Use PermissionDescriptor instead of String

scm-webapp/src/main/java/sonia/scm/security/DefaultAuthorizationCollector.java

@@ -180,7 +180,7 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
 
     for (AssignedPermission gp : globalPermissions)
     {
-      String permission = gp.getPermission();
+      String permission = gp.getPermission().getValue();
 
       logger.trace("add permission {} for user {}", permission, user.getName());
       builder.add(permission);

scm-webapp/src/main/java/sonia/scm/security/DefaultSecuritySystem.java

@@ -39,11 +39,10 @@ import com.github.legman.Subscribe;
 import com.google.common.base.Objects;
 import com.google.common.base.Preconditions;
 import com.google.common.base.Strings;
-import com.google.common.collect.ImmutableSet.Builder;
 import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.ImmutableSet.Builder;
 import com.google.inject.Inject;
 import com.google.inject.Singleton;
-import org.apache.shiro.SecurityUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import sonia.scm.HandlerEventType;
@@ -68,6 +67,9 @@ import java.util.Enumeration;
 import java.util.List;
 import java.util.Map.Entry;
 import java.util.function.Predicate;
+import java.util.stream.Collectors;
+
+import static java.util.Objects.isNull;
 
 //~--- JDK imports ------------------------------------------------------------
 
@@ -251,14 +253,13 @@ public class DefaultSecuritySystem implements SecuritySystem
    */
   private boolean deletePermissions(Predicate<AssignedPermission> predicate)
   {
-    boolean found = false;
-    for (Entry<String, AssignedPermission> e : store.getAll().entrySet()) {
-      if ((predicate == null) || predicate.test(e.getValue())) {
-        store.remove(e.getKey());
-        found = true;
-      }
-    }
-    return found;
+    List<Entry<String, AssignedPermission>> toRemove =
+      store.getAll()
+        .entrySet()
+        .stream()
+        .filter(e -> (predicate == null) || predicate.test(e.getValue())).collect(Collectors.toList());
+    toRemove.forEach(e -> store.remove(e.getKey()));
+    return !toRemove.isEmpty();
   }
 
   /**
@@ -346,7 +347,7 @@ public class DefaultSecuritySystem implements SecuritySystem
   {
     Preconditions.checkArgument(!Strings.isNullOrEmpty(perm.getName()),
       "name is required");
-    Preconditions.checkArgument(!Strings.isNullOrEmpty(perm.getPermission()),
+    Preconditions.checkArgument(!isNull(perm.getPermission()),
       "permission is required");
   }
 

scm-webapp/src/main/java/sonia/scm/security/PermissionAssigner.java

@@ -0,0 +1,35 @@
+package sonia.scm.security;
+
+import java.util.Collection;
+import java.util.List;
+import java.util.stream.Collectors;
+
+public class PermissionAssigner {
+
+  private final SecuritySystem securitySystem;
+
+  public PermissionAssigner(SecuritySystem securitySystem) {
+    this.securitySystem = securitySystem;
+  }
+
+  public Collection<PermissionDescriptor> getAvailablePermissions() {
+    return securitySystem.getAvailablePermissions();
+  }
+
+  public Collection<PermissionDescriptor> readPermissionsForUser(String id) {
+    return securitySystem.getPermissions(p -> !p.isGroupPermission() && p.getName().equals(id)).stream().map(AssignedPermission::getPermission).collect(Collectors.toSet());
+  }
+
+  public void setPermissionsForUser(String id, Collection<PermissionDescriptor> permissions) {
+    Collection<AssignedPermission> existingPermissions = securitySystem.getPermissions(p -> !p.isGroupPermission() && p.getName().equals(id));
+    List<AssignedPermission> toRemove = existingPermissions.stream()
+      .filter(p -> !permissions.contains(p.getPermission()))
+      .collect(Collectors.toList());
+    toRemove.forEach(securitySystem::deletePermission);
+
+    permissions.stream()
+      .map(p -> new AssignedPermission(id, false, p))
+      .filter(p -> !existingPermissions.contains(p))
+      .forEach(securitySystem::addPermission);
+  }
+}