Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2026-02-07 15:19:15 +01:00
Code Issues Packages Projects Releases Activity

use ssp for user and repository permission checks

Browse Source
This commit is contained in:
Sebastian Sdorra
2016-12-06 22:04:13 +01:00
parent a5d2cfc7b1
commit 26ece65363
13 changed files with 70 additions and 776 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
scm-core/src/main/java/sonia/scm/group/Group.java
View File

@@ -35,6 +35,8 @@ package sonia.scm.group;
//~--- non-JDK imports --------------------------------------------------------
import com.github.sdorra.ssp.PermissionObject;
import com.github.sdorra.ssp.StaticPermissions;
import com.google.common.base.Objects;
import com.google.common.collect.Lists;
@@ -60,10 +62,11 @@ import javax.xml.bind.annotation.XmlRootElement;
*
* @author Sebastian Sdorra
*/
@StaticPermissions("group")
@XmlRootElement(name = "groups")
@XmlAccessorType(XmlAccessType.FIELD)
public class Group extends BasicPropertiesAware
implements ModelObject, Iterable<String>
implements ModelObject, Iterable<String>, PermissionObject
{
/** Field description */

8
scm-core/src/main/java/sonia/scm/repository/Repository.java
View File

@@ -35,6 +35,8 @@ package sonia.scm.repository;
//~--- non-JDK imports --------------------------------------------------------
import com.github.sdorra.ssp.PermissionObject;
import com.github.sdorra.ssp.StaticPermissions;
import com.google.common.base.Objects;
import com.google.common.collect.Lists;
@@ -61,9 +63,13 @@ import javax.xml.bind.annotation.XmlRootElement;
*
* @author Sebastian Sdorra
*/
@StaticPermissions(
value = "repository",
permissions = {"read", "write", "modify", "delete", "healthCheck"}
)
@XmlAccessorType(XmlAccessType.FIELD)
@XmlRootElement(name = "repositories")
public class Repository extends BasicPropertiesAware implements ModelObject
public class Repository extends BasicPropertiesAware implements ModelObject, PermissionObject
{
/** Field description */

272
scm-core/src/main/java/sonia/scm/repository/RepositoryPermissions.java
View File

@@ -1,272 +0,0 @@
/**
* Copyright (c) 2014, Sebastian Sdorra All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer. 2. Redistributions in
* binary form must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution. 3. Neither the name of SCM-Manager;
* nor the names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* http://bitbucket.org/sdorra/scm-manager
*
*/
package sonia.scm.repository;
//~--- non-JDK imports --------------------------------------------------------
import sonia.scm.security.PermissionActionCheck;
import sonia.scm.security.PermissionCheck;
/**
* Permission checks for repository related permissions.
*
* @author Sebastian Sdorra
* @since 2.0.0
*/
public final class RepositoryPermissions
{
/** create permission */
public static final String ACTION_CREATE = "create";
/** delete permission */
public static final String ACTION_DELETE = "delete";
/** modify permission */
public static final String ACTION_MODIFY = "modify";
/** health check permission implies modify permission */
public static final String ACTION_HC = "hc,".concat(ACTION_MODIFY);
/** read permission */
public static final String ACTION_READ = "read";
/** write permission */
public static final String ACTION_WRITE = "write";
/** permission separator */
public static final String SEPARATOR = ":";
/** permission action separator */
public static final String SEPERATOR_ACTION = ",";
/** permission main type */
public static final String TYPE = "repository";
//~--- constructors ---------------------------------------------------------
private RepositoryPermissions() {}
//~--- methods --------------------------------------------------------------
/**
* Returns permission check for create action.
*
* @return permission check for create action
*/
public static PermissionCheck create()
{
return check(ACTION_CREATE);
}
/**
* Returns permission check for delete action.
*
* @param r repository for permission check
*
* @return permission check for delete action
*/
public static PermissionCheck delete(Repository r)
{
return delete(r.getId());
}
/**
* Returns permission check for delete action.
*
* @param id id of repository for permission check
*
* @return permission check for delete action
*/
public static PermissionCheck delete(String id)
{
return check(ACTION_DELETE.concat(SEPARATOR).concat(id));
}
/**
* Returns permission action check for delete action.
*
* @return permission action check for delete action
*/
public static PermissionActionCheck<Repository> delete()
{
return actionCheck(ACTION_DELETE);
}
/**
* Returns permission check for health check action.
*
* @param id id of repository for permission check
*
* @return permission check for health check action
*/
public static PermissionCheck healthCheck(String id)
{
return check(ACTION_HC.concat(SEPARATOR).concat(id));
}
/**
* Returns permission action check for health check action.
*
* @return permission action check for health check action.
*/
public static PermissionActionCheck<Repository> healthCheck()
{
return new PermissionActionCheck<>(
TYPE.concat(SEPARATOR).concat(ACTION_HC));
}
/**
* Returns permission check for health check action.
*
* @param r repository for permission check
*
* @return permission check for health check action
*/
public static PermissionCheck healthCheck(Repository r)
{
return healthCheck(r.getId());
}
/**
* Returns permission action check for modify action.
*
* @param r repository for permission check
*
* @return permission action check for modify action
*/
public static PermissionCheck modify(Repository r)
{
return modify(r.getId());
}
/**
* Returns permission action check for modify action.
*
*
* @param id id of repository for permission check
*
* @return permission action check for modify action
*/
public static PermissionCheck modify(String id)
{
return check(ACTION_MODIFY.concat(SEPARATOR).concat(id));
}
/**
* Returns permission action check for modify action.
*
* @return permission action check for modify action
*/
public static PermissionActionCheck<Repository> modify()
{
return actionCheck(ACTION_MODIFY);
}
/**
* Returns permission check for read action.
*
* @param id id of repository for permission check
*
* @return permission check for read action
*/
public static PermissionCheck read(String id)
{
return check(ACTION_READ.concat(SEPARATOR).concat(id));
}
/**
* Returns permission check for read action.
*
* @param r repository for permission check
*
* @return permission check for read action
*/
public static PermissionCheck read(Repository r)
{
return read(r.getId());
}
/**
* Returns permission action check for read action.
*
* @return permission action check for read action
*/
public static PermissionActionCheck<Repository> read()
{
return actionCheck(ACTION_READ);
}
/**
* Returns permission check for write action.
*
* @param id id of repository for permission check
*
* @return permission check for write action
*/
public static PermissionCheck write(String id)
{
return check(ACTION_WRITE.concat(SEPARATOR).concat(id));
}
/**
* Returns permission check for write action.
*
* @param r repository for permission check
*
* @return permission check for write action
*/
public static PermissionCheck write(Repository r)
{
return write(r.getId());
}
/**
* Return permission action check for write action.
*
* @return permission action check for write action
*/
public static PermissionActionCheck<Repository> write()
{
return actionCheck(ACTION_WRITE);
}
private static PermissionActionCheck<Repository> actionCheck(String action)
{
return new PermissionActionCheck<>(TYPE.concat(SEPARATOR).concat(action));
}
private static PermissionCheck check(String permission)
{
return new PermissionCheck(TYPE.concat(SEPARATOR).concat(permission));
}
}

121
scm-core/src/main/java/sonia/scm/security/PermissionActionCheck.java
View File

@@ -1,121 +0,0 @@
/**
* Copyright (c) 2014, Sebastian Sdorra All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer. 2. Redistributions in
* binary form must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution. 3. Neither the name of SCM-Manager;
* nor the names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* http://bitbucket.org/sdorra/scm-manager
*
*/
package sonia.scm.security;
//~--- non-JDK imports --------------------------------------------------------
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import sonia.scm.ModelObject;
/**
*
* @author Sebastian Sdorra
* @param <T>
*
* @since 2.0.0
*/
public final class PermissionActionCheck<T extends ModelObject>
{
/**
* Constructs ...
*
* @param typedAction
*/
public PermissionActionCheck(String typedAction)
{
this.prefix = typedAction.concat(":");
this.subject = SecurityUtils.getSubject();
}
//~--- methods --------------------------------------------------------------
/**
* Method description
*
*
* @param id
*/
public void check(String id)
{
subject.checkPermission(prefix.concat(id));
}
/**
* Method description
*
*
* @param item
*/
public void check(T item)
{
subject.checkPermission(prefix.concat(item.getId()));
}
//~--- get methods ----------------------------------------------------------
/**
* Method description
*
*
* @param id
*
* @return
*/
public boolean isPermitted(String id)
{
return subject.isPermitted(prefix.concat(id));
}
/**
* Method description
*
*
* @param item
*
* @return
*/
public boolean isPermitted(T item)
{
return subject.isPermitted(prefix.concat(item.getId()));
}
//~--- fields ---------------------------------------------------------------
/** Field description */
private final String prefix;
/** Field description */
private final Subject subject;
}

85
scm-core/src/main/java/sonia/scm/security/PermissionCheck.java
View File

@@ -1,85 +0,0 @@
/**
* Copyright (c) 2014, Sebastian Sdorra All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer. 2. Redistributions in
* binary form must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution. 3. Neither the name of SCM-Manager;
* nor the names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* http://bitbucket.org/sdorra/scm-manager
*
*/
package sonia.scm.security;
//~--- non-JDK imports --------------------------------------------------------
import org.apache.shiro.SecurityUtils;
/**
*
* @author Sebastian Sdorra
* @since 2.0.0
*/
public final class PermissionCheck
{
/**
* Constructs ...
*
*
* @param permission
*/
public PermissionCheck(String permission)
{
this.permission = permission;
}
//~--- methods --------------------------------------------------------------
/**
* Method description
*
*/
public void check()
{
SecurityUtils.getSubject().checkPermission(permission);
}
//~--- get methods ----------------------------------------------------------
/**
* Method description
*
*
* @return
*/
public boolean isPermitted()
{
return SecurityUtils.getSubject().isPermitted(permission);
}
//~--- fields ---------------------------------------------------------------
/** Field description */
private final String permission;
}

5
scm-core/src/main/java/sonia/scm/user/User.java
View File

@@ -35,6 +35,8 @@ package sonia.scm.user;
//~--- non-JDK imports --------------------------------------------------------
import com.github.sdorra.ssp.PermissionObject;
import com.github.sdorra.ssp.StaticPermissions;
import com.google.common.base.Objects;
import sonia.scm.BasicPropertiesAware;
@@ -54,9 +56,10 @@ import javax.xml.bind.annotation.XmlRootElement;
*
* @author Sebastian Sdorra
*/
@StaticPermissions("user")
@XmlRootElement(name = "users")
@XmlAccessorType(XmlAccessType.FIELD)
public class User extends BasicPropertiesAware implements Principal, ModelObject
public class User extends BasicPropertiesAware implements Principal, ModelObject, PermissionObject
{
/** Field description */