From 162a1d9e0504257eebab7ca426aa2c41dcab89f2 Mon Sep 17 00:00:00 2001
From: Rene Pfeuffer <rene.pfeuffer@cloudogu.com>
Date: Fri, 18 Oct 2019 13:33:53 +0200
Subject: [PATCH] POC

---
 .../scm/web/lfs/ScmBlobLfsRepository.java     | 23 +++++++++++++------
 .../web/lfs/servlet/LfsServletFactory.java    |  2 +-
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/lfs/ScmBlobLfsRepository.java b/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/lfs/ScmBlobLfsRepository.java
index 06574ddd8d..088fb2b5d4 100644
--- a/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/lfs/ScmBlobLfsRepository.java
+++ b/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/lfs/ScmBlobLfsRepository.java
@@ -1,11 +1,13 @@
 package sonia.scm.web.lfs;
 
-import org.eclipse.jgit.lfs.Protocol;
 import org.eclipse.jgit.lfs.lib.AnyLongObjectId;
 import org.eclipse.jgit.lfs.server.LargeFileRepository;
 import org.eclipse.jgit.lfs.server.Response;
+import sonia.scm.repository.Repository;
+import sonia.scm.repository.RepositoryPermissions;
 import sonia.scm.security.AccessToken;
 import sonia.scm.security.AccessTokenBuilderFactory;
+import sonia.scm.security.Scope;
 import sonia.scm.store.Blob;
 import sonia.scm.store.BlobStore;
 
@@ -34,17 +36,19 @@ public class ScmBlobLfsRepository implements LargeFileRepository {
    * proxy).
    */
   private final String baseUri;
+  private final Repository repository;
 
   /**
    * Creates a {@link ScmBlobLfsRepository} for the provided repository.
    *
+   * @param repository
    * @param blobStore           The SCM Blobstore used for this @{@link LargeFileRepository}.
    * @param tokenBuilderFactory
    * @param baseUri             This URI is used to determine the actual URI for Upload / Download. Must be full URI (or
    */
 
-  public ScmBlobLfsRepository(BlobStore blobStore, AccessTokenBuilderFactory tokenBuilderFactory, String baseUri) {
-
+  public ScmBlobLfsRepository(Repository repository, BlobStore blobStore, AccessTokenBuilderFactory tokenBuilderFactory, String baseUri) {
+    this.repository = repository;
     this.blobStore = blobStore;
     this.tokenBuilderFactory = tokenBuilderFactory;
     this.baseUri = baseUri;
@@ -53,13 +57,13 @@ public class ScmBlobLfsRepository implements LargeFileRepository {
   @Override
   public Response.Action getDownloadAction(AnyLongObjectId id) {
 
-    return getAction(id);
+    return getAction(id, Scope.valueOf(RepositoryPermissions.read(repository).asShiroString(), RepositoryPermissions.pull(repository).asShiroString()));
   }
 
   @Override
   public Response.Action getUploadAction(AnyLongObjectId id, long size) {
 
-    return getAction(id);
+    return getAction(id, Scope.valueOf(RepositoryPermissions.read(repository).asShiroString(), RepositoryPermissions.pull(repository).asShiroString(), RepositoryPermissions.push(repository).asShiroString()));
   }
 
   @Override
@@ -88,7 +92,7 @@ public class ScmBlobLfsRepository implements LargeFileRepository {
   /**
    * Constructs the Download / Upload actions to be supplied to the client.
    */
-  private Response.Action getAction(AnyLongObjectId id) {
+  private Response.Action getAction(AnyLongObjectId id, Scope scope) {
 
     //LFS protocol has to provide the information on where to put or get the actual content, i. e.
     //the actual URI for up- and download.
@@ -96,7 +100,12 @@ public class ScmBlobLfsRepository implements LargeFileRepository {
     ExpiringAction a = new ExpiringAction();
     a.href = baseUri + id.getName();
 
-    AccessToken accessToken = tokenBuilderFactory.create().expiresIn(5, TimeUnit.MINUTES).build();
+    AccessToken accessToken =
+      tokenBuilderFactory
+        .create()
+        .expiresIn(5, TimeUnit.MINUTES)
+        .scope(scope)
+        .build();
     a.header = new HashMap<>();
     a.header.put("Authorization", "Bearer " + accessToken.compact());
     Instant expire = Instant.now().plus(5, ChronoUnit.MINUTES);
diff --git a/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/lfs/servlet/LfsServletFactory.java b/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/lfs/servlet/LfsServletFactory.java
index f174f6e8aa..bfc8a12ba8 100644
--- a/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/lfs/servlet/LfsServletFactory.java
+++ b/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/lfs/servlet/LfsServletFactory.java
@@ -50,7 +50,7 @@ public class LfsServletFactory {
     BlobStore blobStore = lfsBlobStoreFactory.getLfsBlobStore(repository);
     String baseUri = buildBaseUri(repository, request);
 
-    LargeFileRepository largeFileRepository = new ScmBlobLfsRepository(blobStore, tokenBuilderFactory, baseUri);
+    LargeFileRepository largeFileRepository = new ScmBlobLfsRepository(repository, blobStore, tokenBuilderFactory, baseUri);
     return new ScmLfsProtocolServlet(largeFileRepository);
   }