merge with branch issue-73

scm-webapp/pom.xml

@@ -362,7 +362,7 @@
     <aether.version>1.13</aether.version>
     <wagon.version>1.0</wagon.version>
     <maven.version>3.0.3</maven.version>
-    <netbeans.hint.deploy.server>gfv3ee6</netbeans.hint.deploy.server>
+    <netbeans.hint.deploy.server>Tomcat</netbeans.hint.deploy.server>
   </properties>
 
   <profiles>

scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java

@@ -123,43 +123,82 @@ public class BasicSecurityContext implements WebSecurityContext
     AuthenticationResult ar = authenticator.authenticate(request, response,
                                 username, password);
 
-    if (ar != null)
+    if ((ar != null) && (ar.getState() == AuthenticationState.SUCCESS))
     {
       user = ar.getUser();
 
       try
       {
+        Set<String> groupSet = new HashSet<String>();
+
+        // load external groups
+        Collection<String> extGroups = ar.getGroups();
+
+        if (extGroups != null)
+        {
+          groupSet.addAll(extGroups);
+        }
+
+        // load internal groups
+        loadGroups(groupSet);
+
+        // check for admin user
+        if (!user.isAdmin())
+        {
+          user.setAdmin(isAdmin(groupSet));
+
+          if (logger.isDebugEnabled() && user.isAdmin())
+          {
+            logger.debug("user '{}' is marked as admin by configuration",
+                         user.getType(), user.getName());
+          }
+        }
+        else if (logger.isDebugEnabled())
+        {
+          logger.debug("authenticator {} marked user '{}' as admin",
+                       user.getType(), user.getName());
+        }
+
+        // store user
         User dbUser = userManager.get(user.getName());
 
-        if ((dbUser != null) && user.copyProperties(dbUser, false))
+        if (dbUser != null)
         {
-          userManager.modify(dbUser);
+
+          // if database user is an admin, set admin for the current user
+          if (dbUser.isAdmin())
+          {
+            if (logger.isDebugEnabled())
+            {
+              logger.debug("user '{}' is marked as admin by local database",
+                           user.getType(), user.getName());
+            }
+
+            user.setAdmin(true);
+          }
+
+          // modify existing user, copy properties except password and admin
+          if (user.copyProperties(dbUser, false))
+          {
+            userManager.modify(dbUser);
+          }
         }
+
+        // create new user
         else if (dbUser == null)
         {
           userManager.create(user);
         }
 
-        Collection<String> groupCollection = ar.getGroups();
+        groups = groupSet;
-
-        if (groupCollection != null)
-        {
-          groups.addAll(groupCollection);
-        }
-
-        loadGroups();
-
-        if (!user.isAdmin())
-        {
-          user.setAdmin(isAdmin());
-        }
 
         if (logger.isDebugEnabled())
         {
           logGroups();
         }
 
-        String credentials = dbUser.getName();
+        // store encrypted credentials in session
+        String credentials = user.getName();
 
         if (Util.isNotEmpty(password))
         {
@@ -172,6 +211,12 @@ public class BasicSecurityContext implements WebSecurityContext
       catch (Exception ex)
       {
         user = null;
+
+        if (groups != null)
+        {
+          groups.clear();
+        }
+
         logger.error("authentication failed", ex);
       }
     }
@@ -253,8 +298,10 @@ public class BasicSecurityContext implements WebSecurityContext
   /**
    * Method description
    *
+   *
+   * @param groupSet
    */
-  private void loadGroups()
+  private void loadGroups(Set<String> groupSet)
   {
     Collection<Group> groupCollection =
       groupManager.getGroupsForMember(user.getName());
@@ -263,7 +310,7 @@ public class BasicSecurityContext implements WebSecurityContext
     {
       for (Group group : groupCollection)
       {
-        groups.add(group.getName());
+        groupSet.add(group.getName());
       }
     }
   }
@@ -308,9 +355,11 @@ public class BasicSecurityContext implements WebSecurityContext
    * Method description
    *
    *
+   *
+   * @param groups
    * @return
    */
-  private boolean isAdmin()
+  private boolean isAdmin(Collection<String> groups)
   {
     boolean result = false;
     Set<String> adminUsers = configuration.getAdminUsers();

scm-webapp/src/main/webapp/resources/js/user/sonia.user.formpanel.js

@@ -62,12 +62,14 @@ Sonia.user.FormPanel = Ext.extend(Sonia.rest.FormPanel,{
       fieldLabel: this.displayNameText,
       name: 'displayName',
       allowBlank: false,
+      readOnly: this.item != null && this.item != 'xml',
       helpText: this.displayNameHelpText
     },{
       fieldLabel: this.mailText,
       name: 'mail',
       allowBlank: true,
       vtype: 'email',
+      readOnly: this.item != null && this.item != 'xml',
       helpText: this.mailHelpText
     }];