check permission in RepositoryManager

scm-core/src/main/java/sonia/scm/repository/xml/XmlRepositoryManager.java

@@ -36,6 +36,7 @@ package sonia.scm.repository.xml;
 //~--- non-JDK imports --------------------------------------------------------
 
 import com.google.inject.Inject;
+import com.google.inject.Provider;
 import com.google.inject.Singleton;
 
 import org.slf4j.Logger;
@@ -47,11 +48,15 @@ import sonia.scm.SCMContext;
 import sonia.scm.SCMContextProvider;
 import sonia.scm.Type;
 import sonia.scm.repository.AbstractRepositoryManager;
+import sonia.scm.repository.PermissionType;
+import sonia.scm.repository.PermissionUtil;
 import sonia.scm.repository.Repository;
 import sonia.scm.repository.RepositoryAllreadyExistExeption;
 import sonia.scm.repository.RepositoryException;
 import sonia.scm.repository.RepositoryHandler;
 import sonia.scm.repository.RepositoryHandlerNotFoundException;
+import sonia.scm.security.SecurityContext;
+import sonia.scm.user.User;
 import sonia.scm.util.AssertUtil;
 import sonia.scm.util.IOUtil;
 
@@ -92,11 +97,16 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
    * Constructs ...
    *
    *
+   *
+   * @param securityContextProvider
    * @param handlerSet
    */
   @Inject
-  public XmlRepositoryManager(Set<RepositoryHandler> handlerSet)
+  public XmlRepositoryManager(
+          Provider<SecurityContext> securityContextProvider,
+          Set<RepositoryHandler> handlerSet)
   {
+    this.securityContextProvider = securityContextProvider;
     handlerMap = new HashMap<String, RepositoryHandler>();
     types = new HashSet<Type>();
 
@@ -142,6 +152,7 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
                   repository.getType());
     }
 
+    assertIsAdmin();
     AssertUtil.assertIsValid(repository);
 
     if (repositoryDB.contains(repository))
@@ -181,6 +192,8 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
                   repository.getType());
     }
 
+    assertIsOwner(repository);
+
     if (repositoryDB.contains(repository))
     {
       getHandler(repository).delete(repository);
@@ -244,6 +257,7 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
                   repository.getType());
     }
 
+    assertIsOwner(repository);
     AssertUtil.assertIsValid(repository);
 
     if (repositoryDB.contains(repository))
@@ -281,6 +295,7 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
           throws RepositoryException, IOException
   {
     AssertUtil.assertIsNotNull(repository);
+    assertIsReader(repository);
 
     Repository fresh = repositoryDB.get(repository.getType(),
                          repository.getName());
@@ -315,6 +330,7 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
 
     if (repository != null)
     {
+      assertIsReader(repository);
       repository = repository.clone();
     }
 
@@ -340,7 +356,14 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
 
     if (repository != null)
     {
-      repository = repository.clone();
+      if (isReader(repository))
+      {
+        repository = repository.clone();
+      }
+      else
+      {
+        repository = null;
+      }
     }
 
     return repository;
@@ -359,7 +382,10 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
 
     for (Repository repository : repositoryDB.values())
     {
-      repositories.add(repository.clone());
+      if (isReader(repository))
+      {
+        repositories.add(repository.clone());
+      }
     }
 
     return repositories;
@@ -424,6 +450,44 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
     types.add(type);
   }
 
+  /**
+   * Method description
+   *
+   *
+   * @throws RepositoryException
+   */
+  private void assertIsAdmin() throws RepositoryException
+  {
+    if (!getCurrentUser().isAdmin())
+    {
+      throw new RepositoryException("admin permsission required");
+    }
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param repository
+   */
+  private void assertIsOwner(Repository repository)
+  {
+    PermissionUtil.assertPermission(repository, getCurrentUser(),
+                                    PermissionType.OWNER);
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param repository
+   */
+  private void assertIsReader(Repository repository)
+  {
+    PermissionUtil.assertPermission(repository, getCurrentUser(),
+                                    PermissionType.READ);
+  }
+
   /**
    * Method description
    *
@@ -446,6 +510,25 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
 
   //~--- get methods ----------------------------------------------------------
 
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  private User getCurrentUser()
+  {
+    SecurityContext context = securityContextProvider.get();
+
+    AssertUtil.assertIsNotNull(context);
+
+    User user = context.getUser();
+
+    AssertUtil.assertIsNotNull(user);
+
+    return user;
+  }
+
   /**
    * Method description
    *
@@ -476,6 +559,20 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
     return handler;
   }
 
+  /**
+   * Method description
+   *
+   *
+   * @param repository
+   *
+   * @return
+   */
+  private boolean isReader(Repository repository)
+  {
+    return PermissionUtil.hasPermission(repository, getCurrentUser(),
+            PermissionType.READ);
+  }
+
   //~--- fields ---------------------------------------------------------------
 
   /** Field description */
@@ -487,6 +584,9 @@ public class XmlRepositoryManager extends AbstractRepositoryManager
   /** Field description */
   private File repositoryDBFile;
 
+  /** Field description */
+  private Provider<SecurityContext> securityContextProvider;
+
   /** Field description */
   private Set<Type> types;
 }

scm-core/src/main/java/sonia/scm/security/SecurityContext.java

@@ -0,0 +1,54 @@
+/**
+ * Copyright (c) 2010, Sebastian Sdorra
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. Neither the name of SCM-Manager; nor the names of its
+ *    contributors may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+
+
+
+package sonia.scm.security;
+
+//~--- non-JDK imports --------------------------------------------------------
+
+import sonia.scm.user.User;
+
+/**
+ *
+ * @author Sebastian Sdorra
+ */
+public interface SecurityContext
+{
+
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  public User getUser();
+}