValue())).collect(Collectors.toList());
|
||||
toRemove.forEach(e -> store.remove(e.getKey()));
|
||||
return !toRemove.isEmpty();
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -346,7 +347,7 @@ public class DefaultSecuritySystem implements SecuritySystem
|
||||
{
|
||||
Preconditions.checkArgument(!Strings.isNullOrEmpty(perm.getName()),
|
||||
"name is required");
|
||||
Preconditions.checkArgument(!Strings.isNullOrEmpty(perm.getPermission()),
|
||||
Preconditions.checkArgument(!isNull(perm.getPermission()),
|
||||
"permission is required");
|
||||
}
|
||||
|
||||
|
||||
@@ -0,0 +1,35 @@
|
||||
package sonia.scm.security;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
public class PermissionAssigner {
|
||||
|
||||
private final SecuritySystem securitySystem;
|
||||
|
||||
public PermissionAssigner(SecuritySystem securitySystem) {
|
||||
this.securitySystem = securitySystem;
|
||||
}
|
||||
|
||||
public Collection<PermissionDescriptor> getAvailablePermissions() {
|
||||
return securitySystem.getAvailablePermissions();
|
||||
}
|
||||
|
||||
public Collection<PermissionDescriptor> readPermissionsForUser(String id) {
|
||||
return securitySystem.getPermissions(p -> !p.isGroupPermission() && p.getName().equals(id)).stream().map(AssignedPermission::getPermission).collect(Collectors.toSet());
|
||||
}
|
||||
|
||||
public void setPermissionsForUser(String id, Collection<PermissionDescriptor> permissions) {
|
||||
Collection<AssignedPermission> existingPermissions = securitySystem.getPermissions(p -> !p.isGroupPermission() && p.getName().equals(id));
|
||||
List<AssignedPermission> toRemove = existingPermissions.stream()
|
||||
.filter(p -> !permissions.contains(p.getPermission()))
|
||||
.collect(Collectors.toList());
|
||||
toRemove.forEach(securitySystem::deletePermission);
|
||||
|
||||
permissions.stream()
|
||||
.map(p -> new AssignedPermission(id, false, p))
|
||||
.filter(p -> !existingPermissions.contains(p))
|
||||
.forEach(securitySystem::addPermission);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user