diff --git a/scm-webapp/src/main/java/sonia/scm/security/ScmRealm.java b/scm-webapp/src/main/java/sonia/scm/security/ScmRealm.java index 69d7b48780..02de0ce1f3 100644 --- a/scm-webapp/src/main/java/sonia/scm/security/ScmRealm.java +++ b/scm-webapp/src/main/java/sonia/scm/security/ScmRealm.java @@ -131,7 +131,6 @@ public class ScmRealm extends AuthorizingRealm * @param cacheManager * @param userManager * @param groupManager - * @param repositoryManager * @param repositoryDAO * @param userDAO * @param authenticator @@ -141,8 +140,8 @@ public class ScmRealm extends AuthorizingRealm @Inject public ScmRealm(ScmConfiguration configuration, CacheManager cacheManager, UserManager userManager, GroupManager groupManager, - RepositoryManager repositoryManager, RepositoryDAO repositoryDAO, - UserDAO userDAO, AuthenticationManager authenticator, + RepositoryDAO repositoryDAO, UserDAO userDAO, + AuthenticationManager authenticator, Provider requestProvider, Provider responseProvider) { diff --git a/scm-webapp/src/test/java/sonia/scm/security/ScmRealmTest.java b/scm-webapp/src/test/java/sonia/scm/security/ScmRealmTest.java index 4a242887ee..4de11dc0a2 100644 --- a/scm-webapp/src/test/java/sonia/scm/security/ScmRealmTest.java +++ b/scm-webapp/src/test/java/sonia/scm/security/ScmRealmTest.java @@ -42,16 +42,19 @@ import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.AuthorizationInfo; +import org.apache.shiro.authz.Permission; import org.apache.shiro.subject.PrincipalCollection; import org.junit.Test; import sonia.scm.cache.MapCacheManager; import sonia.scm.config.ScmConfiguration; +import sonia.scm.group.Group; import sonia.scm.group.GroupManager; import sonia.scm.group.GroupNames; +import sonia.scm.repository.PermissionType; +import sonia.scm.repository.Repository; import sonia.scm.repository.RepositoryDAO; -import sonia.scm.repository.RepositoryManager; import sonia.scm.user.User; import sonia.scm.user.UserDAO; import sonia.scm.user.UserManager; @@ -94,6 +97,30 @@ public class ScmRealmTest realm.getAuthenticationInfo(token("marvin", trillian.getPassword())); } + /** + * Method description + * + */ + @Test + public void testAuthorizationAdminPermissions() + { + User trillian = createSampleUser(); + + trillian.setAdmin(true); + + AuthorizationInfo ai = authorizationInfo(trillian); + Collection permissions = ai.getObjectPermissions(); + + assertNotNull(permissions); + assertFalse(permissions.isEmpty()); + assertEquals(1, permissions.size()); + //J- + assertTrue( + permissions.contains(new RepositoryPermission("*", PermissionType.OWNER)) + ); + //J+ + } + /** * Method description * @@ -114,6 +141,22 @@ public class ScmRealmTest assertTrue(roles.contains(Role.USER)); } + /** + * Method description + * + */ + @Test + public void testAuthorizationDefaultUserPermissions() + { + User trillian = createSampleUser(); + + AuthorizationInfo ai = authorizationInfo(trillian); + Collection permissions = ai.getObjectPermissions(); + + assertNotNull(permissions); + assertTrue(permissions.isEmpty()); + } + /** * Method description * @@ -151,7 +194,14 @@ public class ScmRealmTest { User trillian = createSampleUser(); - ScmRealm realm = createRealm(trillian, ImmutableSet.of("g1", "g2")); + //J- + ScmRealm realm = createRealm( + trillian, + ImmutableSet.of("g1", "g2"), + ImmutableSet.of(new Group("xml", "g3"), new Group("xml", "g4")), + null + ); + //J+ AuthenticationInfo ai = realm.getAuthenticationInfo(token(trillian)); assertNotNull(ai); @@ -168,7 +218,8 @@ public class ScmRealmTest assertNotNull(groups); assertFalse(groups.getCollection().isEmpty()); - assertThat(groups, containsInAnyOrder("g1", "g2")); + assertEquals(4, groups.getCollection().size()); + assertThat(groups, containsInAnyOrder("g1", "g2", "g3", "g4")); } /** @@ -200,7 +251,7 @@ public class ScmRealmTest */ private ScmRealm createRealm(User user) { - return createRealm(user, null); + return createRealm(user, null, null, null); } /** @@ -209,15 +260,30 @@ public class ScmRealmTest * * * @param user - * @param groups + * @param authenticationGroups + * @param dbGroups + * @param repositories * @return */ - private ScmRealm createRealm(User user, Collection groups) + private ScmRealm createRealm(User user, + Collection authenticationGroups, Collection dbGroups, + Collection repositories) { UserManager userManager = mock(UserManager.class); GroupManager groupManager = mock(GroupManager.class); - RepositoryManager repositoryManager = mock(RepositoryManager.class); + + if (dbGroups != null) + { + when(groupManager.getGroupsForMember(user.getId())).thenReturn(dbGroups); + } + RepositoryDAO repositoryDAO = mock(RepositoryDAO.class); + + if (repositories != null) + { + when(repositoryDAO.getAll()).thenReturn(repositories); + } + UserDAO userDAO = mock(UserDAO.class); when(userDAO.get(user.getId())).thenReturn(user); @@ -262,7 +328,7 @@ public class ScmRealmTest eq(user.getPassword()) ) ).thenReturn( - new AuthenticationResult(user, groups, AuthenticationState.SUCCESS) + new AuthenticationResult(user, authenticationGroups, AuthenticationState.SUCCESS) ); when( @@ -297,7 +363,6 @@ public class ScmRealmTest new MapCacheManager(), userManager, groupManager, - repositoryManager, repositoryDAO, userDAO, authManager,