merge with branch issue-73

2025-11-10 23:45:44 +01:00 · 2011-11-15 22:02:42 +01:00
parent f63c94e3aa 46de287fe7
commit f574d605e3
3 changed files with 72 additions and 21 deletions
--- a/scm-webapp/pom.xml
+++ b/scm-webapp/pom.xml
@@ -362,7 +362,7 @@
    <aether.version>1.13</aether.version>
    <wagon.version>1.0</wagon.version>
    <maven.version>3.0.3</maven.version>
-    <netbeans.hint.deploy.server>gfv3ee6</netbeans.hint.deploy.server>
+    <netbeans.hint.deploy.server>Tomcat</netbeans.hint.deploy.server>
  </properties>

  <profiles>
--- a/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
+++ b/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
@@ -123,43 +123,82 @@ public class BasicSecurityContext implements WebSecurityContext
    AuthenticationResult ar = authenticator.authenticate(request, response,
                                username, password);

-    if (ar != null)
+    if ((ar != null) && (ar.getState() == AuthenticationState.SUCCESS))
    {
      user = ar.getUser();

      try
      {
+        Set<String> groupSet = new HashSet<String>();
+
+        // load external groups
+        Collection<String> extGroups = ar.getGroups();
+
+        if (extGroups != null)
+        {
+          groupSet.addAll(extGroups);
+        }
+
+        // load internal groups
+        loadGroups(groupSet);
+
+        // check for admin user
+        if (!user.isAdmin())
+        {
+          user.setAdmin(isAdmin(groupSet));
+
+          if (logger.isDebugEnabled() && user.isAdmin())
+          {
+            logger.debug("user '{}' is marked as admin by configuration",
+                         user.getType(), user.getName());
+          }
+        }
+        else if (logger.isDebugEnabled())
+        {
+          logger.debug("authenticator {} marked user '{}' as admin",
+                       user.getType(), user.getName());
+        }
+
+        // store user
        User dbUser = userManager.get(user.getName());

-        if ((dbUser != null) && user.copyProperties(dbUser, false))
+        if (dbUser != null)
+        {
+
+          // if database user is an admin, set admin for the current user
+          if (dbUser.isAdmin())
+          {
+            if (logger.isDebugEnabled())
+            {
+              logger.debug("user '{}' is marked as admin by local database",
+                           user.getType(), user.getName());
+            }
+
+            user.setAdmin(true);
+          }
+
+          // modify existing user, copy properties except password and admin
+          if (user.copyProperties(dbUser, false))
          {
            userManager.modify(dbUser);
          }
+        }
+
+        // create new user
        else if (dbUser == null)
        {
          userManager.create(user);
        }

-        Collection<String> groupCollection = ar.getGroups();
-
-        if (groupCollection != null)
-        {
-          groups.addAll(groupCollection);
-        }
-
-        loadGroups();
-
-        if (!user.isAdmin())
-        {
-          user.setAdmin(isAdmin());
-        }
+        groups = groupSet;

        if (logger.isDebugEnabled())
        {
          logGroups();
        }

-        String credentials = dbUser.getName();
+        // store encrypted credentials in session
+        String credentials = user.getName();

        if (Util.isNotEmpty(password))
        {
@@ -172,6 +211,12 @@ public class BasicSecurityContext implements WebSecurityContext
      catch (Exception ex)
      {
        user = null;
+
+        if (groups != null)
+        {
+          groups.clear();
+        }
+
        logger.error("authentication failed", ex);
      }
    }
@@ -253,8 +298,10 @@ public class BasicSecurityContext implements WebSecurityContext
  /**
   * Method description
   *
+   *
+   * @param groupSet
   */
-  private void loadGroups()
+  private void loadGroups(Set<String> groupSet)
  {
    Collection<Group> groupCollection =
      groupManager.getGroupsForMember(user.getName());
@@ -263,7 +310,7 @@ public class BasicSecurityContext implements WebSecurityContext
    {
      for (Group group : groupCollection)
      {
-        groups.add(group.getName());
+        groupSet.add(group.getName());
      }
    }
  }
@@ -308,9 +355,11 @@ public class BasicSecurityContext implements WebSecurityContext
   * Method description
   *
   *
+   *
+   * @param groups
   * @return
   */
-  private boolean isAdmin()
+  private boolean isAdmin(Collection<String> groups)
  {
    boolean result = false;
    Set<String> adminUsers = configuration.getAdminUsers();
--- a/scm-webapp/src/main/webapp/resources/js/user/sonia.user.formpanel.js
+++ b/scm-webapp/src/main/webapp/resources/js/user/sonia.user.formpanel.js
@@ -62,12 +62,14 @@ Sonia.user.FormPanel = Ext.extend(Sonia.rest.FormPanel,{
      fieldLabel: this.displayNameText,
      name: 'displayName',
      allowBlank: false,
+      readOnly: this.item != null && this.item != 'xml',
      helpText: this.displayNameHelpText
    },{
      fieldLabel: this.mailText,
      name: 'mail',
      allowBlank: true,
      vtype: 'email',
+      readOnly: this.item != null && this.item != 'xml',
      helpText: this.mailHelpText
    }];