Nemcio/GitBucket
1
0
Fork 0
mirror of https://github.com/gitbucket/gitbucket.git synced 2025-11-08 22:45:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

(refs #464)Authentication for actions which are defined by plugin is completed

Browse Source
This commit is contained in:
Naoki Takezoe
2014-08-12 00:33:13 +09:00
parent ea5d898b27
commit a0e4b020ca
2 changed files with 47 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/main/scala/plugin/ScalaPlugin.scala
View File

@@ -3,9 +3,10 @@ package plugin
import scala.collection.mutable.ListBuffer import scala.collection.mutable.ListBuffer
import scala.collection.mutable.{Map => MutableMap} import scala.collection.mutable.{Map => MutableMap}
import javax.servlet.http.{HttpServletResponse, HttpServletRequest} import javax.servlet.http.{HttpServletResponse, HttpServletRequest}
import plugin.PluginSystem._
import app.Context import app.Context
import plugin.PluginSystem._
import plugin.PluginSystem.RepositoryMenu import plugin.PluginSystem.RepositoryMenu
import plugin.Security._
import service.RepositoryService.RepositoryInfo import service.RepositoryService.RepositoryInfo
import scala.reflect.runtime.currentMirror import scala.reflect.runtime.currentMirror
import scala.tools.reflect.ToolBox import scala.tools.reflect.ToolBox
@@ -34,11 +35,11 @@ class ScalaPlugin(val id: String, val version: String,
globalMenuList += GlobalMenu(label, url, icon, condition) globalMenuList += GlobalMenu(label, url, icon, condition)
} }
def addGlobalAction(path: String, security: String = "all")(function: (HttpServletRequest, HttpServletResponse) => Any): Unit = { def addGlobalAction(path: String, security: Security = All())(function: (HttpServletRequest, HttpServletResponse) => Any): Unit = {
globalActionList += Action(path, security, function) globalActionList += Action(path, security, function)
} }
def addRepositoryAction(path: String, security: String = "all")(function: (HttpServletRequest, HttpServletResponse, RepositoryInfo) => Any): Unit = { def addRepositoryAction(path: String, security: Security = All())(function: (HttpServletRequest, HttpServletResponse, RepositoryInfo) => Any): Unit = {
repositoryActionList += RepositoryAction(path, security, function) repositoryActionList += RepositoryAction(path, security, function)
} }

57
src/main/scala/servlet/PluginActionInvokeFilter.scala
View File

@@ -9,8 +9,6 @@ import model.{Account, Session}
import util.{JGitUtil, Keys} import util.{JGitUtil, Keys}
import plugin.PluginConnectionHolder import plugin.PluginConnectionHolder
import service.RepositoryService.RepositoryInfo import service.RepositoryService.RepositoryInfo
import service.SystemSettingsService.SystemSettings
import org.json4s.jackson.Json
import plugin.Security._ import plugin.Security._
class PluginActionInvokeFilter extends Filter with SystemSettingsService with RepositoryService with AccountService { class PluginActionInvokeFilter extends Filter with SystemSettingsService with RepositoryService with AccountService {
@@ -32,13 +30,14 @@ class PluginActionInvokeFilter extends Filter with SystemSettingsService with Re
} }
} }
private def processGlobalAction(path: String, request: HttpServletRequest, response: HttpServletResponse): Boolean = { private def processGlobalAction(path: String, request: HttpServletRequest, response: HttpServletResponse)
(implicit session: Session): Boolean = {
plugin.PluginSystem.globalActions.find(_.path == path).map { action => plugin.PluginSystem.globalActions.find(_.path == path).map { action =>
val loginAccount = request.getSession.getAttribute(Keys.Session.LoginAccount).asInstanceOf[Account] val loginAccount = request.getSession.getAttribute(Keys.Session.LoginAccount).asInstanceOf[Account]
val systemSettings = loadSystemSettings() val systemSettings = loadSystemSettings()
implicit val context = app.Context(systemSettings, Option(loginAccount), request) implicit val context = app.Context(systemSettings, Option(loginAccount), request)
if(filterAction(action.security, context)){ if(authenticate(action.security, context)){
val result = action.function(request, response) val result = action.function(request, response)
result match { result match {
case x: String => renderGlobalHtml(request, response, context, x) case x: String => renderGlobalHtml(request, response, context, x)
@@ -65,7 +64,7 @@ class PluginActionInvokeFilter extends Filter with SystemSettingsService with Re
getRepository(owner, name, systemSettings.baseUrl(request)).flatMap { repository => getRepository(owner, name, systemSettings.baseUrl(request)).flatMap { repository =>
plugin.PluginSystem.repositoryActions.find(_.path == remain).map { action => plugin.PluginSystem.repositoryActions.find(_.path == remain).map { action =>
if(filterAction(action.security, context)){ if(authenticate(action.security, context, repository)){
val result = try { val result = try {
PluginConnectionHolder.threadLocal.set(session.conn) PluginConnectionHolder.threadLocal.set(session.conn)
action.function(request, response, repository) action.function(request, response, repository)
@@ -85,28 +84,50 @@ class PluginActionInvokeFilter extends Filter with SystemSettingsService with Re
} else false } else false
} }
private def filterAction(security: Security, context: app.Context, repository: Option[RepositoryInfo] = None): Boolean = { /**
if(repository.isDefined){ * Authentication for global action
if(repository.get.repository.isPrivate){ */
security match { private def authenticate(security: Security, context: app.Context)(implicit session: Session): Boolean = {
case Owner() => context.loginAccount.isDefined && context.loginAccount.get.userName == repository.get.owner // TODO for group repository // Global Action
case Member() => false // TODO owner or collaborator
case Admin() => context.loginAccount.isDefined && context.loginAccount.get.isAdmin
}
} else {
security match { security match {
case All() => true case All() => true
case Login() => context.loginAccount.isDefined case Login() => context.loginAccount.isDefined
case Owner() => context.loginAccount.isDefined && context.loginAccount.get.userName == repository.get.owner // TODO for group repository case Admin() => context.loginAccount.exists(_.isAdmin)
case Member() => false // TODO owner or collaborator case _ => false // TODO throw Exception?
case Admin() => context.loginAccount.isDefined && context.loginAccount.get.isAdmin }
}
/**
* Authenticate for repository action
*/
private def authenticate(security: Security, context: app.Context, repository: RepositoryInfo)(implicit session: Session): Boolean = {
if(repository.repository.isPrivate){
// Private Repository
security match {
case Admin() => context.loginAccount.exists(_.isAdmin)
case Owner() => context.loginAccount.exists { account =>
account.userName == repository.owner ||
getGroupMembers(repository.owner).exists(m => m.userName == account.userName && m.isManager)
}
case _ => context.loginAccount.exists { account =>
account.isAdmin || account.userName == repository.owner ||
getCollaborators(repository.owner, repository.name).contains(account.userName)
} }
} }
} else { } else {
// Public Repository
security match { security match {
case All() => true case All() => true
case Login() => context.loginAccount.isDefined case Login() => context.loginAccount.isDefined
case Admin() => context.loginAccount.isDefined && context.loginAccount.get.isAdmin case Owner() => context.loginAccount.exists { account =>
account.userName == repository.owner ||
getGroupMembers(repository.owner).exists(m => m.userName == account.userName && m.isManager)
}
case Member() => context.loginAccount.exists { account =>
account.userName == repository.owner ||
getCollaborators(repository.owner, repository.name).contains(account.userName)
}
case Admin() => context.loginAccount.exists(_.isAdmin)
} }
} }
} }