mirror of
https://github.com/scm-manager/scm-manager.git
synced 2025-11-12 16:35:45 +01:00
Merge with 2.0.0-m3
This commit is contained in:
René Pfeuffer
@@ -7,6 +7,8 @@ import java.util.function.Consumer;
|
||||
import java.util.function.Function;
|
||||
import java.util.function.Supplier;
|
||||
|
||||
import static sonia.scm.ScmConstraintViolationException.Builder.doThrow;
|
||||
|
||||
public class ManagerDaoAdapter<T extends ModelObject> {
|
||||
|
||||
private final GenericDAO<T> dao;
|
||||
@@ -19,6 +21,9 @@ public class ManagerDaoAdapter<T extends ModelObject> {
|
||||
T notModified = dao.get(object.getId());
|
||||
if (notModified != null) {
|
||||
permissionCheck.apply(notModified).check();
|
||||
|
||||
doThrow().violation("type must not be changed").when(!notModified.getType().equals(object.getType()));
|
||||
|
||||
AssertUtil.assertIsValid(object);
|
||||
|
||||
beforeUpdate.handle(notModified);
|
||||
|
||||
@@ -67,6 +67,7 @@ import sonia.scm.plugin.PluginLoader;
|
||||
import sonia.scm.plugin.PluginManager;
|
||||
import sonia.scm.repository.DefaultRepositoryManager;
|
||||
import sonia.scm.repository.DefaultRepositoryProvider;
|
||||
import sonia.scm.repository.DefaultRepositoryRoleManager;
|
||||
import sonia.scm.repository.HealthCheckContextListener;
|
||||
import sonia.scm.repository.NamespaceStrategy;
|
||||
import sonia.scm.repository.NamespaceStrategyProvider;
|
||||
@@ -75,10 +76,13 @@ import sonia.scm.repository.RepositoryDAO;
|
||||
import sonia.scm.repository.RepositoryManager;
|
||||
import sonia.scm.repository.RepositoryManagerProvider;
|
||||
import sonia.scm.repository.RepositoryProvider;
|
||||
import sonia.scm.repository.RepositoryRoleDAO;
|
||||
import sonia.scm.repository.RepositoryRoleManager;
|
||||
import sonia.scm.repository.api.HookContextFactory;
|
||||
import sonia.scm.repository.api.RepositoryServiceFactory;
|
||||
import sonia.scm.repository.spi.HookEventFacade;
|
||||
import sonia.scm.repository.xml.XmlRepositoryDAO;
|
||||
import sonia.scm.repository.xml.XmlRepositoryRoleDAO;
|
||||
import sonia.scm.schedule.QuartzScheduler;
|
||||
import sonia.scm.schedule.Scheduler;
|
||||
import sonia.scm.security.AccessTokenCookieIssuer;
|
||||
@@ -252,6 +256,8 @@ public class ScmServletModule extends ServletModule
|
||||
bind(GroupDAO.class, XmlGroupDAO.class);
|
||||
bind(UserDAO.class, XmlUserDAO.class);
|
||||
bind(RepositoryDAO.class, XmlRepositoryDAO.class);
|
||||
bind(RepositoryRoleDAO.class, XmlRepositoryRoleDAO.class);
|
||||
bind(RepositoryRoleManager.class).to(DefaultRepositoryRoleManager.class);
|
||||
|
||||
bindDecorated(RepositoryManager.class, DefaultRepositoryManager.class,
|
||||
RepositoryManagerProvider.class);
|
||||
|
||||
@@ -1,31 +0,0 @@
|
||||
package sonia.scm.api.v2.resources;
|
||||
|
||||
import de.otto.edison.hal.HalRepresentation;
|
||||
import de.otto.edison.hal.Links;
|
||||
import sonia.scm.security.RepositoryRole;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
public class AvailableRepositoryPermissionsDto extends HalRepresentation {
|
||||
private final Collection<String> availableVerbs;
|
||||
private final Collection<RepositoryRole> availableRoles;
|
||||
|
||||
public AvailableRepositoryPermissionsDto(Collection<String> availableVerbs, Collection<RepositoryRole> availableRoles) {
|
||||
this.availableVerbs = availableVerbs;
|
||||
this.availableRoles = availableRoles;
|
||||
}
|
||||
|
||||
public Collection<String> getAvailableVerbs() {
|
||||
return availableVerbs;
|
||||
}
|
||||
|
||||
public Collection<RepositoryRole> getAvailableRoles() {
|
||||
return availableRoles;
|
||||
}
|
||||
|
||||
@Override
|
||||
@SuppressWarnings("squid:S1185") // We want to have this method available in this package
|
||||
protected HalRepresentation add(Links links) {
|
||||
return super.add(links);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,23 @@
|
||||
package sonia.scm.api.v2.resources;
|
||||
|
||||
import javax.validation.Constraint;
|
||||
import javax.validation.Payload;
|
||||
import java.lang.annotation.Documented;
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.Target;
|
||||
|
||||
import static java.lang.annotation.ElementType.TYPE;
|
||||
import static java.lang.annotation.RetentionPolicy.RUNTIME;
|
||||
|
||||
@Target({TYPE})
|
||||
@Retention(RUNTIME)
|
||||
@Constraint(validatedBy = EitherRoleOrVerbsValidator.class)
|
||||
@Documented
|
||||
public @interface EitherRoleOrVerbs {
|
||||
|
||||
String message() default "permission must either have a role or a not empty set of verbs";
|
||||
|
||||
Class<?>[] groups() default {};
|
||||
|
||||
Class<? extends Payload>[] payload() default {};
|
||||
}
|
||||
@@ -0,0 +1,30 @@
|
||||
package sonia.scm.api.v2.resources;
|
||||
|
||||
import com.google.common.base.Strings;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import javax.validation.ConstraintValidator;
|
||||
import javax.validation.ConstraintValidatorContext;
|
||||
|
||||
public class EitherRoleOrVerbsValidator implements ConstraintValidator<EitherRoleOrVerbs, RepositoryPermissionDto> {
|
||||
|
||||
private static final Logger LOG = LoggerFactory.getLogger(EitherRoleOrVerbsValidator.class);
|
||||
|
||||
@Override
|
||||
public void initialize(EitherRoleOrVerbs constraintAnnotation) {
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isValid(RepositoryPermissionDto object, ConstraintValidatorContext constraintContext) {
|
||||
if (Strings.isNullOrEmpty(object.getRole())) {
|
||||
boolean result = object.getVerbs() != null && !object.getVerbs().isEmpty();
|
||||
LOG.trace("Validation result for permission with empty or no role: {}", result);
|
||||
return result;
|
||||
} else {
|
||||
boolean result = object.getVerbs() == null || object.getVerbs().isEmpty();
|
||||
LOG.trace("Validation result for permission with non empty role: {}", result);
|
||||
return result;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -8,6 +8,7 @@ import org.apache.shiro.SecurityUtils;
|
||||
import sonia.scm.SCMContextProvider;
|
||||
import sonia.scm.config.ConfigurationPermissions;
|
||||
import sonia.scm.group.GroupPermissions;
|
||||
import sonia.scm.repository.RepositoryRolePermissions;
|
||||
import sonia.scm.security.PermissionPermissions;
|
||||
import sonia.scm.user.UserPermissions;
|
||||
|
||||
@@ -58,10 +59,13 @@ public class IndexDtoGenerator extends HalAppenderMapper {
|
||||
if (PermissionPermissions.list().isPermitted()) {
|
||||
builder.single(link("permissions", resourceLinks.permissions().self()));
|
||||
}
|
||||
builder.single(link("availableRepositoryPermissions", resourceLinks.availableRepositoryPermissions().self()));
|
||||
builder.single(link("repositoryVerbs", resourceLinks.repositoryVerbs().self()));
|
||||
|
||||
builder.single(link("repositoryTypes", resourceLinks.repositoryTypeCollection().self()));
|
||||
builder.single(link("namespaceStrategies", resourceLinks.namespaceStrategies().self()));
|
||||
if (RepositoryRolePermissions.read().isPermitted()) {
|
||||
builder.single(link("repositoryRoles", resourceLinks.repositoryRoleCollection().self()));
|
||||
}
|
||||
} else {
|
||||
builder.single(link("login", resourceLinks.authentication().jsonLogin()));
|
||||
}
|
||||
|
||||
@@ -28,6 +28,10 @@ public class MapperModule extends AbstractModule {
|
||||
bind(RepositoryPermissionDtoToRepositoryPermissionMapper.class).to(Mappers.getMapper(RepositoryPermissionDtoToRepositoryPermissionMapper.class).getClass());
|
||||
bind(RepositoryPermissionToRepositoryPermissionDtoMapper.class).to(Mappers.getMapper(RepositoryPermissionToRepositoryPermissionDtoMapper.class).getClass());
|
||||
|
||||
bind(RepositoryRoleToRepositoryRoleDtoMapper.class).to(Mappers.getMapper(RepositoryRoleToRepositoryRoleDtoMapper.class).getClass());
|
||||
bind(RepositoryRoleDtoToRepositoryRoleMapper.class).to(Mappers.getMapper(RepositoryRoleDtoToRepositoryRoleMapper.class).getClass());
|
||||
bind(RepositoryRoleCollectionToDtoMapper.class);
|
||||
|
||||
bind(ChangesetToChangesetDtoMapper.class).to(Mappers.getMapper(DefaultChangesetToChangesetDtoMapper.class).getClass());
|
||||
bind(ChangesetToParentDtoMapper.class).to(Mappers.getMapper(ChangesetToParentDtoMapper.class).getClass());
|
||||
|
||||
|
||||
@@ -106,7 +106,7 @@ public class RepositoryCollectionResource {
|
||||
|
||||
private Repository createModelObjectFromDto(@Valid RepositoryDto repositoryDto) {
|
||||
Repository repository = dtoToRepositoryMapper.map(repositoryDto, null);
|
||||
repository.setPermissions(singletonList(new RepositoryPermission(currentUser(), singletonList("*"), false)));
|
||||
repository.setPermissions(singletonList(new RepositoryPermission(currentUser(), "OWNER", false)));
|
||||
return repository;
|
||||
}
|
||||
|
||||
|
||||
@@ -14,6 +14,7 @@ import javax.validation.constraints.Pattern;
|
||||
import java.util.Collection;
|
||||
|
||||
@Getter @Setter @ToString @NoArgsConstructor
|
||||
@EitherRoleOrVerbs
|
||||
public class RepositoryPermissionDto extends HalRepresentation {
|
||||
|
||||
public static final String GROUP_PREFIX = "@";
|
||||
@@ -21,9 +22,11 @@ public class RepositoryPermissionDto extends HalRepresentation {
|
||||
@Pattern(regexp = ValidationUtil.REGEX_NAME)
|
||||
private String name;
|
||||
|
||||
@NotEmpty
|
||||
@NoBlankStrings
|
||||
private Collection<String> verbs;
|
||||
|
||||
private String role;
|
||||
|
||||
private boolean groupPermission = false;
|
||||
|
||||
public RepositoryPermissionDto(String permissionName, boolean groupPermission) {
|
||||
|
||||
@@ -0,0 +1,94 @@
|
||||
package sonia.scm.api.v2.resources;
|
||||
|
||||
import com.webcohesion.enunciate.metadata.rs.ResponseCode;
|
||||
import com.webcohesion.enunciate.metadata.rs.ResponseHeader;
|
||||
import com.webcohesion.enunciate.metadata.rs.ResponseHeaders;
|
||||
import com.webcohesion.enunciate.metadata.rs.StatusCodes;
|
||||
import com.webcohesion.enunciate.metadata.rs.TypeHint;
|
||||
import sonia.scm.repository.RepositoryRole;
|
||||
import sonia.scm.repository.RepositoryRoleManager;
|
||||
import sonia.scm.web.VndMediaType;
|
||||
|
||||
import javax.inject.Inject;
|
||||
import javax.validation.Valid;
|
||||
import javax.ws.rs.Consumes;
|
||||
import javax.ws.rs.DefaultValue;
|
||||
import javax.ws.rs.GET;
|
||||
import javax.ws.rs.POST;
|
||||
import javax.ws.rs.Path;
|
||||
import javax.ws.rs.Produces;
|
||||
import javax.ws.rs.QueryParam;
|
||||
import javax.ws.rs.core.Response;
|
||||
|
||||
public class RepositoryRoleCollectionResource {
|
||||
|
||||
private static final int DEFAULT_PAGE_SIZE = 10;
|
||||
private final RepositoryRoleDtoToRepositoryRoleMapper dtoToRepositoryRoleMapper;
|
||||
private final RepositoryRoleCollectionToDtoMapper repositoryRoleCollectionToDtoMapper;
|
||||
private final ResourceLinks resourceLinks;
|
||||
|
||||
private final IdResourceManagerAdapter<RepositoryRole, RepositoryRoleDto> adapter;
|
||||
|
||||
@Inject
|
||||
public RepositoryRoleCollectionResource(RepositoryRoleManager manager, RepositoryRoleDtoToRepositoryRoleMapper dtoToRepositoryRoleMapper,
|
||||
RepositoryRoleCollectionToDtoMapper repositoryRoleCollectionToDtoMapper, ResourceLinks resourceLinks) {
|
||||
this.dtoToRepositoryRoleMapper = dtoToRepositoryRoleMapper;
|
||||
this.repositoryRoleCollectionToDtoMapper = repositoryRoleCollectionToDtoMapper;
|
||||
this.adapter = new IdResourceManagerAdapter<>(manager, RepositoryRole.class);
|
||||
this.resourceLinks = resourceLinks;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns all repository roles for a given page number with a given page size (default page size is {@value DEFAULT_PAGE_SIZE}).
|
||||
*
|
||||
* <strong>Note:</strong> This method requires "repositoryRole" privilege.
|
||||
*
|
||||
* @param page the number of the requested page
|
||||
* @param pageSize the page size (default page size is {@value DEFAULT_PAGE_SIZE})
|
||||
* @param sortBy sort parameter (if empty - undefined sorting)
|
||||
* @param desc sort direction desc or asc
|
||||
*/
|
||||
@GET
|
||||
@Path("")
|
||||
@Produces(VndMediaType.REPOSITORY_ROLE_COLLECTION)
|
||||
@TypeHint(CollectionDto.class)
|
||||
@StatusCodes({
|
||||
@ResponseCode(code = 200, condition = "success"),
|
||||
@ResponseCode(code = 400, condition = "\"sortBy\" field unknown"),
|
||||
@ResponseCode(code = 401, condition = "not authenticated / invalid credentials"),
|
||||
@ResponseCode(code = 403, condition = "not authorized, the current repositoryRole does not have the \"repositoryRole\" privilege"),
|
||||
@ResponseCode(code = 500, condition = "internal server error")
|
||||
})
|
||||
public Response getAll(@DefaultValue("0") @QueryParam("page") int page,
|
||||
@DefaultValue("" + DEFAULT_PAGE_SIZE) @QueryParam("pageSize") int pageSize,
|
||||
@QueryParam("sortBy") String sortBy,
|
||||
@DefaultValue("false") @QueryParam("desc") boolean desc
|
||||
) {
|
||||
return adapter.getAll(page, pageSize, x -> true, sortBy, desc,
|
||||
pageResult -> repositoryRoleCollectionToDtoMapper.map(page, pageSize, pageResult));
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new repository role.
|
||||
*
|
||||
* <strong>Note:</strong> This method requires "repositoryRole" privilege.
|
||||
*
|
||||
* @param repositoryRole The repositoryRole to be created.
|
||||
* @return A response with the link to the new repository role (if created successfully).
|
||||
*/
|
||||
@POST
|
||||
@Path("")
|
||||
@Consumes(VndMediaType.REPOSITORY_ROLE)
|
||||
@StatusCodes({
|
||||
@ResponseCode(code = 201, condition = "create success"),
|
||||
@ResponseCode(code = 401, condition = "not authenticated / invalid credentials"),
|
||||
@ResponseCode(code = 403, condition = "not authorized, the current user does not have the \"repositoryRole\" privilege"),
|
||||
@ResponseCode(code = 409, condition = "conflict, a repository role with this name already exists"),
|
||||
@ResponseCode(code = 500, condition = "internal server error")
|
||||
})
|
||||
@TypeHint(TypeHint.NO_CONTENT.class)
|
||||
@ResponseHeaders(@ResponseHeader(name = "Location", description = "uri to the created repositoryRole"))
|
||||
public Response create(@Valid RepositoryRoleDto repositoryRole) {
|
||||
return adapter.create(repositoryRole, () -> dtoToRepositoryRoleMapper.map(repositoryRole), u -> resourceLinks.repositoryRole().self(u.getName()));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,34 @@
|
||||
package sonia.scm.api.v2.resources;
|
||||
|
||||
import sonia.scm.PageResult;
|
||||
import sonia.scm.repository.RepositoryRole;
|
||||
import sonia.scm.repository.RepositoryRolePermissions;
|
||||
|
||||
import javax.inject.Inject;
|
||||
import java.util.Optional;
|
||||
|
||||
import static java.util.Optional.empty;
|
||||
import static java.util.Optional.of;
|
||||
|
||||
public class RepositoryRoleCollectionToDtoMapper extends BasicCollectionToDtoMapper<RepositoryRole, RepositoryRoleDto, RepositoryRoleToRepositoryRoleDtoMapper> {
|
||||
|
||||
private final ResourceLinks resourceLinks;
|
||||
|
||||
@Inject
|
||||
public RepositoryRoleCollectionToDtoMapper(RepositoryRoleToRepositoryRoleDtoMapper repositoryRoleToDtoMapper, ResourceLinks resourceLinks) {
|
||||
super("repositoryRoles", repositoryRoleToDtoMapper);
|
||||
this.resourceLinks = resourceLinks;
|
||||
}
|
||||
|
||||
public CollectionDto map(int pageNumber, int pageSize, PageResult<RepositoryRole> pageResult) {
|
||||
return map(pageNumber, pageSize, pageResult, this.createSelfLink(), this.createCreateLink());
|
||||
}
|
||||
|
||||
Optional<String> createCreateLink() {
|
||||
return RepositoryRolePermissions.modify().isPermitted() ? of(resourceLinks.repositoryRoleCollection().create()): empty();
|
||||
}
|
||||
|
||||
String createSelfLink() {
|
||||
return resourceLinks.repositoryRoleCollection().self();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,29 @@
|
||||
package sonia.scm.api.v2.resources;
|
||||
|
||||
import de.otto.edison.hal.Embedded;
|
||||
import de.otto.edison.hal.HalRepresentation;
|
||||
import de.otto.edison.hal.Links;
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import org.hibernate.validator.constraints.NotEmpty;
|
||||
|
||||
import java.time.Instant;
|
||||
import java.util.Collection;
|
||||
|
||||
@Getter
|
||||
@Setter
|
||||
@NoArgsConstructor
|
||||
public class RepositoryRoleDto extends HalRepresentation {
|
||||
@NotEmpty
|
||||
private String name;
|
||||
@NoBlankStrings @NotEmpty
|
||||
private Collection<String> verbs;
|
||||
private String type;
|
||||
private Instant creationDate;
|
||||
private Instant lastModified;
|
||||
|
||||
RepositoryRoleDto(Links links, Embedded embedded) {
|
||||
super(links, embedded);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,14 @@
|
||||
package sonia.scm.api.v2.resources;
|
||||
|
||||
import org.mapstruct.Mapper;
|
||||
import org.mapstruct.Mapping;
|
||||
import sonia.scm.repository.RepositoryRole;
|
||||
|
||||
// Mapstruct does not support parameterized (i.e. non-default) constructors. Thus, we need to use field injection.
|
||||
@SuppressWarnings("squid:S3306")
|
||||
@Mapper
|
||||
public abstract class RepositoryRoleDtoToRepositoryRoleMapper extends BaseDtoMapper {
|
||||
|
||||
@Mapping(target = "creationDate", ignore = true)
|
||||
public abstract RepositoryRole map(RepositoryRoleDto repositoryRoleDto);
|
||||
}
|
||||
@@ -0,0 +1,103 @@
|
||||
package sonia.scm.api.v2.resources;
|
||||
|
||||
import com.webcohesion.enunciate.metadata.rs.ResponseCode;
|
||||
import com.webcohesion.enunciate.metadata.rs.StatusCodes;
|
||||
import com.webcohesion.enunciate.metadata.rs.TypeHint;
|
||||
import sonia.scm.repository.RepositoryRole;
|
||||
import sonia.scm.repository.RepositoryRoleManager;
|
||||
import sonia.scm.web.VndMediaType;
|
||||
|
||||
import javax.inject.Inject;
|
||||
import javax.validation.Valid;
|
||||
import javax.ws.rs.Consumes;
|
||||
import javax.ws.rs.DELETE;
|
||||
import javax.ws.rs.GET;
|
||||
import javax.ws.rs.PUT;
|
||||
import javax.ws.rs.Path;
|
||||
import javax.ws.rs.PathParam;
|
||||
import javax.ws.rs.Produces;
|
||||
import javax.ws.rs.core.Response;
|
||||
|
||||
public class RepositoryRoleResource {
|
||||
|
||||
private final RepositoryRoleDtoToRepositoryRoleMapper dtoToRepositoryRoleMapper;
|
||||
private final RepositoryRoleToRepositoryRoleDtoMapper repositoryRoleToDtoMapper;
|
||||
|
||||
private final IdResourceManagerAdapter<RepositoryRole, RepositoryRoleDto> adapter;
|
||||
|
||||
@Inject
|
||||
public RepositoryRoleResource(
|
||||
RepositoryRoleDtoToRepositoryRoleMapper dtoToRepositoryRoleMapper,
|
||||
RepositoryRoleToRepositoryRoleDtoMapper repositoryRoleToDtoMapper,
|
||||
RepositoryRoleManager manager) {
|
||||
this.dtoToRepositoryRoleMapper = dtoToRepositoryRoleMapper;
|
||||
this.repositoryRoleToDtoMapper = repositoryRoleToDtoMapper;
|
||||
this.adapter = new IdResourceManagerAdapter<>(manager, RepositoryRole.class);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a repository role.
|
||||
*
|
||||
* <strong>Note:</strong> This method requires "repositoryRole" privilege.
|
||||
*
|
||||
* @param name the id/name of the repository role
|
||||
*/
|
||||
@GET
|
||||
@Path("")
|
||||
@Produces(VndMediaType.REPOSITORY_ROLE)
|
||||
@TypeHint(RepositoryRoleDto.class)
|
||||
@StatusCodes({
|
||||
@ResponseCode(code = 200, condition = "success"),
|
||||
@ResponseCode(code = 401, condition = "not authenticated / invalid credentials"),
|
||||
@ResponseCode(code = 403, condition = "not authorized, the current user has no privileges to read the repository role"),
|
||||
@ResponseCode(code = 404, condition = "not found, no repository role with the specified name available"),
|
||||
@ResponseCode(code = 500, condition = "internal server error")
|
||||
})
|
||||
public Response get(@PathParam("name") String name) {
|
||||
return adapter.get(name, repositoryRoleToDtoMapper::map);
|
||||
}
|
||||
|
||||
/**
|
||||
* Deletes a repository role.
|
||||
*
|
||||
* <strong>Note:</strong> This method requires "repositoryRole" privilege.
|
||||
*
|
||||
* @param name the name of the repository role to delete.
|
||||
*/
|
||||
@DELETE
|
||||
@Path("")
|
||||
@StatusCodes({
|
||||
@ResponseCode(code = 204, condition = "delete success or nothing to delete"),
|
||||
@ResponseCode(code = 401, condition = "not authenticated / invalid credentials"),
|
||||
@ResponseCode(code = 403, condition = "not authorized, the current user does not have the \"repositoryRole\" privilege"),
|
||||
@ResponseCode(code = 500, condition = "internal server error")
|
||||
})
|
||||
@TypeHint(TypeHint.NO_CONTENT.class)
|
||||
public Response delete(@PathParam("name") String name) {
|
||||
return adapter.delete(name);
|
||||
}
|
||||
|
||||
/**
|
||||
* Modifies the given repository role.
|
||||
*
|
||||
* <strong>Note:</strong> This method requires "repositoryRole" privilege.
|
||||
*
|
||||
* @param name name of the repository role to be modified
|
||||
* @param repositoryRole repository role object to modify
|
||||
*/
|
||||
@PUT
|
||||
@Path("")
|
||||
@Consumes(VndMediaType.REPOSITORY_ROLE)
|
||||
@StatusCodes({
|
||||
@ResponseCode(code = 204, condition = "update success"),
|
||||
@ResponseCode(code = 400, condition = "Invalid body, e.g. illegal change of repository role name"),
|
||||
@ResponseCode(code = 401, condition = "not authenticated / invalid credentials"),
|
||||
@ResponseCode(code = 403, condition = "not authorized, the current user does not have the \"repositoryRole\" privilege"),
|
||||
@ResponseCode(code = 404, condition = "not found, no repository role with the specified name available"),
|
||||
@ResponseCode(code = 500, condition = "internal server error")
|
||||
})
|
||||
@TypeHint(TypeHint.NO_CONTENT.class)
|
||||
public Response update(@PathParam("name") String name, @Valid RepositoryRoleDto repositoryRole) {
|
||||
return adapter.update(name, existing -> dtoToRepositoryRoleMapper.map(repositoryRole));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,34 @@
|
||||
package sonia.scm.api.v2.resources;
|
||||
|
||||
import javax.inject.Inject;
|
||||
import javax.inject.Provider;
|
||||
import javax.ws.rs.Path;
|
||||
|
||||
/**
|
||||
* RESTful web service resource to manage repository roles.
|
||||
*/
|
||||
@Path(RepositoryRoleRootResource.REPOSITORY_ROLES_PATH_V2)
|
||||
public class RepositoryRoleRootResource {
|
||||
|
||||
static final String REPOSITORY_ROLES_PATH_V2 = "v2/repositoryRoles/";
|
||||
|
||||
private final Provider<RepositoryRoleCollectionResource> repositoryRoleCollectionResource;
|
||||
private final Provider<RepositoryRoleResource> repositoryRoleResource;
|
||||
|
||||
@Inject
|
||||
public RepositoryRoleRootResource(Provider<RepositoryRoleCollectionResource> repositoryRoleCollectionResource,
|
||||
Provider<RepositoryRoleResource> repositoryRoleResource) {
|
||||
this.repositoryRoleCollectionResource = repositoryRoleCollectionResource;
|
||||
this.repositoryRoleResource = repositoryRoleResource;
|
||||
}
|
||||
|
||||
@Path("")
|
||||
public RepositoryRoleCollectionResource getRepositoryRoleCollectionResource() {
|
||||
return repositoryRoleCollectionResource.get();
|
||||
}
|
||||
|
||||
@Path("{name}")
|
||||
public RepositoryRoleResource getRepositoryRoleResource() {
|
||||
return repositoryRoleResource.get();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,41 @@
|
||||
package sonia.scm.api.v2.resources;
|
||||
|
||||
import de.otto.edison.hal.Embedded;
|
||||
import de.otto.edison.hal.Links;
|
||||
import org.mapstruct.Mapper;
|
||||
import org.mapstruct.ObjectFactory;
|
||||
import sonia.scm.repository.RepositoryRole;
|
||||
import sonia.scm.repository.RepositoryRolePermissions;
|
||||
|
||||
import javax.inject.Inject;
|
||||
|
||||
import static de.otto.edison.hal.Embedded.embeddedBuilder;
|
||||
import static de.otto.edison.hal.Link.link;
|
||||
import static de.otto.edison.hal.Links.linkingTo;
|
||||
|
||||
// Mapstruct does not support parameterized (i.e. non-default) constructors. Thus, we need to use field injection.
|
||||
@SuppressWarnings("squid:S3306")
|
||||
@Mapper
|
||||
public abstract class RepositoryRoleToRepositoryRoleDtoMapper extends BaseMapper<RepositoryRole, RepositoryRoleDto> {
|
||||
|
||||
@Inject
|
||||
private ResourceLinks resourceLinks;
|
||||
|
||||
@Override
|
||||
public abstract RepositoryRoleDto map(RepositoryRole modelObject);
|
||||
|
||||
@ObjectFactory
|
||||
RepositoryRoleDto createDto(RepositoryRole repositoryRole) {
|
||||
Links.Builder linksBuilder = linkingTo().self(resourceLinks.repositoryRole().self(repositoryRole.getName()));
|
||||
if (!"system".equals(repositoryRole.getType()) && RepositoryRolePermissions.modify().isPermitted()) {
|
||||
linksBuilder.single(link("delete", resourceLinks.repositoryRole().delete(repositoryRole.getName())));
|
||||
linksBuilder.single(link("update", resourceLinks.repositoryRole().update(repositoryRole.getName())));
|
||||
}
|
||||
|
||||
Embedded.Builder embeddedBuilder = embeddedBuilder();
|
||||
applyEnrichers(new EdisonHalAppender(linksBuilder, embeddedBuilder), repositoryRole);
|
||||
|
||||
return new RepositoryRoleDto(linksBuilder.build(), embeddedBuilder.build());
|
||||
}
|
||||
|
||||
}
|
||||
@@ -12,18 +12,18 @@ import javax.ws.rs.Path;
|
||||
import javax.ws.rs.Produces;
|
||||
|
||||
/**
|
||||
* RESTful Web Service Resource to get available repository types.
|
||||
* RESTful Web Service Resource to get available repository verbs.
|
||||
*/
|
||||
@Path(RepositoryPermissionResource.PATH)
|
||||
public class RepositoryPermissionResource {
|
||||
@Path(RepositoryVerbResource.PATH)
|
||||
public class RepositoryVerbResource {
|
||||
|
||||
static final String PATH = "v2/repositoryPermissions/";
|
||||
static final String PATH = "v2/repositoryVerbs/";
|
||||
|
||||
private final RepositoryPermissionProvider repositoryPermissionProvider;
|
||||
private final ResourceLinks resourceLinks;
|
||||
|
||||
@Inject
|
||||
public RepositoryPermissionResource(RepositoryPermissionProvider repositoryPermissionProvider, ResourceLinks resourceLinks) {
|
||||
public RepositoryVerbResource(RepositoryPermissionProvider repositoryPermissionProvider, ResourceLinks resourceLinks) {
|
||||
this.repositoryPermissionProvider = repositoryPermissionProvider;
|
||||
this.resourceLinks = resourceLinks;
|
||||
}
|
||||
@@ -34,10 +34,11 @@ public class RepositoryPermissionResource {
|
||||
@ResponseCode(code = 200, condition = "success"),
|
||||
@ResponseCode(code = 500, condition = "internal server error")
|
||||
})
|
||||
@Produces(VndMediaType.REPOSITORY_PERMISSION_COLLECTION)
|
||||
public AvailableRepositoryPermissionsDto get() {
|
||||
AvailableRepositoryPermissionsDto dto = new AvailableRepositoryPermissionsDto(repositoryPermissionProvider.availableVerbs(), repositoryPermissionProvider.availableRoles());
|
||||
dto.add(Links.linkingTo().self(resourceLinks.availableRepositoryPermissions().self()).build());
|
||||
return dto;
|
||||
@Produces(VndMediaType.REPOSITORY_VERB_COLLECTION)
|
||||
public RepositoryVerbsDto getAll() {
|
||||
return new RepositoryVerbsDto(
|
||||
Links.linkingTo().self(resourceLinks.repositoryVerbs().self()).build(),
|
||||
repositoryPermissionProvider.availableVerbs()
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,19 @@
|
||||
package sonia.scm.api.v2.resources;
|
||||
|
||||
import de.otto.edison.hal.HalRepresentation;
|
||||
import de.otto.edison.hal.Links;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
public class RepositoryVerbsDto extends HalRepresentation {
|
||||
private final Collection<String> verbs;
|
||||
|
||||
public RepositoryVerbsDto(Links links, Collection<String> verbs) {
|
||||
super(links);
|
||||
this.verbs = verbs;
|
||||
}
|
||||
|
||||
public Collection<String> getVerbs() {
|
||||
return verbs;
|
||||
}
|
||||
}
|
||||
@@ -172,7 +172,6 @@ class ResourceLinks {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
UserCollectionLinks userCollection() {
|
||||
return new UserCollectionLinks(scmPathInfoStore.get());
|
||||
}
|
||||
@@ -522,8 +521,66 @@ class ResourceLinks {
|
||||
public String content(String namespace, String name, String revision, String path) {
|
||||
return addPath(sourceLinkBuilder.method("getRepositoryResource").parameters(namespace, name).method("content").parameters().method("get").parameters(revision, "").href(), path);
|
||||
}
|
||||
}
|
||||
|
||||
RepositoryVerbLinks repositoryVerbs() {
|
||||
return new RepositoryVerbLinks(scmPathInfoStore.get());
|
||||
}
|
||||
|
||||
static class RepositoryVerbLinks {
|
||||
private final LinkBuilder repositoryVerbLinkBuilder;
|
||||
|
||||
RepositoryVerbLinks(ScmPathInfo pathInfo) {
|
||||
repositoryVerbLinkBuilder = new LinkBuilder(pathInfo, RepositoryVerbResource.class);
|
||||
}
|
||||
|
||||
String self() {
|
||||
return repositoryVerbLinkBuilder.method("getAll").parameters().href();
|
||||
}
|
||||
}
|
||||
|
||||
RepositoryRoleLinks repositoryRole() {
|
||||
return new RepositoryRoleLinks(scmPathInfoStore.get());
|
||||
}
|
||||
|
||||
static class RepositoryRoleLinks {
|
||||
private final LinkBuilder repositoryRoleLinkBuilder;
|
||||
|
||||
RepositoryRoleLinks(ScmPathInfo pathInfo) {
|
||||
repositoryRoleLinkBuilder = new LinkBuilder(pathInfo, RepositoryRoleRootResource.class, RepositoryRoleResource.class);
|
||||
}
|
||||
|
||||
String self(String name) {
|
||||
return repositoryRoleLinkBuilder.method("getRepositoryRoleResource").parameters(name).method("get").parameters().href();
|
||||
}
|
||||
|
||||
String delete(String name) {
|
||||
return repositoryRoleLinkBuilder.method("getRepositoryRoleResource").parameters(name).method("delete").parameters().href();
|
||||
}
|
||||
|
||||
String update(String name) {
|
||||
return repositoryRoleLinkBuilder.method("getRepositoryRoleResource").parameters(name).method("update").parameters().href();
|
||||
}
|
||||
}
|
||||
|
||||
RepositoryRoleCollectionLinks repositoryRoleCollection() {
|
||||
return new RepositoryRoleCollectionLinks(scmPathInfoStore.get());
|
||||
}
|
||||
|
||||
static class RepositoryRoleCollectionLinks {
|
||||
private final LinkBuilder collectionLinkBuilder;
|
||||
|
||||
RepositoryRoleCollectionLinks(ScmPathInfo pathInfo) {
|
||||
collectionLinkBuilder = new LinkBuilder(pathInfo, RepositoryRoleRootResource.class, RepositoryRoleCollectionResource.class);
|
||||
}
|
||||
|
||||
String self() {
|
||||
return collectionLinkBuilder.method("getRepositoryRoleCollectionResource").parameters().method("getAll").parameters().href();
|
||||
}
|
||||
|
||||
String create() {
|
||||
return collectionLinkBuilder.method("getRepositoryRoleCollectionResource").parameters().method("create").parameters().href();
|
||||
}
|
||||
}
|
||||
|
||||
public RepositoryPermissionLinks repositoryPermission() {
|
||||
@@ -669,20 +726,4 @@ class ResourceLinks {
|
||||
return permissionsLinkBuilder.method("getAll").parameters().href();
|
||||
}
|
||||
}
|
||||
|
||||
public AvailableRepositoryPermissionLinks availableRepositoryPermissions() {
|
||||
return new AvailableRepositoryPermissionLinks(scmPathInfoStore.get());
|
||||
}
|
||||
|
||||
static class AvailableRepositoryPermissionLinks {
|
||||
private final LinkBuilder linkBuilder;
|
||||
|
||||
AvailableRepositoryPermissionLinks(ScmPathInfo scmPathInfo) {
|
||||
this.linkBuilder = new LinkBuilder(scmPathInfo, RepositoryPermissionResource.class);
|
||||
}
|
||||
|
||||
String self() {
|
||||
return linkBuilder.method("get").parameters().href();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,217 @@
|
||||
/**
|
||||
* Copyright (c) 2010, Sebastian Sdorra
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
* 3. Neither the name of SCM-Manager; nor the names of its
|
||||
* contributors may be used to endorse or promote products derived from this
|
||||
* software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
||||
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
|
||||
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
||||
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* http://bitbucket.org/sdorra/scm-manager
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
|
||||
package sonia.scm.repository;
|
||||
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Singleton;
|
||||
import org.apache.shiro.authz.UnauthorizedException;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import sonia.scm.EagerSingleton;
|
||||
import sonia.scm.HandlerEventType;
|
||||
import sonia.scm.ManagerDaoAdapter;
|
||||
import sonia.scm.NotFoundException;
|
||||
import sonia.scm.SCMContextProvider;
|
||||
import sonia.scm.security.RepositoryPermissionProvider;
|
||||
import sonia.scm.util.Util;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.Comparator;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.function.Predicate;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
@Singleton @EagerSingleton
|
||||
public class DefaultRepositoryRoleManager extends AbstractRepositoryRoleManager
|
||||
{
|
||||
|
||||
/** the logger for XmlRepositoryRoleManager */
|
||||
private static final Logger logger =
|
||||
LoggerFactory.getLogger(DefaultRepositoryRoleManager.class);
|
||||
|
||||
@Inject
|
||||
public DefaultRepositoryRoleManager(RepositoryRoleDAO repositoryRoleDAO, RepositoryPermissionProvider repositoryPermissionProvider)
|
||||
{
|
||||
this.repositoryRoleDAO = repositoryRoleDAO;
|
||||
this.managerDaoAdapter = new ManagerDaoAdapter<>(repositoryRoleDAO);
|
||||
this.repositoryPermissionProvider = repositoryPermissionProvider;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void close() {
|
||||
// do nothing
|
||||
}
|
||||
|
||||
@Override
|
||||
public RepositoryRole create(RepositoryRole repositoryRole) {
|
||||
assertNoSystemRole(repositoryRole);
|
||||
String type = repositoryRole.getType();
|
||||
if (Util.isEmpty(type)) {
|
||||
repositoryRole.setType(repositoryRoleDAO.getType());
|
||||
}
|
||||
|
||||
logger.info("create repositoryRole {} of type {}", repositoryRole.getName(), repositoryRole.getType());
|
||||
|
||||
return managerDaoAdapter.create(
|
||||
repositoryRole,
|
||||
RepositoryRolePermissions::modify,
|
||||
newRepositoryRole -> fireEvent(HandlerEventType.BEFORE_CREATE, newRepositoryRole),
|
||||
newRepositoryRole -> fireEvent(HandlerEventType.CREATE, newRepositoryRole)
|
||||
);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void delete(RepositoryRole repositoryRole) {
|
||||
assertNoSystemRole(repositoryRole);
|
||||
logger.info("delete repositoryRole {} of type {}", repositoryRole.getName(), repositoryRole.getType());
|
||||
managerDaoAdapter.delete(
|
||||
repositoryRole,
|
||||
RepositoryRolePermissions::modify,
|
||||
toDelete -> fireEvent(HandlerEventType.BEFORE_DELETE, toDelete),
|
||||
toDelete -> fireEvent(HandlerEventType.DELETE, toDelete)
|
||||
);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void init(SCMContextProvider context) {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void modify(RepositoryRole repositoryRole) {
|
||||
assertNoSystemRole(repositoryRole);
|
||||
logger.info("modify repositoryRole {} of type {}", repositoryRole.getName(), repositoryRole.getType());
|
||||
managerDaoAdapter.modify(
|
||||
repositoryRole,
|
||||
x -> RepositoryRolePermissions.modify(),
|
||||
notModified -> fireEvent(HandlerEventType.BEFORE_MODIFY, repositoryRole, notModified),
|
||||
notModified -> fireEvent(HandlerEventType.MODIFY, repositoryRole, notModified));
|
||||
}
|
||||
|
||||
@Override
|
||||
public void refresh(RepositoryRole repositoryRole) {
|
||||
logger.info("refresh repositoryRole {} of type {}", repositoryRole.getName(), repositoryRole.getType());
|
||||
|
||||
RepositoryRolePermissions.read().check();
|
||||
RepositoryRole fresh = repositoryRoleDAO.get(repositoryRole.getName());
|
||||
|
||||
if (fresh == null) {
|
||||
throw new NotFoundException(RepositoryRole.class, repositoryRole.getName());
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public RepositoryRole get(String id) {
|
||||
RepositoryRolePermissions.read().check();
|
||||
|
||||
return findSystemRole(id).orElse(findCustomRole(id));
|
||||
}
|
||||
|
||||
private void assertNoSystemRole(RepositoryRole repositoryRole) {
|
||||
if (findSystemRole(repositoryRole.getId()).isPresent()) {
|
||||
throw new UnauthorizedException("system roles cannot be modified");
|
||||
}
|
||||
}
|
||||
|
||||
private RepositoryRole findCustomRole(String id) {
|
||||
RepositoryRole repositoryRole = repositoryRoleDAO.get(id);
|
||||
|
||||
if (repositoryRole != null) {
|
||||
return repositoryRole.clone();
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
private Optional<RepositoryRole> findSystemRole(String id) {
|
||||
return repositoryPermissionProvider
|
||||
.availableRoles()
|
||||
.stream()
|
||||
.filter(role -> !repositoryRoleDAO.getType().equals(role.getType()))
|
||||
.filter(role -> role.getName().equals(id)).findFirst();
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<RepositoryRole> getAll() {
|
||||
List<RepositoryRole> repositoryRoles = new ArrayList<>();
|
||||
|
||||
if (!RepositoryRolePermissions.read().isPermitted()) {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
for (RepositoryRole repositoryRole : repositoryPermissionProvider.availableRoles()) {
|
||||
repositoryRoles.add(repositoryRole.clone());
|
||||
}
|
||||
|
||||
return repositoryRoles;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Collection<RepositoryRole> getAll(Predicate<RepositoryRole> filter, Comparator<RepositoryRole> comparator) {
|
||||
List<RepositoryRole> repositoryRoles = getAll();
|
||||
|
||||
List<RepositoryRole> filteredRoles = repositoryRoles.stream().filter(filter::test).collect(Collectors.toList());
|
||||
|
||||
if (comparator != null) {
|
||||
filteredRoles.sort(comparator);
|
||||
}
|
||||
|
||||
return filteredRoles;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Collection<RepositoryRole> getAll(Comparator<RepositoryRole> comaparator, int start, int limit) {
|
||||
return Util.createSubCollection(getAll(), comaparator,
|
||||
(collection, item) -> {
|
||||
collection.add(item.clone());
|
||||
}, start, limit);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Collection<RepositoryRole> getAll(int start, int limit)
|
||||
{
|
||||
return getAll(null, start, limit);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Long getLastModified()
|
||||
{
|
||||
return repositoryRoleDAO.getLastModified();
|
||||
}
|
||||
|
||||
private final RepositoryRoleDAO repositoryRoleDAO;
|
||||
private final ManagerDaoAdapter<RepositoryRole> managerDaoAdapter;
|
||||
private final RepositoryPermissionProvider repositoryPermissionProvider;
|
||||
}
|
||||
@@ -52,7 +52,6 @@ import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import sonia.scm.cache.Cache;
|
||||
import sonia.scm.cache.CacheManager;
|
||||
import sonia.scm.config.ScmConfiguration;
|
||||
import sonia.scm.group.GroupNames;
|
||||
import sonia.scm.group.GroupPermissions;
|
||||
import sonia.scm.plugin.Extension;
|
||||
@@ -64,7 +63,6 @@ import sonia.scm.user.UserPermissions;
|
||||
import sonia.scm.util.Util;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Set;
|
||||
|
||||
//~--- JDK imports ------------------------------------------------------------
|
||||
|
||||
@@ -90,18 +88,19 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
|
||||
|
||||
/**
|
||||
* Constructs ...
|
||||
*
|
||||
* @param cacheManager
|
||||
* @param cacheManager
|
||||
* @param repositoryDAO
|
||||
* @param securitySystem
|
||||
* @param repositoryPermissionProvider
|
||||
*/
|
||||
@Inject
|
||||
public DefaultAuthorizationCollector(CacheManager cacheManager,
|
||||
RepositoryDAO repositoryDAO, SecuritySystem securitySystem)
|
||||
RepositoryDAO repositoryDAO, SecuritySystem securitySystem, RepositoryPermissionProvider repositoryPermissionProvider)
|
||||
{
|
||||
this.cache = cacheManager.getCache(CACHE_NAME);
|
||||
this.repositoryDAO = repositoryDAO;
|
||||
this.securitySystem = securitySystem;
|
||||
this.repositoryPermissionProvider = repositoryPermissionProvider;
|
||||
}
|
||||
|
||||
//~--- methods --------------------------------------------------------------
|
||||
@@ -201,16 +200,8 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
|
||||
for (RepositoryPermission permission : repositoryPermissions)
|
||||
{
|
||||
hasPermission = isUserPermitted(user, groups, permission);
|
||||
if (hasPermission && !permission.getVerbs().isEmpty())
|
||||
{
|
||||
String perm = "repository:" + String.join(",", permission.getVerbs()) + ":" + repository.getId();
|
||||
if (logger.isTraceEnabled())
|
||||
{
|
||||
logger.trace("add repository permission {} for user {} at repository {}",
|
||||
perm, user.getName(), repository.getName());
|
||||
}
|
||||
|
||||
builder.add(perm);
|
||||
if (hasPermission) {
|
||||
addRepositoryPermission(builder, repository, user, permission);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -226,6 +217,34 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
|
||||
}
|
||||
}
|
||||
|
||||
private void addRepositoryPermission(Builder<String> builder, Repository repository, User user, RepositoryPermission permission) {
|
||||
Collection<String> verbs = getVerbs(permission);
|
||||
if (!verbs.isEmpty())
|
||||
{
|
||||
String perm = "repository:" + String.join(",", verbs) + ":" + repository.getId();
|
||||
if (logger.isTraceEnabled())
|
||||
{
|
||||
logger.trace("add repository permission {} for user {} at repository {}",
|
||||
perm, user.getName(), repository.getName());
|
||||
}
|
||||
|
||||
builder.add(perm);
|
||||
}
|
||||
}
|
||||
|
||||
private Collection<String> getVerbs(RepositoryPermission permission) {
|
||||
return permission.getRole() == null? permission.getVerbs(): getVerbsForRole(permission.getRole());
|
||||
}
|
||||
|
||||
private Collection<String> getVerbsForRole(String roleName) {
|
||||
return repositoryPermissionProvider.availableRoles()
|
||||
.stream()
|
||||
.filter(role -> roleName.equals(role.getName()))
|
||||
.findFirst()
|
||||
.orElseThrow(() -> new IllegalStateException("unknown role: " + roleName))
|
||||
.getVerbs();
|
||||
}
|
||||
|
||||
private AuthorizationInfo createAuthorizationInfo(User user, GroupNames groups) {
|
||||
Builder<String> builder = ImmutableSet.builder();
|
||||
|
||||
@@ -353,4 +372,6 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
|
||||
|
||||
/** security system */
|
||||
private final SecuritySystem securitySystem;
|
||||
|
||||
private final RepositoryPermissionProvider repositoryPermissionProvider;
|
||||
}
|
||||
|
||||
@@ -1,147 +1,42 @@
|
||||
package sonia.scm.security;
|
||||
|
||||
import com.google.inject.Inject;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import sonia.scm.plugin.PluginLoader;
|
||||
import sonia.scm.repository.RepositoryRole;
|
||||
import sonia.scm.repository.RepositoryRoleDAO;
|
||||
|
||||
import javax.xml.bind.JAXBContext;
|
||||
import javax.xml.bind.JAXBException;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
import javax.xml.bind.annotation.XmlAccessorType;
|
||||
import javax.xml.bind.annotation.XmlElement;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
import java.io.IOException;
|
||||
import java.net.URL;
|
||||
import java.util.ArrayList;
|
||||
import java.util.AbstractList;
|
||||
import java.util.Collection;
|
||||
import java.util.Enumeration;
|
||||
import java.util.LinkedHashSet;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.Set;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import static java.util.Collections.unmodifiableCollection;
|
||||
import java.util.List ;
|
||||
|
||||
public class RepositoryPermissionProvider {
|
||||
|
||||
private static final Logger logger = LoggerFactory.getLogger(RepositoryPermissionProvider.class);
|
||||
private static final String REPOSITORY_PERMISSION_DESCRIPTOR = "META-INF/scm/repository-permissions.xml";
|
||||
private final Collection<String> availableVerbs;
|
||||
private final Collection<RepositoryRole> availableRoles;
|
||||
private final SystemRepositoryPermissionProvider systemRepositoryPermissionProvider;
|
||||
private final RepositoryRoleDAO repositoryRoleDAO;
|
||||
|
||||
@Inject
|
||||
public RepositoryPermissionProvider(PluginLoader pluginLoader) {
|
||||
AvailableRepositoryPermissions availablePermissions = readAvailablePermissions(pluginLoader);
|
||||
this.availableVerbs = unmodifiableCollection(new LinkedHashSet<>(availablePermissions.availableVerbs));
|
||||
this.availableRoles = unmodifiableCollection(new LinkedHashSet<>(availablePermissions.availableRoles.stream().map(r -> new RepositoryRole(r.name, r.verbs.verbs)).collect(Collectors.toList())));
|
||||
public RepositoryPermissionProvider(SystemRepositoryPermissionProvider systemRepositoryPermissionProvider, RepositoryRoleDAO repositoryRoleDAO) {
|
||||
this.systemRepositoryPermissionProvider = systemRepositoryPermissionProvider;
|
||||
this.repositoryRoleDAO = repositoryRoleDAO;
|
||||
}
|
||||
|
||||
public Collection<String> availableVerbs() {
|
||||
return availableVerbs;
|
||||
return systemRepositoryPermissionProvider.availableVerbs();
|
||||
}
|
||||
|
||||
public Collection<RepositoryRole> availableRoles() {
|
||||
return availableRoles;
|
||||
}
|
||||
List<RepositoryRole> availableSystemRoles = systemRepositoryPermissionProvider.availableRoles();
|
||||
List<RepositoryRole> customRoles = repositoryRoleDAO.getAll();
|
||||
|
||||
private static AvailableRepositoryPermissions readAvailablePermissions(PluginLoader pluginLoader) {
|
||||
Collection<String> availableVerbs = new ArrayList<>();
|
||||
Collection<RoleDescriptor> availableRoles = new ArrayList<>();
|
||||
|
||||
try {
|
||||
JAXBContext context =
|
||||
JAXBContext.newInstance(RepositoryPermissionsRoot.class);
|
||||
|
||||
// Querying permissions from uberClassLoader returns also the permissions from plugin
|
||||
Enumeration<URL> descriptorEnum =
|
||||
pluginLoader.getUberClassLoader().getResources(REPOSITORY_PERMISSION_DESCRIPTOR);
|
||||
|
||||
while (descriptorEnum.hasMoreElements()) {
|
||||
URL descriptorUrl = descriptorEnum.nextElement();
|
||||
|
||||
logger.debug("read repository permission descriptor from {}", descriptorUrl);
|
||||
|
||||
RepositoryPermissionsRoot repositoryPermissionsRoot = parsePermissionDescriptor(context, descriptorUrl);
|
||||
availableVerbs.addAll(repositoryPermissionsRoot.verbs.verbs);
|
||||
mergeRolesInto(availableRoles, repositoryPermissionsRoot.roles.roles);
|
||||
return new AbstractList<RepositoryRole>() {
|
||||
@Override
|
||||
public RepositoryRole get(int index) {
|
||||
return index < availableSystemRoles.size()? availableSystemRoles.get(index): customRoles.get(index - availableSystemRoles.size());
|
||||
}
|
||||
} catch (IOException ex) {
|
||||
logger.error("could not read permission descriptors", ex);
|
||||
} catch (JAXBException ex) {
|
||||
logger.error(
|
||||
"could not create jaxb context to read permission descriptors", ex);
|
||||
}
|
||||
|
||||
return new AvailableRepositoryPermissions(availableVerbs, availableRoles);
|
||||
}
|
||||
|
||||
private static void mergeRolesInto(Collection<RoleDescriptor> targetRoles, List<RoleDescriptor> additionalRoles) {
|
||||
additionalRoles.forEach(r -> addOrMergeInto(targetRoles, r));
|
||||
}
|
||||
|
||||
private static void addOrMergeInto(Collection<RoleDescriptor> targetRoles, RoleDescriptor additionalRole) {
|
||||
Optional<RoleDescriptor> existingRole = targetRoles
|
||||
.stream()
|
||||
.filter(r -> r.name.equals(additionalRole.name))
|
||||
.findFirst();
|
||||
if (existingRole.isPresent()) {
|
||||
existingRole.get().verbs.verbs.addAll(additionalRole.verbs.verbs);
|
||||
} else {
|
||||
targetRoles.add(additionalRole);
|
||||
}
|
||||
}
|
||||
|
||||
private static RepositoryPermissionsRoot parsePermissionDescriptor(JAXBContext context, URL descriptorUrl) {
|
||||
try {
|
||||
RepositoryPermissionsRoot descriptorWrapper =
|
||||
(RepositoryPermissionsRoot) context.createUnmarshaller().unmarshal(
|
||||
descriptorUrl);
|
||||
logger.trace("repository permissions from {}: {}", descriptorUrl, descriptorWrapper.verbs.verbs);
|
||||
logger.trace("repository roles from {}: {}", descriptorUrl, descriptorWrapper.roles.roles);
|
||||
return descriptorWrapper;
|
||||
} catch (JAXBException ex) {
|
||||
logger.error("could not parse permission descriptor", ex);
|
||||
return new RepositoryPermissionsRoot();
|
||||
}
|
||||
}
|
||||
|
||||
private static class AvailableRepositoryPermissions {
|
||||
private final Collection<String> availableVerbs;
|
||||
private final Collection<RoleDescriptor> availableRoles;
|
||||
|
||||
private AvailableRepositoryPermissions(Collection<String> availableVerbs, Collection<RoleDescriptor> availableRoles) {
|
||||
this.availableVerbs = unmodifiableCollection(availableVerbs);
|
||||
this.availableRoles = unmodifiableCollection(availableRoles);
|
||||
}
|
||||
}
|
||||
|
||||
@XmlRootElement(name = "repository-permissions")
|
||||
@XmlAccessorType(XmlAccessType.FIELD)
|
||||
private static class RepositoryPermissionsRoot {
|
||||
private VerbListDescriptor verbs = new VerbListDescriptor();
|
||||
private RoleListDescriptor roles = new RoleListDescriptor();
|
||||
}
|
||||
|
||||
@XmlRootElement(name = "verbs")
|
||||
private static class VerbListDescriptor {
|
||||
@XmlElement(name = "verb")
|
||||
private Set<String> verbs = new LinkedHashSet<>();
|
||||
}
|
||||
|
||||
@XmlRootElement(name = "roles")
|
||||
private static class RoleListDescriptor {
|
||||
@XmlElement(name = "role")
|
||||
private List<RoleDescriptor> roles = new ArrayList<>();
|
||||
}
|
||||
|
||||
@XmlRootElement(name = "role")
|
||||
@XmlAccessorType(XmlAccessType.FIELD)
|
||||
public static class RoleDescriptor {
|
||||
@XmlElement(name = "name")
|
||||
private String name;
|
||||
@XmlElement(name = "verbs")
|
||||
private VerbListDescriptor verbs = new VerbListDescriptor();
|
||||
@Override
|
||||
public int size() {
|
||||
return availableSystemRoles.size() + customRoles.size();
|
||||
}
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,43 +0,0 @@
|
||||
package sonia.scm.security;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.Objects;
|
||||
|
||||
public class RepositoryRole {
|
||||
|
||||
private final String name;
|
||||
private final Collection<String> verbs;
|
||||
|
||||
public RepositoryRole(String name, Collection<String> verbs) {
|
||||
this.name = name;
|
||||
this.verbs = verbs;
|
||||
}
|
||||
|
||||
public String getName() {
|
||||
return name;
|
||||
}
|
||||
|
||||
public Collection<String> getVerbs() {
|
||||
return Collections.unmodifiableCollection(verbs);
|
||||
}
|
||||
|
||||
public String toString() {
|
||||
return "Role " + name + " (" + String.join(", ", verbs) + ")";
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object o) {
|
||||
if (this == o) return true;
|
||||
if (!(o instanceof RepositoryRole)) return false;
|
||||
RepositoryRole that = (RepositoryRole) o;
|
||||
return name.equals(that.name)
|
||||
&& this.verbs.containsAll(that.verbs)
|
||||
&& this.verbs.size() == that.verbs.size();
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hash(name, verbs.size());
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,152 @@
|
||||
package sonia.scm.security;
|
||||
|
||||
import com.google.inject.Inject;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import sonia.scm.plugin.PluginLoader;
|
||||
import sonia.scm.repository.RepositoryRole;
|
||||
|
||||
import javax.xml.bind.JAXBContext;
|
||||
import javax.xml.bind.JAXBException;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
import javax.xml.bind.annotation.XmlAccessorType;
|
||||
import javax.xml.bind.annotation.XmlElement;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
import java.io.IOException;
|
||||
import java.net.URL;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.Enumeration;
|
||||
import java.util.LinkedHashSet;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.Set;
|
||||
|
||||
import static java.util.Collections.unmodifiableCollection;
|
||||
import static java.util.stream.Collectors.toList;
|
||||
|
||||
class SystemRepositoryPermissionProvider {
|
||||
|
||||
private static final Logger logger = LoggerFactory.getLogger(SystemRepositoryPermissionProvider.class);
|
||||
private static final String REPOSITORY_PERMISSION_DESCRIPTOR = "META-INF/scm/repository-permissions.xml";
|
||||
private final List<String> availableVerbs;
|
||||
private final List<RepositoryRole> availableRoles;
|
||||
|
||||
@Inject
|
||||
public SystemRepositoryPermissionProvider(PluginLoader pluginLoader) {
|
||||
AvailableRepositoryPermissions availablePermissions = readAvailablePermissions(pluginLoader);
|
||||
this.availableVerbs = removeDuplicates(availablePermissions.availableVerbs);
|
||||
this.availableRoles = removeDuplicates(availablePermissions.availableRoles.stream().map(r -> new RepositoryRole(r.name, r.verbs.verbs, "system")).collect(toList()));
|
||||
}
|
||||
|
||||
public List<String> availableVerbs() {
|
||||
return availableVerbs;
|
||||
}
|
||||
|
||||
public List<RepositoryRole> availableRoles() {
|
||||
return availableRoles;
|
||||
}
|
||||
|
||||
private static AvailableRepositoryPermissions readAvailablePermissions(PluginLoader pluginLoader) {
|
||||
Collection<String> availableVerbs = new ArrayList<>();
|
||||
Collection<RoleDescriptor> availableRoles = new ArrayList<>();
|
||||
|
||||
try {
|
||||
JAXBContext context =
|
||||
JAXBContext.newInstance(RepositoryPermissionsRoot.class);
|
||||
|
||||
// Querying permissions from uberClassLoader returns also the permissions from plugin
|
||||
Enumeration<URL> descriptorEnum =
|
||||
pluginLoader.getUberClassLoader().getResources(REPOSITORY_PERMISSION_DESCRIPTOR);
|
||||
|
||||
while (descriptorEnum.hasMoreElements()) {
|
||||
URL descriptorUrl = descriptorEnum.nextElement();
|
||||
|
||||
logger.debug("read repository permission descriptor from {}", descriptorUrl);
|
||||
|
||||
RepositoryPermissionsRoot repositoryPermissionsRoot = parsePermissionDescriptor(context, descriptorUrl);
|
||||
availableVerbs.addAll(repositoryPermissionsRoot.verbs.verbs);
|
||||
mergeRolesInto(availableRoles, repositoryPermissionsRoot.roles.roles);
|
||||
}
|
||||
} catch (IOException ex) {
|
||||
logger.error("could not read permission descriptors", ex);
|
||||
} catch (JAXBException ex) {
|
||||
logger.error(
|
||||
"could not create jaxb context to read permission descriptors", ex);
|
||||
}
|
||||
|
||||
return new AvailableRepositoryPermissions(availableVerbs, availableRoles);
|
||||
}
|
||||
|
||||
private static void mergeRolesInto(Collection<RoleDescriptor> targetRoles, List<RoleDescriptor> additionalRoles) {
|
||||
additionalRoles.forEach(r -> addOrMergeInto(targetRoles, r));
|
||||
}
|
||||
|
||||
private static void addOrMergeInto(Collection<RoleDescriptor> targetRoles, RoleDescriptor additionalRole) {
|
||||
Optional<RoleDescriptor> existingRole = targetRoles
|
||||
.stream()
|
||||
.filter(r -> r.name.equals(additionalRole.name))
|
||||
.findFirst();
|
||||
if (existingRole.isPresent()) {
|
||||
existingRole.get().verbs.verbs.addAll(additionalRole.verbs.verbs);
|
||||
} else {
|
||||
targetRoles.add(additionalRole);
|
||||
}
|
||||
}
|
||||
|
||||
private static RepositoryPermissionsRoot parsePermissionDescriptor(JAXBContext context, URL descriptorUrl) {
|
||||
try {
|
||||
RepositoryPermissionsRoot descriptorWrapper =
|
||||
(RepositoryPermissionsRoot) context.createUnmarshaller().unmarshal(
|
||||
descriptorUrl);
|
||||
logger.trace("repository permissions from {}: {}", descriptorUrl, descriptorWrapper.verbs.verbs);
|
||||
logger.trace("repository roles from {}: {}", descriptorUrl, descriptorWrapper.roles.roles);
|
||||
return descriptorWrapper;
|
||||
} catch (JAXBException ex) {
|
||||
logger.error("could not parse permission descriptor", ex);
|
||||
return new RepositoryPermissionsRoot();
|
||||
}
|
||||
}
|
||||
|
||||
private static <T> List<T> removeDuplicates(Collection<T> items) {
|
||||
return items.stream().distinct().collect(toList());
|
||||
}
|
||||
|
||||
private static class AvailableRepositoryPermissions {
|
||||
private final Collection<String> availableVerbs;
|
||||
private final Collection<RoleDescriptor> availableRoles;
|
||||
|
||||
private AvailableRepositoryPermissions(Collection<String> availableVerbs, Collection<RoleDescriptor> availableRoles) {
|
||||
this.availableVerbs = unmodifiableCollection(availableVerbs);
|
||||
this.availableRoles = unmodifiableCollection(availableRoles);
|
||||
}
|
||||
}
|
||||
|
||||
@XmlRootElement(name = "repository-permissions")
|
||||
@XmlAccessorType(XmlAccessType.FIELD)
|
||||
private static class RepositoryPermissionsRoot {
|
||||
private VerbListDescriptor verbs = new VerbListDescriptor();
|
||||
private RoleListDescriptor roles = new RoleListDescriptor();
|
||||
}
|
||||
|
||||
@XmlRootElement(name = "verbs")
|
||||
private static class VerbListDescriptor {
|
||||
@XmlElement(name = "verb")
|
||||
private Set<String> verbs = new LinkedHashSet<>();
|
||||
}
|
||||
|
||||
@XmlRootElement(name = "roles")
|
||||
private static class RoleListDescriptor {
|
||||
@XmlElement(name = "role")
|
||||
private List<RoleDescriptor> roles = new ArrayList<>();
|
||||
}
|
||||
|
||||
@XmlRootElement(name = "role")
|
||||
@XmlAccessorType(XmlAccessType.FIELD)
|
||||
public static class RoleDescriptor {
|
||||
@XmlElement(name = "name")
|
||||
private String name;
|
||||
@XmlElement(name = "verbs")
|
||||
private VerbListDescriptor verbs = new VerbListDescriptor();
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user