changes for issue '#2 Support applying permissions to groups as well as users'

scm-core/src/main/java/sonia/scm/group/Group.java

@@ -377,6 +377,19 @@ public class Group
     return type;
   }
 
+  /**
+   * Method description
+   *
+   *
+   * @param member
+   *
+   * @return
+   */
+  public boolean isMember(String member)
+  {
+    return (members != null) && members.contains(member);
+  }
+
   /**
    * Method description
    *

scm-core/src/main/java/sonia/scm/group/GroupManager.java

@@ -38,10 +38,25 @@ package sonia.scm.group;
 import sonia.scm.ListenerSupport;
 import sonia.scm.Manager;
 
+//~--- JDK imports ------------------------------------------------------------
+
+import java.util.Collection;
+
 /**
  *
  * @author Sebastian Sdorra
  */
 public interface GroupManager
-        extends Manager<Group, GroupException>,
-                ListenerSupport<GroupListener> {}
+        extends Manager<Group, GroupException>, ListenerSupport<GroupListener>
+{
+
+  /**
+   * Method description
+   *
+   *
+   * @param member
+   *
+   * @return
+   */
+  public Collection<Group> getGroupsForMember(String member);
+}

scm-core/src/main/java/sonia/scm/repository/Permission.java

@@ -85,6 +85,21 @@ public class Permission implements Serializable
     this.type = type;
   }
 
+  /**
+   * Constructs ...
+   *
+   *
+   * @param name
+   * @param groupPermission
+   * @param type
+   */
+  public Permission(String name, boolean groupPermission, PermissionType type)
+  {
+    this.name = name;
+    this.groupPermission = groupPermission;
+    this.type = type;
+  }
+
   //~--- get methods ----------------------------------------------------------
 
   /**
@@ -109,8 +124,30 @@ public class Permission implements Serializable
     return type;
   }
 
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  public boolean isGroupPermission()
+  {
+    return groupPermission;
+  }
+
   //~--- set methods ----------------------------------------------------------
 
+  /**
+   * Method description
+   *
+   *
+   * @param groupPermission
+   */
+  public void setGroupPermission(boolean groupPermission)
+  {
+    this.groupPermission = groupPermission;
+  }
+
   /**
    * Method description
    *
@@ -135,6 +172,9 @@ public class Permission implements Serializable
 
   //~--- fields ---------------------------------------------------------------
 
+  /** Field description */
+  private boolean groupPermission = false;
+
   /** Field description */
   private String name;
 

scm-core/src/main/java/sonia/scm/repository/PermissionUtil.java

@@ -43,6 +43,7 @@ import sonia.scm.web.security.WebSecurityContext;
 
 //~--- JDK imports ------------------------------------------------------------
 
+import java.util.Collection;
 import java.util.List;
 
 /**
@@ -134,7 +135,8 @@ public class PermissionUtil
 
       if (permissions != null)
       {
-        result = hasPermission(permissions, username, pt);
+        result = hasPermission(permissions, username,
+                               securityContext.getGroups(), pt);
       }
     }
 
@@ -147,12 +149,13 @@ public class PermissionUtil
    *
    * @param permissions
    * @param username
+   * @param groups
    * @param pt
    *
    * @return
    */
   private static boolean hasPermission(List<Permission> permissions,
-          String username, PermissionType pt)
+          String username, Collection<String> groups, PermissionType pt)
   {
     boolean result = false;
 
@@ -160,14 +163,17 @@ public class PermissionUtil
     {
       String name = p.getName();
 
-      if ((name != null) && name.equalsIgnoreCase(username)
-          && (p.getType().getValue() >= pt.getValue()))
+      if ((name != null) && (p.getType().getValue() >= pt.getValue()))
+      {
+        if (name.equals(username)
+            || (p.isGroupPermission() && groups.contains(p.getName())))
         {
           result = true;
 
           break;
         }
       }
+    }
 
     return result;
   }

scm-core/src/main/java/sonia/scm/web/security/WebSecurityContext.java

@@ -40,6 +40,8 @@ import sonia.scm.user.User;
 
 //~--- JDK imports ------------------------------------------------------------
 
+import java.util.Collection;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -76,6 +78,14 @@ public interface WebSecurityContext extends SecurityContext
 
   //~--- get methods ----------------------------------------------------------
 
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  public Collection<String> getGroups();
+
   /**
    * Method description
    *

scm-core/src/test/java/sonia/scm/repository/PermissionUtilTest.java

@@ -50,7 +50,10 @@ import static org.mockito.Mockito.*;
 
 //~--- JDK imports ------------------------------------------------------------
 
+import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
 
 /**
  *
@@ -108,6 +111,30 @@ public class PermissionUtilTest
     PermissionUtil.assertPermission(repository, admams, PermissionType.OWNER);
   }
 
+  /**
+   * Method description
+   *
+   */
+  @Test
+  public void testGroupPermissions()
+  {
+    WebSecurityContext context = mockGroupCtx(new User("dent", "Arthur Dent",
+                                   "arthur.dent@hitchhiker.com"));
+    Repository r = new Repository();
+
+    r.setPermissions(
+        new ArrayList<Permission>(
+            Arrays.asList(
+              new Permission("dent"),
+              new Permission("devel", true, PermissionType.READ),
+              new Permission("qa", true, PermissionType.WRITE))));
+    assertTrue(PermissionUtil.hasPermission(r, context, PermissionType.READ));
+    assertTrue(PermissionUtil.hasPermission(r, context, PermissionType.WRITE));
+    assertFalse(PermissionUtil.hasPermission(r, context, PermissionType.OWNER));
+    r.getPermissions().add(new Permission("dent", PermissionType.OWNER));
+    assertTrue(PermissionUtil.hasPermission(r, context, PermissionType.OWNER));
+  }
+
   //~--- get methods ----------------------------------------------------------
 
   /**
@@ -162,6 +189,26 @@ public class PermissionUtilTest
     return context;
   }
 
+  /**
+   * Method description
+   *
+   *
+   * @param user
+   *
+   * @return
+   */
+  private WebSecurityContext mockGroupCtx(User user)
+  {
+    WebSecurityContext context = mockCtx(user);
+    Set<String> groups = new HashSet<String>();
+
+    groups.add("devel");
+    groups.add("qa");
+    when(context.getGroups()).thenReturn(groups);
+
+    return context;
+  }
+
   //~--- fields ---------------------------------------------------------------
 
   /** Field description */

scm-test/src/main/java/sonia/scm/web/security/DummyWebSecurityContext.java

@@ -39,6 +39,9 @@ import sonia.scm.user.User;
 
 //~--- JDK imports ------------------------------------------------------------
 
+import java.util.HashSet;
+import java.util.Set;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -97,6 +100,18 @@ public class DummyWebSecurityContext implements WebSecurityContext
 
   //~--- get methods ----------------------------------------------------------
 
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  @Override
+  public Set<String> getGroups()
+  {
+    return groups;
+  }
+
   /**
    * Method description
    *
@@ -123,6 +138,9 @@ public class DummyWebSecurityContext implements WebSecurityContext
 
   //~--- fields ---------------------------------------------------------------
 
+  /** Field description */
+  private Set<String> groups = new HashSet<String>();
+
   /** Field description */
   private User user;
 }

scm-webapp/src/main/java/sonia/scm/group/xml/XmlGroupManager.java

@@ -60,6 +60,7 @@ import java.io.IOException;
 
 import java.util.Collection;
 import java.util.LinkedList;
+import java.util.Set;
 
 /**
  *
@@ -323,6 +324,30 @@ public class XmlGroupManager extends AbstractGroupManager
     return groups;
   }
 
+  /**
+   * Method description
+   *
+   *
+   * @param member
+   *
+   * @return
+   */
+  @Override
+  public Collection<Group> getGroupsForMember(String member)
+  {
+    LinkedList<Group> groups = new LinkedList<Group>();
+
+    for (Group group : groupDB.values())
+    {
+      if (group.isMember(member))
+      {
+        groups.add(group.clone());
+      }
+    }
+
+    return groups;
+  }
+
   //~--- methods --------------------------------------------------------------
 
   /**

scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java

@@ -42,11 +42,17 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import sonia.scm.config.ScmConfiguration;
+import sonia.scm.group.Group;
+import sonia.scm.group.GroupManager;
 import sonia.scm.user.User;
 import sonia.scm.user.UserManager;
 
 //~--- JDK imports ------------------------------------------------------------
 
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -74,15 +80,18 @@ public class BasicSecurityContext implements WebSecurityContext
    *
    * @param configuration
    * @param authenticator
+   * @param groupManager
    * @param userManager
    */
   @Inject
   public BasicSecurityContext(ScmConfiguration configuration,
                               AuthenticationManager authenticator,
+                              GroupManager groupManager,
                               UserManager userManager)
   {
     this.configuration = configuration;
     this.authenticator = authenticator;
+    this.groupManager = groupManager;
     this.userManager = userManager;
   }
 
@@ -128,6 +137,8 @@ public class BasicSecurityContext implements WebSecurityContext
         {
           userManager.create(user);
         }
+
+        loadGroups();
       }
       catch (Exception ex)
       {
@@ -150,10 +161,28 @@ public class BasicSecurityContext implements WebSecurityContext
   public void logout(HttpServletRequest request, HttpServletResponse response)
   {
     user = null;
+    groups = null;
   }
 
   //~--- get methods ----------------------------------------------------------
 
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  @Override
+  public Collection<String> getGroups()
+  {
+    if (groups == null)
+    {
+      groups = new HashSet<String>();
+    }
+
+    return groups;
+  }
+
   /**
    * Method description
    *
@@ -183,6 +212,28 @@ public class BasicSecurityContext implements WebSecurityContext
     return getUser() != null;
   }
 
+  //~--- methods --------------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   */
+  private void loadGroups()
+  {
+    groups = new HashSet<String>();
+
+    Collection<Group> groupCollection =
+      groupManager.getGroupsForMember(user.getName());
+
+    if (groupCollection != null)
+    {
+      for (Group group : groupCollection)
+      {
+        groups.add(group.getName());
+      }
+    }
+  }
+
   //~--- fields ---------------------------------------------------------------
 
   /** Field description */
@@ -191,6 +242,12 @@ public class BasicSecurityContext implements WebSecurityContext
   /** Field description */
   private ScmConfiguration configuration;
 
+  /** Field description */
+  private GroupManager groupManager;
+
+  /** Field description */
+  private Set<String> groups = new HashSet<String>();
+
   /** Field description */
   private User user;