User resource: No longer check for admin role.

In SCMM v2 we use permissions. The checks are already implemented in
DefaultUserManager called by the resource.

When not authorized, the check results in an AuthorizationException,
which is mapped to 403.
As this is no longer realized in the resource, the corresponding test
is removed.

scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserResource.java

@@ -4,9 +4,7 @@ import com.google.inject.Inject;
 import com.webcohesion.enunciate.metadata.rs.ResponseCode;
 import com.webcohesion.enunciate.metadata.rs.StatusCodes;
 import com.webcohesion.enunciate.metadata.rs.TypeHint;
-import org.apache.shiro.SecurityUtils;
 import sonia.scm.api.rest.resources.AbstractManagerResource;
-import sonia.scm.security.Role;
 import sonia.scm.user.User;
 import sonia.scm.user.UserException;
 import sonia.scm.user.UserManager;
@@ -47,18 +45,10 @@ public class UserResource extends AbstractManagerResource<User, UserException> {
     @ResponseCode(code = 404, condition = "not found, no group with the specified id/name available"),
     @ResponseCode(code = 500, condition = "internal server error")
   })
-  public Response get(@Context Request request, @Context UriInfo uriInfo, @PathParam("id") String id)
-  {
-    if (SecurityUtils.getSubject().hasRole(Role.ADMIN))
-    {
+  public Response get(@Context Request request, @Context UriInfo uriInfo, @PathParam("id") String id) {
       User user = manager.get(id);
       UserDto userDto = userToDtoMapper.map(user);
       return Response.ok(userDto).build();
-    }
-    else
-    {
-      return Response.status(Response.Status.FORBIDDEN).build();
-    }
   }
 
   @PUT
@@ -70,8 +60,7 @@ public class UserResource extends AbstractManagerResource<User, UserException> {
   })
   @TypeHint(TypeHint.NO_CONTENT.class)
   public Response update(@Context UriInfo uriInfo,
-    @PathParam("id") String name, UserDto userDto)
-  {
+    @PathParam("id") String name, UserDto userDto) {
     String originalPassword = manager.get(name).getPassword();
     User user = dtoToUserMapper.map(userDto, originalPassword);
     return update(name, user);
@@ -85,8 +74,7 @@ public class UserResource extends AbstractManagerResource<User, UserException> {
     @ResponseCode(code = 500, condition = "internal server error")
   })
   @TypeHint(TypeHint.NO_CONTENT.class)
-  public Response delete(@PathParam("id") String name)
-  {
+  public Response delete(@PathParam("id") String name) {
     return super.delete(name);
   }
 

scm-webapp/src/test/java/sonia/scm/api/v2/resources/UserRootResourceTest.java

@@ -93,7 +93,6 @@ public class UserRootResourceTest {
     dispatcher.invoke(request, response);
 
     assertEquals(HttpServletResponse.SC_OK, response.getStatus());
-    System.out.println(response.getContentAsString());
     assertTrue(response.getContentAsString().contains("\"name\":\"Neo\""));
     assertTrue(response.getContentAsString().contains("\"password\":\"__dummypassword__\""));
     assertTrue(response.getContentAsString().contains("\"self\":{\"href\":\"/v2/users/Neo\"}"));
@@ -115,17 +114,6 @@ public class UserRootResourceTest {
     assertFalse(response.getContentAsString().contains("\"delete\":{\"href\":\"/v2/users/Neo\"}"));
   }
 
-  @Test
-  @SubjectAware(username = "unpriv")
-  public void shouldNotGetSingleUserForSimpleUser() throws URISyntaxException {
-    MockHttpRequest request = MockHttpRequest.get("/" + UserRootResource.USERS_PATH_V2 + "Neo");
-    MockHttpResponse response = new MockHttpResponse();
-
-    dispatcher.invoke(request, response);
-
-    assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus());
-  }
-
   @Test
   public void shouldCreateNewUserWithEncryptedPassword() throws URISyntaxException, IOException {
     URL url = Resources.getResource("sonia/scm/api/v2/user-test-create.json");