mirror of
https://github.com/scm-manager/scm-manager.git
synced 2025-11-03 20:15:52 +01:00
Git Plugin Config: Create fine-grained configuration permissions.
No more hard-coded isAdmin() checks. Also adds more tests.
This commit is contained in:
Johannes Schnatterer
@@ -3,18 +3,24 @@ package sonia.scm.api.v2.resources;
|
||||
import com.webcohesion.enunciate.metadata.rs.ResponseCode;
|
||||
import com.webcohesion.enunciate.metadata.rs.StatusCodes;
|
||||
import com.webcohesion.enunciate.metadata.rs.TypeHint;
|
||||
import org.apache.shiro.SecurityUtils;
|
||||
import sonia.scm.config.ConfigurationPermissions;
|
||||
import sonia.scm.repository.GitConfig;
|
||||
import sonia.scm.repository.GitRepositoryHandler;
|
||||
import sonia.scm.security.Role;
|
||||
import sonia.scm.web.GitVndMediaType;
|
||||
|
||||
import javax.inject.Inject;
|
||||
import javax.ws.rs.*;
|
||||
import javax.ws.rs.Consumes;
|
||||
import javax.ws.rs.GET;
|
||||
import javax.ws.rs.PUT;
|
||||
import javax.ws.rs.Path;
|
||||
import javax.ws.rs.Produces;
|
||||
import javax.ws.rs.core.Context;
|
||||
import javax.ws.rs.core.Response;
|
||||
import javax.ws.rs.core.UriInfo;
|
||||
|
||||
/**
|
||||
* RESTful Web Service Resource to manage the configuration of the git plugin.
|
||||
*/
|
||||
@Path(GitConfigResource.GIT_CONFIG_PATH_V2)
|
||||
public class GitConfigResource {
|
||||
|
||||
@@ -44,22 +50,17 @@ public class GitConfigResource {
|
||||
@ResponseCode(code = 500, condition = "internal server error")
|
||||
})
|
||||
public Response get() {
|
||||
Response response;
|
||||
|
||||
if (SecurityUtils.getSubject().hasRole(Role.ADMIN)) {
|
||||
GitConfig config = repositoryHandler.getConfig();
|
||||
GitConfig config = repositoryHandler.getConfig();
|
||||
|
||||
if (config == null) {
|
||||
config = new GitConfig();
|
||||
repositoryHandler.setConfig(config);
|
||||
}
|
||||
|
||||
response = Response.ok(configToDtoMapper.map(config)).build();
|
||||
} else {
|
||||
response = Response.status(Response.Status.FORBIDDEN).build();
|
||||
if (config == null) {
|
||||
config = new GitConfig();
|
||||
repositoryHandler.setConfig(config);
|
||||
}
|
||||
|
||||
return response;
|
||||
ConfigurationPermissions.read(config).check();
|
||||
|
||||
return Response.ok(configToDtoMapper.map(config)).build();
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -71,23 +72,21 @@ public class GitConfigResource {
|
||||
@Path("")
|
||||
@Consumes(GitVndMediaType.GIT_CONFIG)
|
||||
@StatusCodes({
|
||||
@ResponseCode(code = 201, condition = "update success"),
|
||||
@ResponseCode(code = 204, condition = "update success"),
|
||||
@ResponseCode(code = 401, condition = "not authenticated / invalid credentials"),
|
||||
@ResponseCode(code = 403, condition = "not authorized, the current user has no privileges to update the git config"),
|
||||
@ResponseCode(code = 500, condition = "internal server error")
|
||||
})
|
||||
@TypeHint(TypeHint.NO_CONTENT.class)
|
||||
public Response update(@Context UriInfo uriInfo, GitConfigDto configDto) {
|
||||
Response response;
|
||||
|
||||
if (SecurityUtils.getSubject().hasRole(Role.ADMIN)) {
|
||||
repositoryHandler.setConfig(dtoToConfigMapper.map(configDto));
|
||||
repositoryHandler.storeConfig();
|
||||
response = Response.created(uriInfo.getRequestUri()).build();
|
||||
} else {
|
||||
response = Response.status(Response.Status.FORBIDDEN).build();
|
||||
}
|
||||
GitConfig config = dtoToConfigMapper.map(configDto);
|
||||
|
||||
return response;
|
||||
ConfigurationPermissions.write(config).check();
|
||||
|
||||
repositoryHandler.setConfig(config);
|
||||
repositoryHandler.storeConfig();
|
||||
|
||||
return Response.noContent().build();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,12 +1,11 @@
|
||||
package sonia.scm.api.v2.resources;
|
||||
|
||||
import de.otto.edison.hal.Links;
|
||||
import org.apache.shiro.SecurityUtils;
|
||||
import org.mapstruct.AfterMapping;
|
||||
import org.mapstruct.Mapper;
|
||||
import org.mapstruct.MappingTarget;
|
||||
import sonia.scm.config.ConfigurationPermissions;
|
||||
import sonia.scm.repository.GitConfig;
|
||||
import sonia.scm.security.Role;
|
||||
|
||||
import javax.inject.Inject;
|
||||
|
||||
@@ -26,8 +25,7 @@ public abstract class GitConfigToGitConfigDtoMapper {
|
||||
@AfterMapping
|
||||
void appendLinks(GitConfig config, @MappingTarget GitConfigDto target) {
|
||||
Links.Builder linksBuilder = linkingTo().self(self());
|
||||
// TODO: ConfigPermissions?
|
||||
if (SecurityUtils.getSubject().hasRole(Role.ADMIN)) {
|
||||
if (ConfigurationPermissions.write(config).isPermitted()) {
|
||||
linksBuilder.single(link("update", update()));
|
||||
}
|
||||
target.add(linksBuilder.build());
|
||||
|
||||
Reference in New Issue
Block a user