Fix deletion of permissions after modification

Permissions could not be deleted, when they were modified (eg. change of role or of verbs).
2025-11-08 14:35:45 +01:00 · 2019-03-01 14:10:39 +01:00
parent 9b6063c4c5
commit b537a2a2ba
7 changed files with 62 additions and 37 deletions
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryPermissionDtoToRepositoryPermissionMapper.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryPermissionDtoToRepositoryPermissionMapper.java
@@ -5,18 +5,8 @@ import org.mapstruct.Mapper;
 import org.mapstruct.MappingTarget;
 import sonia.scm.repository.RepositoryPermission;

-@Mapper(collectionMappingStrategy = CollectionMappingStrategy.TARGET_IMMUTABLE)
+@Mapper( collectionMappingStrategy = CollectionMappingStrategy.TARGET_IMMUTABLE)
 public abstract class RepositoryPermissionDtoToRepositoryPermissionMapper {

  public abstract RepositoryPermission map(RepositoryPermissionDto permissionDto);
-
-  /**
-   * this method is needed to modify an existing permission object
-   *
-   * @param target the target permission
-   * @param repositoryPermissionDto the source dto
-   * @return the mapped target permission object
-   */
-  public abstract void modify(@MappingTarget RepositoryPermission target, RepositoryPermissionDto repositoryPermissionDto);
-
 }
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryPermissionRootResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryPermissionRootResource.java
@@ -177,7 +177,11 @@ public class RepositoryPermissionRootResource {
      .filter(filterPermission(permissionName))
      .findFirst()
      .orElseThrow(() -> notFound(entity(RepositoryPermission.class, namespace).in(Repository.class, namespace + "/" + name)));
-    dtoToModelMapper.modify(existingPermission, permission);
+    RepositoryPermission newPermission = dtoToModelMapper.map(permission);
+    if (!repository.removePermission(existingPermission)) {
+      throw new IllegalStateException(String.format("could not delete modified permission %s from repository %s/%s", existingPermission, namespace, name));
+    }
+    repository.addPermission(newPermission);
    manager.modify(repository);
    log.info("the permission with name: {} is updated.", permissionName);
    return Response.noContent().build();
@@ -210,7 +214,7 @@ public class RepositoryPermissionRootResource {
      .findFirst()
      .ifPresent(repository::removePermission);
    manager.modify(repository);
-    log.info("the permission with name: {} is updated.", permissionName);
+    log.info("the permission with name: {} is deleted.", permissionName);
    return Response.noContent().build();
  }