changes for issue '#2 Support applying permissions to groups as well as users'

2025-11-07 22:15:45 +01:00 · 2011-01-07 18:15:11 +01:00
parent 426f3fe525
commit adf7fae446
9 changed files with 239 additions and 8 deletions
--- a/scm-core/src/main/java/sonia/scm/group/Group.java
+++ b/scm-core/src/main/java/sonia/scm/group/Group.java
@@ -377,6 +377,19 @@ public class Group
    return type;
  }

+  /**
+   * Method description
+   *
+   *
+   * @param member
+   *
+   * @return
+   */
+  public boolean isMember(String member)
+  {
+    return (members != null) && members.contains(member);
+  }
+
  /**
   * Method description
   *
--- a/scm-core/src/main/java/sonia/scm/group/GroupManager.java
+++ b/scm-core/src/main/java/sonia/scm/group/GroupManager.java
@@ -38,10 +38,25 @@ package sonia.scm.group;
 import sonia.scm.ListenerSupport;
 import sonia.scm.Manager;

+//~--- JDK imports ------------------------------------------------------------
+
+import java.util.Collection;
+
 /**
 *
 * @author Sebastian Sdorra
 */
 public interface GroupManager
-        extends Manager<Group, GroupException>,
-                ListenerSupport<GroupListener> {}
+        extends Manager<Group, GroupException>, ListenerSupport<GroupListener>
+{
+
+  /**
+   * Method description
+   *
+   *
+   * @param member
+   *
+   * @return
+   */
+  public Collection<Group> getGroupsForMember(String member);
+}
--- a/scm-core/src/main/java/sonia/scm/repository/Permission.java
+++ b/scm-core/src/main/java/sonia/scm/repository/Permission.java
@@ -85,6 +85,21 @@ public class Permission implements Serializable
    this.type = type;
  }

+  /**
+   * Constructs ...
+   *
+   *
+   * @param name
+   * @param groupPermission
+   * @param type
+   */
+  public Permission(String name, boolean groupPermission, PermissionType type)
+  {
+    this.name = name;
+    this.groupPermission = groupPermission;
+    this.type = type;
+  }
+
  //~--- get methods ----------------------------------------------------------

  /**
@@ -109,8 +124,30 @@ public class Permission implements Serializable
    return type;
  }

+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  public boolean isGroupPermission()
+  {
+    return groupPermission;
+  }
+
  //~--- set methods ----------------------------------------------------------

+  /**
+   * Method description
+   *
+   *
+   * @param groupPermission
+   */
+  public void setGroupPermission(boolean groupPermission)
+  {
+    this.groupPermission = groupPermission;
+  }
+
  /**
   * Method description
   *
@@ -135,6 +172,9 @@ public class Permission implements Serializable

  //~--- fields ---------------------------------------------------------------

+  /** Field description */
+  private boolean groupPermission = false;
+
  /** Field description */
  private String name;

--- a/scm-core/src/main/java/sonia/scm/repository/PermissionUtil.java
+++ b/scm-core/src/main/java/sonia/scm/repository/PermissionUtil.java
@@ -43,6 +43,7 @@ import sonia.scm.web.security.WebSecurityContext;

 //~--- JDK imports ------------------------------------------------------------

+import java.util.Collection;
 import java.util.List;

 /**
@@ -134,7 +135,8 @@ public class PermissionUtil

      if (permissions != null)
      {
-        result = hasPermission(permissions, username, pt);
+        result = hasPermission(permissions, username,
+                               securityContext.getGroups(), pt);
      }
    }

@@ -147,12 +149,13 @@ public class PermissionUtil
   *
   * @param permissions
   * @param username
+   * @param groups
   * @param pt
   *
   * @return
   */
  private static boolean hasPermission(List<Permission> permissions,
-          String username, PermissionType pt)
+          String username, Collection<String> groups, PermissionType pt)
  {
    boolean result = false;

@@ -160,14 +163,17 @@ public class PermissionUtil
    {
      String name = p.getName();

-      if ((name != null) && name.equalsIgnoreCase(username)
-          && (p.getType().getValue() >= pt.getValue()))
+      if ((name != null) && (p.getType().getValue() >= pt.getValue()))
+      {
+        if (name.equals(username)
+            || (p.isGroupPermission() && groups.contains(p.getName())))
        {
          result = true;

          break;
        }
      }
+    }

    return result;
  }
--- a/scm-core/src/main/java/sonia/scm/web/security/WebSecurityContext.java
+++ b/scm-core/src/main/java/sonia/scm/web/security/WebSecurityContext.java
@@ -40,6 +40,8 @@ import sonia.scm.user.User;

 //~--- JDK imports ------------------------------------------------------------

+import java.util.Collection;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

@@ -76,6 +78,14 @@ public interface WebSecurityContext extends SecurityContext

  //~--- get methods ----------------------------------------------------------

+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  public Collection<String> getGroups();
+
  /**
   * Method description
   *
--- a/scm-core/src/test/java/sonia/scm/repository/PermissionUtilTest.java
+++ b/scm-core/src/test/java/sonia/scm/repository/PermissionUtilTest.java
@@ -50,7 +50,10 @@ import static org.mockito.Mockito.*;

 //~--- JDK imports ------------------------------------------------------------

+import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;

 /**
 *
@@ -108,6 +111,30 @@ public class PermissionUtilTest
    PermissionUtil.assertPermission(repository, admams, PermissionType.OWNER);
  }

+  /**
+   * Method description
+   *
+   */
+  @Test
+  public void testGroupPermissions()
+  {
+    WebSecurityContext context = mockGroupCtx(new User("dent", "Arthur Dent",
+                                   "arthur.dent@hitchhiker.com"));
+    Repository r = new Repository();
+
+    r.setPermissions(
+        new ArrayList<Permission>(
+            Arrays.asList(
+              new Permission("dent"),
+              new Permission("devel", true, PermissionType.READ),
+              new Permission("qa", true, PermissionType.WRITE))));
+    assertTrue(PermissionUtil.hasPermission(r, context, PermissionType.READ));
+    assertTrue(PermissionUtil.hasPermission(r, context, PermissionType.WRITE));
+    assertFalse(PermissionUtil.hasPermission(r, context, PermissionType.OWNER));
+    r.getPermissions().add(new Permission("dent", PermissionType.OWNER));
+    assertTrue(PermissionUtil.hasPermission(r, context, PermissionType.OWNER));
+  }
+
  //~--- get methods ----------------------------------------------------------

  /**
@@ -162,6 +189,26 @@ public class PermissionUtilTest
    return context;
  }

+  /**
+   * Method description
+   *
+   *
+   * @param user
+   *
+   * @return
+   */
+  private WebSecurityContext mockGroupCtx(User user)
+  {
+    WebSecurityContext context = mockCtx(user);
+    Set<String> groups = new HashSet<String>();
+
+    groups.add("devel");
+    groups.add("qa");
+    when(context.getGroups()).thenReturn(groups);
+
+    return context;
+  }
+
  //~--- fields ---------------------------------------------------------------

  /** Field description */
--- a/scm-test/src/main/java/sonia/scm/web/security/DummyWebSecurityContext.java
+++ b/scm-test/src/main/java/sonia/scm/web/security/DummyWebSecurityContext.java
@@ -39,6 +39,9 @@ import sonia.scm.user.User;

 //~--- JDK imports ------------------------------------------------------------

+import java.util.HashSet;
+import java.util.Set;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

@@ -97,6 +100,18 @@ public class DummyWebSecurityContext implements WebSecurityContext

  //~--- get methods ----------------------------------------------------------

+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  @Override
+  public Set<String> getGroups()
+  {
+    return groups;
+  }
+
  /**
   * Method description
   *
@@ -123,6 +138,9 @@ public class DummyWebSecurityContext implements WebSecurityContext

  //~--- fields ---------------------------------------------------------------

+  /** Field description */
+  private Set<String> groups = new HashSet<String>();
+
  /** Field description */
  private User user;
 }
--- a/scm-webapp/src/main/java/sonia/scm/group/xml/XmlGroupManager.java
+++ b/scm-webapp/src/main/java/sonia/scm/group/xml/XmlGroupManager.java
@@ -60,6 +60,7 @@ import java.io.IOException;

 import java.util.Collection;
 import java.util.LinkedList;
+import java.util.Set;

 /**
 *
@@ -323,6 +324,30 @@ public class XmlGroupManager extends AbstractGroupManager
    return groups;
  }

+  /**
+   * Method description
+   *
+   *
+   * @param member
+   *
+   * @return
+   */
+  @Override
+  public Collection<Group> getGroupsForMember(String member)
+  {
+    LinkedList<Group> groups = new LinkedList<Group>();
+
+    for (Group group : groupDB.values())
+    {
+      if (group.isMember(member))
+      {
+        groups.add(group.clone());
+      }
+    }
+
+    return groups;
+  }
+
  //~--- methods --------------------------------------------------------------

  /**
--- a/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
+++ b/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
@@ -42,11 +42,17 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import sonia.scm.config.ScmConfiguration;
+import sonia.scm.group.Group;
+import sonia.scm.group.GroupManager;
 import sonia.scm.user.User;
 import sonia.scm.user.UserManager;

 //~--- JDK imports ------------------------------------------------------------

+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

@@ -74,15 +80,18 @@ public class BasicSecurityContext implements WebSecurityContext
   *
   * @param configuration
   * @param authenticator
+   * @param groupManager
   * @param userManager
   */
  @Inject
  public BasicSecurityContext(ScmConfiguration configuration,
                              AuthenticationManager authenticator,
+                              GroupManager groupManager,
                              UserManager userManager)
  {
    this.configuration = configuration;
    this.authenticator = authenticator;
+    this.groupManager = groupManager;
    this.userManager = userManager;
  }

@@ -128,6 +137,8 @@ public class BasicSecurityContext implements WebSecurityContext
        {
          userManager.create(user);
        }
+
+        loadGroups();
      }
      catch (Exception ex)
      {
@@ -150,10 +161,28 @@ public class BasicSecurityContext implements WebSecurityContext
  public void logout(HttpServletRequest request, HttpServletResponse response)
  {
    user = null;
+    groups = null;
  }

  //~--- get methods ----------------------------------------------------------

+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  @Override
+  public Collection<String> getGroups()
+  {
+    if (groups == null)
+    {
+      groups = new HashSet<String>();
+    }
+
+    return groups;
+  }
+
  /**
   * Method description
   *
@@ -183,6 +212,28 @@ public class BasicSecurityContext implements WebSecurityContext
    return getUser() != null;
  }

+  //~--- methods --------------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   */
+  private void loadGroups()
+  {
+    groups = new HashSet<String>();
+
+    Collection<Group> groupCollection =
+      groupManager.getGroupsForMember(user.getName());
+
+    if (groupCollection != null)
+    {
+      for (Group group : groupCollection)
+      {
+        groups.add(group.getName());
+      }
+    }
+  }
+
  //~--- fields ---------------------------------------------------------------

  /** Field description */
@@ -191,6 +242,12 @@ public class BasicSecurityContext implements WebSecurityContext
  /** Field description */
  private ScmConfiguration configuration;

+  /** Field description */
+  private GroupManager groupManager;
+
+  /** Field description */
+  private Set<String> groups = new HashSet<String>();
+
  /** Field description */
  private User user;