From 43232e0c5900379e4a1b0475f408bd0f526d6bdb Mon Sep 17 00:00:00 2001 From: Johannes Schnatterer Date: Thu, 20 Dec 2018 17:57:35 +0100 Subject: [PATCH] Adds Global Permission Proof of Concept --- .../GlobalPermissionPocResource.java | 94 +++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 scm-webapp/src/main/java/sonia/scm/api/v2/resources/GlobalPermissionPocResource.java diff --git a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/GlobalPermissionPocResource.java b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/GlobalPermissionPocResource.java new file mode 100644 index 0000000000..6c564a43bd --- /dev/null +++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/GlobalPermissionPocResource.java @@ -0,0 +1,94 @@ +package sonia.scm.api.v2.resources; + +import lombok.extern.slf4j.Slf4j; +import sonia.scm.security.AssignedPermission; +import sonia.scm.security.SecuritySystem; + +import javax.inject.Inject; +import javax.ws.rs.Consumes; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; + +/** + * Global Permission Proof of Concept (POC). + * TODO Extend or delete this during implementation! + */ +@Path("v2/permissions") +@Slf4j +public class GlobalPermissionPocResource { + + private SecuritySystem securitySystem; + + @Inject + public GlobalPermissionPocResource(SecuritySystem securitySystem) { + this.securitySystem = securitySystem; + } + + + /** + + How to use this proof of concept? + + curl -vu scmadmin:scmadmin --data '{ + "active": true, + "admin": false, + "displayName": "arthur", + "mail": "x@abcde.cd", + "name": "arthur", + "password": "scmadmin", + "type": "xml" + }' \ + --header "Content-Type: application/vnd.scmm-user+json;v=2" http://localhost:8081/scm/api/v2/users/ + + curl -vu scmadmin:scmadmin --data '{ + "description": "descr", + "name": "configurers", + "members": [ "arthur" ] + }' \ + --header "Content-Type: application/vnd.scmm-group+json" http://localhost:8081/scm/api/v2/groups/ + + # not allowed + curl -vu arthur:scmadmin http://localhost:8081/scm/api/v2/config + # not allowed (empty) + curl -vu arthur:scmadmin "http://localhost:8081/scm/api/v2/groups/?sortBy=name&desc=true" | jq + + # Assign permissions (call this resource) + curl -X POST -vu scmadmin:scmadmin http://localhost:8081/scm/api/v2/permissions + + # Now allowed via individual permission + curl -vu arthur:scmadmin "http://localhost:8081/scm/api/v2/groups/?sortBy=name&desc=true" | jq + # allowed via group permission + curl -vu arthur:scmadmin http://localhost:8081/scm/api/v2/config | jq + */ + @POST + @Consumes(MediaType.APPLICATION_JSON) + @Path("") + public Response create() { + + // Should contain all permissions defined in permissions.xmls on the classpath. + // Core: scm-webapp/src/main/resources/META-INF/scm/permissions.xml + // Plugins, e.g. scm-plugins/scm-git-plugin/src/main/resources/META-INF/scm/permissions.xml + log.info("{} Available permissions: {}", securitySystem.getAvailablePermissions().size(), securitySystem.getAvailablePermissions()); + // Should contain all stored permissions. See assignExemplaryPermissions() for example. + log.info("{} All permissions: {}", securitySystem.getAllPermissions().size(), securitySystem.getAllPermissions()); + + assignExemplaryPermissions(); + + // TODO use created() + return Response.noContent().build(); + } + + protected void assignExemplaryPermissions() { + AssignedPermission groupPermission = new AssignedPermission("configurers", true,"configuration:*"); + log.info("try to add new permission: {}", groupPermission); + securitySystem.addPermission(groupPermission); + + AssignedPermission userPermission = new AssignedPermission("arthur", "group:*"); + log.info("try to add new permission: {}", userPermission); + securitySystem.addPermission(userPermission); + } +} + +