Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2026-01-30 03:09:13 +01:00
Code Issues Packages Projects Releases Activity

merge repository heads

Browse Source
This commit is contained in:
Sebastian Sdorra
2020-03-31 14:02:25 +02:00
parent 9e9f1bef31 a4b3e9e189
commit 5273082caa
8 changed files with 26 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@@ -8,6 +8,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Changed
- Simplified collapse state management of the secondary navigation ([#1086](https://github.com/scm-manager/scm-manager/pull/1086)
### Fixed
- Authentication for write requests for repositories with anonymous read access ([#108](https://github.com/scm-manager/scm-manager/pull/1081))
## 2.0.0-rc6 - 2020-03-26
### Added
- Extension point to add links to the repository cards from plug ins ([#1041](https://github.com/scm-manager/scm-manager/pull/1041))

4
pom.xml
View File

@@ -912,7 +912,7 @@
<jaxrs.version>2.1.1</jaxrs.version>
<resteasy.version>4.5.2.Final</resteasy.version>
<jersey-client.version>1.19.4</jersey-client.version>
<jackson.version>2.10.2</jackson.version>
<jackson.version>2.10.3</jackson.version>
<guice.version>4.2.2</guice.version>
<jaxb.version>2.3.1</jaxb.version>
<hibernate-validator.version>6.1.2.Final</hibernate-validator.version>
@@ -944,7 +944,7 @@
<project.test.javaLevel>8</project.test.javaLevel>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<netbeans.hint.license>SCM-MIT</netbeans.hint.license>
<jdk.classifier />
<jdk.classifier/>
<org.mapstruct.version>1.3.1.Final</org.mapstruct.version>
<!-- Sonar exclusions -->

2
scm-annotation-processor/pom.xml
View File

@@ -78,7 +78,7 @@
<dependency>
<groupId>org.kohsuke.metainf-services</groupId>
<artifactId>metainf-services</artifactId>
<version>1.7</version>
<version>1.8</version>
</dependency>
</dependencies>

6
scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java
View File

@@ -21,7 +21,7 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.web.filter;
import org.apache.shiro.SecurityUtils;
@@ -35,7 +35,7 @@ import sonia.scm.repository.Repository;
import sonia.scm.repository.RepositoryPermissions;
import sonia.scm.repository.spi.ScmProviderHttpServlet;
import sonia.scm.repository.spi.ScmProviderHttpServletDecorator;
import sonia.scm.security.Role;
import sonia.scm.security.Authentications;
import sonia.scm.security.ScmSecurityException;
import sonia.scm.util.HttpUtil;
@@ -177,7 +177,7 @@ public abstract class PermissionFilter extends ScmProviderHttpServletDecorator
HttpServletResponse response, Subject subject)
throws IOException
{
if (subject.hasRole(Role.USER))
if (!Authentications.isAuthenticatedSubjectAnonymous())
{
sendNotEnoughPrivilegesError(request, response);
}

13
scm-core/src/test/java/sonia/scm/web/filter/PermissionFilterTest.java
View File

@@ -21,7 +21,7 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.web.filter;
import com.github.sdorra.shiro.ShiroRule;
@@ -82,6 +82,17 @@ public class PermissionFilterTest {
permissionFilter.service(request, response, REPOSITORY);
verify(response).sendError(eq(403));
verify(delegateServlet, never()).service(request, response, REPOSITORY);
}
@Test
@SubjectAware(username = "_anonymous", password = "secret")
public void shouldBlockForAnonymousOnWriteRequestWithAuthenticationRequest() throws IOException, ServletException {
writeRequest = true;
permissionFilter.service(request, response, REPOSITORY);
verify(response).sendError(eq(401), anyString());
verify(delegateServlet, never()).service(request, response, REPOSITORY);
}

1
scm-core/src/test/resources/sonia/scm/shiro.ini
View File

@@ -4,6 +4,7 @@ admin = secret, admin
writer = secret, repo_write
reader = secret, repo_read
unpriv = secret
_anonymous = secret
[roles]
admin = *

4
scm-ui/ui-scripts/package.json
View File

@@ -14,10 +14,10 @@
"babel-loader": "^8.0.6",
"css-loader": "^3.2.0",
"file-loader": "^4.2.0",
"mini-css-extract-plugin": "^0.8.0",
"mini-css-extract-plugin": "^0.9.0",
"mustache": "^3.1.0",
"optimize-css-assets-webpack-plugin": "^5.0.3",
"react-refresh": "^0.7.2",
"react-refresh": "^0.8.0",
"sass": "^1.26.3",
"sass-loader": "^8.0.0",
"script-loader": "^0.7.2",

2
scm-webapp/pom.xml
View File

@@ -204,7 +204,7 @@
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>2.3.0</version>
<version>2.3.1</version>
</dependency>
<dependency>