Use PermissionDescriptor instead of String

scm-webapp/src/test/java/sonia/scm/security/DefaultAuthorizationCollectorTest.java

@@ -33,7 +33,6 @@ package sonia.scm.security;
 
 import com.github.sdorra.shiro.ShiroRule;
 import com.github.sdorra.shiro.SubjectAware;
-import com.google.common.base.Predicate;
 import com.google.common.collect.Lists;
 import org.apache.shiro.authz.AuthorizationInfo;
 import org.apache.shiro.authz.SimpleAuthorizationInfo;
@@ -219,7 +218,7 @@ public class DefaultAuthorizationCollectorTest {
 
     StoredAssignedPermission p1 = new StoredAssignedPermission("one", new AssignedPermission("one", "one:one"));
     StoredAssignedPermission p2 = new StoredAssignedPermission("two", new AssignedPermission("two", "two:two"));
-    when(securitySystem.getPermissions(Mockito.any(Predicate.class))).thenReturn(Lists.newArrayList(p1, p2));
+    when(securitySystem.getPermissions(any())).thenReturn(Lists.newArrayList(p1, p2));
 
     // execute and assert
     AuthorizationInfo authInfo = collector.collect();
@@ -246,7 +245,7 @@ public class DefaultAuthorizationCollectorTest {
     verify(cache).clear();
 
     collector.invalidateCache(AuthorizationChangedEvent.createForUser("dent"));
-    verify(cache).removeAll(Mockito.any(Predicate.class));
+    verify(cache).removeAll(any());
   }
 
 }

scm-webapp/src/test/java/sonia/scm/security/DefaultSecuritySystemTest.java

@@ -95,7 +95,7 @@ public class DefaultSecuritySystemTest extends AbstractTestBase
     AssignedPermission sap = createPermission("trillian", false, "repository:*:READ");
 
     assertEquals("trillian", sap.getName());
-    assertEquals("repository:*:READ", sap.getPermission());
+    assertEquals("repository:*:READ", sap.getPermission().getValue());
     assertEquals(false, sap.isGroupPermission());
   }
 
@@ -256,7 +256,7 @@ public class DefaultSecuritySystemTest extends AbstractTestBase
 
     return securitySystem.getPermissions(permission -> Objects.equal(name, permission.getName())
       && Objects.equal(groupPermission, permission.isGroupPermission())
-      && Objects.equal(value, permission.getPermission())).stream().findAny().orElseThrow(() -> new AssertionError("created permission not found"));
+      && Objects.equal(value, permission.getPermission().getValue())).stream().findAny().orElseThrow(() -> new AssertionError("created permission not found"));
   }
 
   //~--- set methods ----------------------------------------------------------

scm-webapp/src/test/java/sonia/scm/security/PermissionAssignerTest.java

@@ -0,0 +1,57 @@
+package sonia.scm.security;
+
+import com.github.sdorra.shiro.ShiroRule;
+import com.github.sdorra.shiro.SubjectAware;
+import org.assertj.core.api.Assertions;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import sonia.scm.plugin.PluginLoader;
+import sonia.scm.store.InMemoryConfigurationEntryStoreFactory;
+import sonia.scm.util.ClassLoaders;
+
+import java.util.Collection;
+
+import static java.util.Arrays.asList;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+@SubjectAware(configuration = "classpath:sonia/scm/shiro-001.ini", username = "dent", password = "secret")
+public class PermissionAssignerTest {
+
+  @Rule
+  public ShiroRule shiroRule = new ShiroRule();
+
+  private DefaultSecuritySystem securitySystem;
+  private PermissionAssigner permissionAssigner;
+
+  @Before
+  public void init() {
+    PluginLoader pluginLoader = mock(PluginLoader.class);
+    when(pluginLoader.getUberClassLoader()).thenReturn(ClassLoaders.getContextClassLoader(DefaultSecuritySystem.class));
+
+    securitySystem = new DefaultSecuritySystem(new InMemoryConfigurationEntryStoreFactory(), pluginLoader);
+
+    securitySystem.addPermission(new AssignedPermission("1", "perm:read:1"));
+    securitySystem.addPermission(new AssignedPermission("1", "perm:read:2"));
+    securitySystem.addPermission(new AssignedPermission("2", "perm:read:2"));
+    securitySystem.addPermission(new AssignedPermission("1", true, "perm:read:2"));
+    permissionAssigner = new PermissionAssigner(securitySystem);
+  }
+
+  @Test
+  public void shouldFindUserPermissions() {
+    Collection<PermissionDescriptor> permissionDescriptors = permissionAssigner.readPermissionsForUser("1");
+
+    Assertions.assertThat(permissionDescriptors).hasSize(2);
+  }
+
+  @Test
+  public void shouldOverwriteUserPermissions() {
+    permissionAssigner.setPermissionsForUser("2", asList(new PermissionDescriptor("perm:read:3"), new PermissionDescriptor("perm:read:4")));
+
+    Collection<PermissionDescriptor> permissionDescriptors = permissionAssigner.readPermissionsForUser("2");
+
+    Assertions.assertThat(permissionDescriptors).hasSize(2);
+  }
+}