Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-10 15:35:49 +01:00
Code Issues Packages Projects Releases Activity

implement permission collector

Browse Source
This commit is contained in:
Sebastian Sdorra
2013-05-26 12:26:25 +02:00
parent f7dece4696
commit d2097bda05
4 changed files with 276 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

145
scm-webapp/src/main/java/sonia/scm/security/ScmRealm.java
View File

@@ -36,7 +36,6 @@ package sonia.scm.security;
//~--- non-JDK imports --------------------------------------------------------
import com.google.common.base.Joiner;
import com.google.common.base.Predicate;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import com.google.common.eventbus.Subscribe;
@@ -70,10 +69,7 @@ import sonia.scm.event.Subscriber;
import sonia.scm.group.Group;
import sonia.scm.group.GroupManager;
import sonia.scm.group.GroupNames;
import sonia.scm.repository.Permission;
import sonia.scm.repository.PermissionType;
import sonia.scm.repository.Repository;
import sonia.scm.repository.RepositoryDAO;
import sonia.scm.repository.RepositoryEvent;
import sonia.scm.repository.RepositoryManager;
import sonia.scm.user.User;
@@ -130,6 +126,7 @@ public class ScmRealm extends AuthorizingRealm
*
* @param configuration
* @param securitySystem
* @param collector
* @param cacheManager
* @param userManager
* @param groupManager
@@ -142,18 +139,16 @@ public class ScmRealm extends AuthorizingRealm
*/
@Inject
public ScmRealm(ScmConfiguration configuration,
SecuritySystem securitySystem, CacheManager cacheManager,
UserManager userManager, GroupManager groupManager,
RepositoryDAO repositoryDAO, UserDAO userDAO,
PermissionCollector collector, CacheManager cacheManager,
UserManager userManager, GroupManager groupManager, UserDAO userDAO,
AuthenticationManager authenticator, RepositoryManager manager,
Provider<HttpServletRequest> requestProvider,
Provider<HttpServletResponse> responseProvider)
{
this.configuration = configuration;
this.securitySystem = securitySystem;
this.collector = collector;
this.userManager = userManager;
this.groupManager = groupManager;
this.repositoryDAO = repositoryDAO;
this.userDAO = userDAO;
this.authenticator = authenticator;
this.requestProvider = requestProvider;
@@ -499,121 +494,6 @@ public class ScmRealm extends AuthorizingRealm
}
}
/**
* Method description
*
*
* @param user
* @param groups
*
* @return
*/
private List<String> collectGlobalPermissions(final User user,
final GroupNames groups)
{
if (logger.isTraceEnabled())
{
logger.trace("collect global permissions for user {}", user.getName());
}
List<String> permissions = Lists.newArrayList();
List<StoredAssignedPermission> globalPermissions =
securitySystem.getPermissions(new Predicate<AssignedPermission>()
{
@Override
public boolean apply(AssignedPermission input)
{
return isUserPermission(user, groups, input);
}
});
for (StoredAssignedPermission gp : globalPermissions)
{
if (logger.isTraceEnabled())
{
logger.trace("add permission {} for user {}", gp.getPermission(),
user.getName());
}
permissions.add(gp.getPermission());
}
return permissions;
}
/**
* Method description
*
*
* @param user
* @param groups
*
* @return
*/
private List<org.apache.shiro.authz.Permission> collectRepositoryPermissions(
User user, GroupNames groups)
{
List<org.apache.shiro.authz.Permission> permissions = Lists.newArrayList();
for (Repository repository : repositoryDAO.getAll())
{
if (logger.isTraceEnabled())
{
logger.trace("collect permissions for repository {} and user {}",
repository.getName(), user.getName());
}
collectRepositoryPermissions(permissions, repository, user, groups);
}
return permissions;
}
/**
* Method description
*
*
* @param permissions
* @param repository
* @param user
* @param groups
*/
private void collectRepositoryPermissions(
List<org.apache.shiro.authz.Permission> permissions, Repository repository,
User user, GroupNames groups)
{
List<Permission> repositoryPermissions = repository.getPermissions();
if (Util.isNotEmpty(repositoryPermissions))
{
for (Permission permission : repositoryPermissions)
{
if (isUserPermission(user, groups, permission))
{
RepositoryPermission rp = new RepositoryPermission(repository,
permission.getType());
if (logger.isTraceEnabled())
{
logger.trace("add repository permission {} for user {}", rp,
user.getName());
}
permissions.add(rp);
}
}
}
else if (logger.isTraceEnabled())
{
logger.trace("repository {} has not permission entries",
repository.getName());
}
}
/**
* Method description
*
@@ -674,19 +554,13 @@ public class ScmRealm extends AuthorizingRealm
}
else
{
permissions = collectRepositoryPermissions(user, groups);
globalPermissions = collectGlobalPermissions(user, groups);
permissions = collector.collect(user, groups);
}
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roles);
info.addObjectPermissions(permissions);
if (globalPermissions != null)
{
info.addStringPermissions(globalPermissions);
}
return info;
}
@@ -830,24 +704,21 @@ public class ScmRealm extends AuthorizingRealm
/** Field description */
private Cache<String, AuthorizationInfo> cache;
/** Field description */
private PermissionCollector collector;
/** Field description */
private ScmConfiguration configuration;
/** Field description */
private GroupManager groupManager;
/** Field description */
private RepositoryDAO repositoryDAO;
/** Field description */
private Provider<HttpServletRequest> requestProvider;
/** Field description */
private Provider<HttpServletResponse> responseProvider;
/** Field description */
private SecuritySystem securitySystem;
/** Field description */
private UserDAO userDAO;