apply permission from adapter

2025-11-10 23:45:44 +01:00 · 2018-10-16 09:15:35 +02:00
parent 023b362f68
commit f94922837b
3 changed files with 7 additions and 6 deletions
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/IdResourceManagerAdapter.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/IdResourceManagerAdapter.java
@@ -51,9 +51,10 @@ class IdResourceManagerAdapter<MODEL_OBJECT extends ModelObject,
   * @param usernameToChangePassword the user name of the user we want to change password
   * @return function to verify permission
   */
-  public Function<User, PermissionCheck> getChangePasswordPermission(String usernameToChangePassword) {
+  public Function<MODEL_OBJECT, PermissionCheck> getChangePasswordPermission(String usernameToChangePassword) {
    AssertUtil.assertIsNotEmpty(usernameToChangePassword);
-    return user -> {
+    return model -> {
+      User user = (User) model;
      if (usernameToChangePassword.equals(AuthenticationUtil.getAuthenticatedUsername())) {
        return UserPermissions.changeOwnPassword();
      }
@@ -61,13 +62,13 @@ class IdResourceManagerAdapter<MODEL_OBJECT extends ModelObject,
    };
  }

-  public Response changePassword(String id, Function<MODEL_OBJECT, MODEL_OBJECT> applyChanges, Consumer<MODEL_OBJECT> checker, Function<MODEL_OBJECT, PermissionCheck> permissionCheck) throws NotFoundException, ConcurrentModificationException {
+  public Response changePassword(String id, Function<MODEL_OBJECT, MODEL_OBJECT> applyChanges, Consumer<MODEL_OBJECT> checker ) throws NotFoundException, ConcurrentModificationException {
    return singleAdapter.changePassword(
      loadBy(id),
      applyChanges,
      idStaysTheSame(id),
      checker,
-      permissionCheck);
+      getChangePasswordPermission(id));
  }

  public Response update(String id, Function<MODEL_OBJECT, MODEL_OBJECT> applyChanges) throws NotFoundException, ConcurrentModificationException {
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/MeResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/MeResource.java
@@ -81,7 +81,7 @@ public class MeResource {
  @Consumes(VndMediaType.PASSWORD_CHANGE)
  public Response changePassword(PasswordChangeDto passwordChangeDto) throws NotFoundException, ConcurrentModificationException {
    String name = (String) SecurityUtils.getSubject().getPrincipals().getPrimaryPrincipal();
-    return adapter.changePassword(name, user -> user.clone().changePassword(passwordService.encryptPassword(passwordChangeDto.getNewPassword())), userManager.getChangePasswordChecker().andThen(getOldOriginalPasswordChecker(passwordChangeDto.getOldPassword())), user ->  UserPermissions.changeOwnPassword());
+    return adapter.changePassword(name, user -> user.clone().changePassword(passwordService.encryptPassword(passwordChangeDto.getNewPassword())), userManager.getChangePasswordChecker().andThen(getOldOriginalPasswordChecker(passwordChangeDto.getOldPassword())));
  }

  /**
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserResource.java
@@ -130,7 +130,7 @@ public class UserResource {
  })
  @TypeHint(TypeHint.NO_CONTENT.class)
  public Response changePassword(@PathParam("id") String name, @Valid PasswordChangeDto passwordChangeDto) throws NotFoundException, ConcurrentModificationException {
-    return adapter.changePassword(name, user -> user.changePassword(passwordService.encryptPassword(passwordChangeDto.getNewPassword())), userManager.getChangePasswordChecker(), adapter.getChangePasswordPermission(name));
+    return adapter.changePassword(name, user -> user.changePassword(passwordService.encryptPassword(passwordChangeDto.getNewPassword())), userManager.getChangePasswordChecker());
  }

 }