Merge with 2.0.0-m3

Jenkinsfile

@@ -51,9 +51,9 @@ node('docker') {
 
       if (isMainBranch()) {
 
-        stage('Lifecycle') {
-          nexusPolicyEvaluation iqApplication: selectedApplication('scm'), iqScanPatterns: [[scanPattern: 'scm-server/target/scm-server-app.zip']], iqStage: 'build'
-        }
+//        stage('Lifecycle') {
+//          nexusPolicyEvaluation iqApplication: selectedApplication('scm'), iqScanPatterns: [[scanPattern: 'scm-server/target/scm-server-app.zip']], iqStage: 'build'
+//        }
 
         stage('Archive') {
           archiveArtifacts 'scm-webapp/target/scm-webapp.war'

pom.xml

@@ -826,7 +826,7 @@
     <jetty.maven.version>9.4.14.v20181114</jetty.maven.version>
 
     <!-- security libraries -->
-    <ssp.version>1.1.0</ssp.version>
+    <ssp.version>1.2.0</ssp.version>
     <shiro.version>1.4.0</shiro.version>
 
     <!-- repository libraries -->

scm-core/src/main/java/sonia/scm/config/Configuration.java

@@ -22,7 +22,8 @@ import com.github.sdorra.ssp.StaticPermissions;
 @StaticPermissions(
   value = "configuration",
   permissions = {"read", "write"},
-  globalPermissions = {"list"}
+  globalPermissions = {"list"},
+  custom = true, customGlobal = true
 )
 public interface Configuration extends PermissionObject {
 }

scm-core/src/main/java/sonia/scm/group/Group.java

@@ -61,7 +61,11 @@ import java.util.List;
  *
  * @author Sebastian Sdorra
  */
-@StaticPermissions(value = "group", globalPermissions = {"create", "list", "autocomplete"})
+@StaticPermissions(
+  value = "group",
+  globalPermissions = {"create", "list", "autocomplete"},
+  custom = true, customGlobal = true
+)
 @XmlRootElement(name = "groups")
 @XmlAccessorType(XmlAccessType.FIELD)
 public class Group extends BasicPropertiesAware

scm-core/src/main/java/sonia/scm/group/GroupNames.java

@@ -70,21 +70,9 @@ public final class GroupNames implements Serializable, Iterable<String>
    * Constructs ...
    *
    */
-  @SuppressWarnings("unchecked")
   public GroupNames()
   {
-    this.collection = Collections.EMPTY_LIST;
-  }
-
-  /**
-   * Constructs ...
-   *
-   *
-   * @param collection
-   */
-  public GroupNames(Collection<String> collection)
-  {
-    this.collection = Collections.unmodifiableCollection(collection);
+    this(Collections.emptyList());
   }
 
   /**
@@ -96,7 +84,30 @@ public final class GroupNames implements Serializable, Iterable<String>
    */
   public GroupNames(String groupName, String... groupNames)
   {
-    this.collection = Lists.asList(groupName, groupNames);
+    this(Lists.asList(groupName, groupNames));
+  }
+
+  /**
+   * Constructs ...
+   *
+   *
+   * @param collection
+   */
+  public GroupNames(Collection<String> collection)
+  {
+    this(collection, false);
+  }
+
+  /**
+   * Constructs ...
+   *
+   *
+   * @param collection
+   */
+  public GroupNames(Collection<String> collection, boolean external)
+  {
+    this.collection = Collections.unmodifiableCollection(collection);
+    this.external = external;
   }
 
   //~--- methods --------------------------------------------------------------
@@ -165,7 +176,7 @@ public final class GroupNames implements Serializable, Iterable<String>
   @Override
   public String toString()
   {
-    return Joiner.on(", ").join(collection);
+    return Joiner.on(", ").join(collection) + "(" + (external? "external": "internal") + ")";
   }
 
   //~--- get methods ----------------------------------------------------------
@@ -181,8 +192,13 @@ public final class GroupNames implements Serializable, Iterable<String>
     return collection;
   }
 
-  //~--- fields ---------------------------------------------------------------
+  public boolean isExternal() {
+    return external;
+  }
 
+  //~--- fields ---------------------------------------------------------------
   /** Field description */
   private final Collection<String> collection;
+
+  private final boolean external;
 }

scm-core/src/main/java/sonia/scm/plugin/PluginInformation.java

@@ -61,7 +61,8 @@ import java.util.List;
   value = "plugin", 
   generatedClass = "PluginPermissions", 
   permissions = {},
-  globalPermissions = { "read", "manage" }
+  globalPermissions = { "read", "manage" },
+  custom = true, customGlobal = true
 )
 @XmlAccessorType(XmlAccessType.FIELD)
 @XmlRootElement(name = "plugin-information")

scm-core/src/main/java/sonia/scm/repository/Repository.java

@@ -62,7 +62,8 @@ import java.util.Set;
  */
 @StaticPermissions(
   value = "repository",
-  permissions = {"read", "modify", "delete", "healthCheck", "pull", "push", "permissionRead", "permissionWrite"}
+  permissions = {"read", "modify", "delete", "healthCheck", "pull", "push", "permissionRead", "permissionWrite"},
+  custom = true, customGlobal = true
 )
 @XmlAccessorType(XmlAccessType.FIELD)
 @XmlRootElement(name = "repositories")

scm-core/src/main/java/sonia/scm/security/Permission.java

@@ -6,7 +6,8 @@ import com.github.sdorra.ssp.StaticPermissions;
 @StaticPermissions(
   value = "permission",
   permissions = {},
-  globalPermissions = {"list", "read", "assign"}
+  globalPermissions = {"list", "read", "assign"},
+  custom = true, customGlobal = true
 )
 public interface Permission extends PermissionObject {
 }

scm-core/src/main/java/sonia/scm/security/SyncingRealmHelper.java

@@ -45,7 +45,12 @@ import sonia.scm.user.User;
 import sonia.scm.user.UserManager;
 import sonia.scm.web.security.AdministrationContext;
 
+import java.util.Arrays;
 import java.util.Collection;
+import java.util.Collections;
+
+import static java.util.Arrays.asList;
+import static java.util.Collections.emptyList;
 
 /**
  * Helper class for syncing realms. The class should simplify the creation of realms, which are syncing authenticated
@@ -80,22 +85,107 @@ public final class SyncingRealmHelper {
     this.groupManager = groupManager;
   }
 
-  //~--- methods --------------------------------------------------------------
   /**
    * Create {@link AuthenticationInfo} from user and groups.
-   *
-   *
-   * @param realm name of the realm
-   * @param user authenticated user
-   * @param groups groups of the authenticated user
-   *
-   * @return authentication info
    */
-  public AuthenticationInfo createAuthenticationInfo(String realm, User user,
-    String... groups) {
-    return createAuthenticationInfo(realm, user, ImmutableList.copyOf(groups));
+  public AuthenticationInfoBuilder.ForRealm authenticationInfo() {
+    return new AuthenticationInfoBuilder().new ForRealm();
   }
 
+  public class AuthenticationInfoBuilder {
+    private String realm;
+    private User user;
+    private Collection<String> groups;
+    private boolean external;
+
+    private AuthenticationInfo build() {
+      return SyncingRealmHelper.this.createAuthenticationInfo(realm, user, groups, external);
+    }
+
+    public class ForRealm {
+      private ForRealm() {
+      }
+
+      /**
+       * Sets the realm.
+       * @param realm name of the realm
+       */
+      public ForUser forRealm(String realm) {
+        AuthenticationInfoBuilder.this.realm = realm;
+        return AuthenticationInfoBuilder.this.new ForUser();
+      }
+    }
+
+    public class ForUser {
+      private ForUser() {
+      }
+
+      /**
+       * Sets the user.
+       * @param user authenticated user
+       */
+      public AuthenticationInfoBuilder.WithGroups andUser(User user) {
+        AuthenticationInfoBuilder.this.user = user;
+        return AuthenticationInfoBuilder.this.new WithGroups();
+      }
+    }
+
+    public class WithGroups {
+      private WithGroups() {
+      }
+
+      /**
+       * Build the authentication info without groups.
+       * @return The complete {@link AuthenticationInfo}
+       */
+      public AuthenticationInfo withoutGroups() {
+        return withGroups(emptyList());
+      }
+
+      /**
+       * Set the internal groups for the user.
+       * @param groups groups of the authenticated user
+       * @return The complete {@link AuthenticationInfo}
+       */
+      public AuthenticationInfo withGroups(String... groups) {
+        return withGroups(asList(groups));
+      }
+
+      /**
+       * Set the internal groups for the user.
+       * @param groups groups of the authenticated user
+       * @return The complete {@link AuthenticationInfo}
+       */
+      public AuthenticationInfo withGroups(Collection<String> groups) {
+        AuthenticationInfoBuilder.this.groups = groups;
+        AuthenticationInfoBuilder.this.external = false;
+        return build();
+      }
+
+      /**
+       * Set the external groups for the user.
+       * @param groups external groups of the authenticated user
+       * @return The complete {@link AuthenticationInfo}
+       */
+      public AuthenticationInfo withExternalGroups(String... groups) {
+        return withExternalGroups(asList(groups));
+      }
+
+      /**
+       * Set the external groups for the user.
+       * @param groups external groups of the authenticated user
+       * @return The complete {@link AuthenticationInfo}
+       */
+      public AuthenticationInfo withExternalGroups(Collection<String> groups) {
+        AuthenticationInfoBuilder.this.groups = groups;
+        AuthenticationInfoBuilder.this.external = true;
+        return build();
+      }
+    }
+  }
+
+  //~--- methods --------------------------------------------------------------
+
   /**
    * Create {@link AuthenticationInfo} from user and groups.
    *
@@ -106,13 +196,13 @@ public final class SyncingRealmHelper {
    *
    * @return authentication info
    */
-  public AuthenticationInfo createAuthenticationInfo(String realm, User user,
-    Collection<String> groups) {
+  private AuthenticationInfo createAuthenticationInfo(String realm, User user,
+    Collection<String> groups, boolean externalGroups) {
     SimplePrincipalCollection collection = new SimplePrincipalCollection();
 
     collection.add(user.getId(), realm);
     collection.add(user, realm);
-    collection.add(new GroupNames(groups), realm);
+    collection.add(new GroupNames(groups, externalGroups), realm);
 
     return new SimpleAuthenticationInfo(collection, user.getPassword());
   }
@@ -161,6 +251,6 @@ public final class SyncingRealmHelper {
 
         }
       }
-      });
-    }
+    });
   }
+}

scm-core/src/main/java/sonia/scm/user/User.java

@@ -59,7 +59,9 @@ import java.security.Principal;
 @StaticPermissions(
   value = "user",
   globalPermissions = {"create", "list", "autocomplete"},
-  permissions = {"read", "modify", "delete", "changePassword"})
+  permissions = {"read", "modify", "delete", "changePassword"},
+  custom = true, customGlobal = true
+)
 @XmlRootElement(name = "users")
 @XmlAccessorType(XmlAccessType.FIELD)
 public class User extends BasicPropertiesAware implements Principal, ModelObject, PermissionObject, ReducedModelObject

scm-core/src/test/java/sonia/scm/security/SyncingRealmHelperTest.java

@@ -37,6 +37,7 @@ package sonia.scm.security;
 
 import com.google.common.base.Throwables;
 import org.apache.shiro.authc.AuthenticationInfo;
+import org.assertj.core.api.Assertions;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -53,10 +54,14 @@ import sonia.scm.web.security.PrivilegedAction;
 
 import java.io.IOException;
 
+import static java.util.Collections.singletonList;
+import static org.assertj.core.util.Arrays.asList;
 import static org.hamcrest.Matchers.hasItem;
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertThat;
+import static org.junit.Assert.assertTrue;
 import static org.mockito.Mockito.doThrow;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
@@ -106,25 +111,6 @@ public class SyncingRealmHelperTest {
     helper = new SyncingRealmHelper(ctx, userManager, groupManager);
   }
 
-  /**
-   * Tests {@link SyncingRealmHelper#createAuthenticationInfo(String, User, String...)}.
-   */
-  @Test
-  public void testCreateAuthenticationInfo() {
-    User user = new User("tricia");
-    AuthenticationInfo authInfo = helper.createAuthenticationInfo("unit-test",
-      user, "heartOfGold");
-
-    assertNotNull(authInfo);
-    assertEquals("tricia", authInfo.getPrincipals().getPrimaryPrincipal());
-    assertThat(authInfo.getPrincipals().getRealmNames(), hasItem("unit-test"));
-    assertEquals(user, authInfo.getPrincipals().oneByType(User.class));
-
-    GroupNames groups = authInfo.getPrincipals().oneByType(GroupNames.class);
-
-    assertThat(groups, hasItem("heartOfGold"));
-  }
-
   /**
    * Tests {@link SyncingRealmHelper#store(Group)}.
    *
@@ -198,4 +184,45 @@ public class SyncingRealmHelperTest {
     helper.store(user);
     verify(userManager, times(1)).modify(user);
   }
+
+  @Test
+  public void builderShouldSetInternalGroups() {
+    AuthenticationInfo authenticationInfo = helper
+      .authenticationInfo()
+      .forRealm("unit-test")
+      .andUser(new User("ziltoid"))
+      .withGroups("internal");
+
+    GroupNames groupNames = authenticationInfo.getPrincipals().oneByType(GroupNames.class);
+    Assertions.assertThat(groupNames.getCollection()).containsOnly("internal");
+    Assertions.assertThat(groupNames.isExternal()).isFalse();
+  }
+
+  @Test
+  public void builderShouldSetExternalGroups() {
+    AuthenticationInfo authenticationInfo = helper
+      .authenticationInfo()
+      .forRealm("unit-test")
+      .andUser(new User("ziltoid"))
+      .withExternalGroups("external");
+
+    GroupNames groupNames = authenticationInfo.getPrincipals().oneByType(GroupNames.class);
+    Assertions.assertThat(groupNames.getCollection()).containsOnly("external");
+    Assertions.assertThat(groupNames.isExternal()).isTrue();
+  }
+
+  @Test
+  public void builderShouldSetValues() {
+    User user = new User("ziltoid");
+    AuthenticationInfo authInfo = helper
+      .authenticationInfo()
+      .forRealm("unit-test")
+      .andUser(user)
+      .withoutGroups();
+
+    assertNotNull(authInfo);
+    assertEquals("ziltoid", authInfo.getPrincipals().getPrimaryPrincipal());
+    assertThat(authInfo.getPrincipals().getRealmNames(), hasItem("unit-test"));
+    assertEquals(user, authInfo.getPrincipals().oneByType(User.class));
+  }
 }

scm-plugins/scm-git-plugin/package.json

@@ -12,6 +12,6 @@
     "@scm-manager/ui-extensions": "^0.1.2"
   },
   "devDependencies": {
-    "@scm-manager/ui-bundler": "^0.0.24"
+    "@scm-manager/ui-bundler": "^0.0.25"
   }
 }

scm-plugins/scm-git-plugin/src/main/java/sonia/scm/api/v2/resources/GitConfigInIndexResource.java

@@ -4,6 +4,7 @@ import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import sonia.scm.config.ConfigurationPermissions;
 import sonia.scm.plugin.Extension;
+import sonia.scm.repository.GitConfig;
 import sonia.scm.web.JsonEnricherBase;
 import sonia.scm.web.JsonEnricherContext;
 
@@ -26,7 +27,7 @@ public class GitConfigInIndexResource extends JsonEnricherBase {
 
   @Override
   public void enrich(JsonEnricherContext context) {
-    if (resultHasMediaType(INDEX, context) && ConfigurationPermissions.list().isPermitted()) {
+    if (resultHasMediaType(INDEX, context) && ConfigurationPermissions.read(GitConfig.PERMISSION).isPermitted()) {
       String gitConfigUrl = new LinkBuilder(scmPathInfoStore.get().get(), GitConfigResource.class)
         .method("get")
         .parameters()

scm-plugins/scm-git-plugin/src/main/java/sonia/scm/repository/spi/AbstractGitPushOrPullCommand.java

@@ -43,6 +43,7 @@ import org.eclipse.jgit.lib.Repository;
 import org.eclipse.jgit.revwalk.RevCommit;
 import org.eclipse.jgit.transport.PushResult;
 import org.eclipse.jgit.transport.RemoteRefUpdate;
+import org.eclipse.jgit.transport.ScmTransportProtocol;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import sonia.scm.repository.GitRepositoryHandler;
@@ -62,7 +63,7 @@ public abstract class AbstractGitPushOrPullCommand extends AbstractGitCommand
 {
 
   /** Field description */
-  private static final String SCHEME = "scm://";
+  private static final String SCHEME = ScmTransportProtocol.NAME + "://";
 
   /**
    * the logger for AbstractGitPushOrPullCommand
@@ -167,7 +168,7 @@ public abstract class AbstractGitPushOrPullCommand extends AbstractGitCommand
     }
     else
     {
-      throw new IllegalArgumentException("repository or url is requiered");
+      throw new IllegalArgumentException("repository or url is required");
     }
 
     return url;

scm-plugins/scm-git-plugin/src/main/resources/META-INF/scm/permissions.xml

@@ -34,10 +34,10 @@
 <permissions>
   
   <permission>
-    <value>configuration:read:git</value>
+    <value>configuration:read,write:git</value>
   </permission>
   <permission>
-    <value>configuration:write:git</value>
+    <value>repository:git:*</value>
   </permission>
 
 </permissions>

scm-plugins/scm-git-plugin/src/main/resources/META-INF/scm/repository-permissions.xml

@@ -0,0 +1,7 @@
+<repository-permissions>
+  <verbs>
+    <verb>git</verb>
+  </verbs>
+  <roles>
+  </roles>
+</repository-permissions>

scm-plugins/scm-git-plugin/src/main/resources/locales/de/plugins.json

@@ -39,18 +39,28 @@
   },
   "permissions" : {
     "configuration": {
-      "read": {
+      "read,write": {
         "git": {
-          "displayName": "Git Konfiguration lesen",
-          "description": "Darf die git Konfiguration lesen."
-        }
-      },
-      "write": {
-        "git": {
-          "displayName": "Git Konfiguration schreiben",
+          "displayName": "Git Konfiguration ändern",
           "description": "Darf die git Konfiguration verändern."
         }
       }
+    },
+    "repository": {
+      "git": {
+        "*": {
+          "displayName": "Repository-spezifische Git Konfiguration ändern",
+          "description": "Darf die git Konfiguration für alle Repositories verändern."
+        }
+      }
+    }
+  },
+  "verbs": {
+    "repository": {
+      "git": {
+        "displayName": "Git konfigurieren",
+        "description": "Darf die git Konfiguration für dieses Repository verändern."
+      }
     }
   }
 }

scm-plugins/scm-git-plugin/src/main/resources/locales/en/plugins.json

@@ -39,18 +39,28 @@
   },
   "permissions" : {
     "configuration": {
-      "read": {
+      "read,write": {
         "git": {
-          "displayName": "Read git configuration",
-          "description": "May read the git configuration"
-        }
-      },
-      "write": {
-        "git": {
-          "displayName": "Write git configuration",
+          "displayName": "Modify git configuration",
           "description": "May change the git configuration"
         }
       }
+    },
+    "repository": {
+      "git": {
+        "*": {
+          "displayName": "Modify repository specific git configuration",
+          "description": "May change the git configuration for repositories"
+        }
+      }
+    }
+  },
+  "verbs": {
+    "repository": {
+      "git": {
+        "displayName": "configure Git",
+        "description": "May change the git configuration for this repository"
+      }
     }
   }
 }

scm-plugins/scm-git-plugin/src/test/java/sonia/scm/api/v2/resources/GitConfigInIndexResourceTest.java

@@ -15,6 +15,7 @@ import java.net.URI;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
 
 @SubjectAware(configuration = "classpath:sonia/scm/configuration/shiro.ini")
 public class GitConfigInIndexResourceTest {
@@ -50,7 +51,7 @@ public class GitConfigInIndexResourceTest {
 
     gitConfigInIndexResource.enrich(context);
 
-    assertFalse(root.get("_links").iterator().hasNext());
+    assertTrue(root.get("_links").iterator().hasNext());
   }
 
   @Test

scm-plugins/scm-git-plugin/yarn.lock

@@ -707,9 +707,9 @@
   version "0.0.2"
   resolved "https://registry.yarnpkg.com/@scm-manager/eslint-config/-/eslint-config-0.0.2.tgz#94cc8c3fb4f51f870b235893dc134fc6c423ae85"
 
-"@scm-manager/ui-bundler@^0.0.24":
-  version "0.0.24"
-  resolved "https://registry.yarnpkg.com/@scm-manager/ui-bundler/-/ui-bundler-0.0.24.tgz#034d5500c79b438c48d8f7ee985be07c4ea46d1e"
+"@scm-manager/ui-bundler@^0.0.25":
+  version "0.0.25"
+  resolved "https://registry.yarnpkg.com/@scm-manager/ui-bundler/-/ui-bundler-0.0.25.tgz#1f65b3ff0ae81559a114c6a8d8cf43856cc6e166"
   dependencies:
     "@babel/core" "^7.0.0"
     "@babel/plugin-proposal-class-properties" "^7.0.0"
@@ -750,7 +750,6 @@
 "@scm-manager/ui-extensions@^0.1.2":
   version "0.1.2"
   resolved "https://registry.yarnpkg.com/@scm-manager/ui-extensions/-/ui-extensions-0.1.2.tgz#0689427ca45c8e4e045b5b9dbc89036f1d2c45fc"
-  integrity sha512-oIkXcc/VWssnK/yjWKC/Wnq5DZ01rArsz76n4X/0DT0hkGNIKmwk/Fdp7OoXiUEb7+aaPjUX1VvDqlTwCNKPmA==
   dependencies:
     react "^16.4.2"
     react-dom "^16.4.2"

scm-plugins/scm-hg-plugin/package.json

@@ -9,6 +9,6 @@
     "@scm-manager/ui-extensions": "^0.1.2"
   },
   "devDependencies": {
-    "@scm-manager/ui-bundler": "^0.0.24"
+    "@scm-manager/ui-bundler": "^0.0.25"
   }
 }

scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/api/v2/resources/HgConfigInIndexResource.java

@@ -4,6 +4,7 @@ import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import sonia.scm.config.ConfigurationPermissions;
 import sonia.scm.plugin.Extension;
+import sonia.scm.repository.HgConfig;
 import sonia.scm.web.JsonEnricherBase;
 import sonia.scm.web.JsonEnricherContext;
 
@@ -26,7 +27,7 @@ public class HgConfigInIndexResource extends JsonEnricherBase {
 
   @Override
   public void enrich(JsonEnricherContext context) {
-    if (resultHasMediaType(INDEX, context) && ConfigurationPermissions.list().isPermitted()) {
+    if (resultHasMediaType(INDEX, context) && ConfigurationPermissions.read(HgConfig.PERMISSION).isPermitted()) {
       String hgConfigUrl = new LinkBuilder(scmPathInfoStore.get().get(), HgConfigResource.class)
         .method("get")
         .parameters()

scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgContext.java

@@ -35,13 +35,10 @@ package sonia.scm.repository;
 
 //~--- non-JDK imports --------------------------------------------------------
 
-import com.google.inject.servlet.RequestScoped;
-
 /**
  *
  * @author Sebastian Sdorra
  */
-@RequestScoped
 public class HgContext
 {
 

scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgContextProvider.java

@@ -35,13 +35,20 @@ package sonia.scm.repository;
 
 //~--- non-JDK imports --------------------------------------------------------
 
-import com.google.inject.Inject;
-import com.google.inject.Provider;
 
+import com.google.common.annotations.VisibleForTesting;
+import com.google.inject.OutOfScopeException;
+import com.google.inject.Provider;
+import com.google.inject.ProvisionException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.inject.Inject;
+
 /**
+ * Injection provider for {@link HgContext}.
+ * This provider returns an instance {@link HgContext} from request scope, if no {@link HgContext} could be found in
+ * request scope (mostly because the scope is not available) a new {@link HgContext} gets returned.
  *
  * @author Sebastian Sdorra
  */
@@ -49,36 +56,50 @@ public class HgContextProvider implements Provider<HgContext>
 {
 
   /**
-   * the logger for HgContextProvider
+   * the LOG for HgContextProvider
    */
-  private static final Logger logger =
+  private static final Logger LOG =
     LoggerFactory.getLogger(HgContextProvider.class);
 
   //~--- get methods ----------------------------------------------------------
 
-  /**
-   * Method description
-   *
-   *
-   * @return
-   */
-  @Override
-  public HgContext get()
-  {
-    HgContext ctx = context;
+  private Provider<HgContextRequestStore> requestStoreProvider;
 
-    if (ctx == null)
-    {
-      ctx = new HgContext();
-      logger.trace("context is null, we are probably out of request scope");
-    }
-
-    return ctx;
+  @Inject
+  public HgContextProvider(Provider<HgContextRequestStore> requestStoreProvider) {
+    this.requestStoreProvider = requestStoreProvider;
   }
 
-  //~--- fields ---------------------------------------------------------------
+  @VisibleForTesting
+  public HgContextProvider() {
+  }
 
-  /** Field description */
-  @Inject(optional = true)
-  private HgContext context;
+  @Override
+  public HgContext get() {
+    HgContext context = fetchContextFromRequest();
+    if (context != null) {
+      LOG.trace("return HgContext from request store");
+      return context;
+    }
+    LOG.trace("could not find context in request scope, returning new instance");
+    return new HgContext();
+  }
+
+  private HgContext fetchContextFromRequest() {
+    try {
+      if (requestStoreProvider != null) {
+        return requestStoreProvider.get().get();
+      } else {
+        LOG.trace("no request store provider defined, could not return context from request");
+        return null;
+      }
+    } catch (ProvisionException ex) {
+      if (ex.getCause() instanceof OutOfScopeException) {
+        LOG.trace("we are currently out of request scope, failed to retrieve context");
+        return null;
+      } else {
+        throw ex;
+      }
+    }
+  }
 }

scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgContextRequestStore.java

@@ -0,0 +1,24 @@
+package sonia.scm.repository;
+
+import com.google.inject.servlet.RequestScoped;
+
+/**
+ * Holds an instance of {@link HgContext} in the request scope.
+ *
+ * <p>The problem seems to be that guice had multiple options for injecting HgContext. {@link HgContextProvider}
+ * bound via Module and {@link HgContext} bound void {@link RequestScoped} annotation. It looks like that Guice 4
+ * injects randomly the one or the other, in SCMv1 (Guice 3) everything works as expected.</p>
+ *
+ * <p>To fix the problem we have created this class annotated with {@link RequestScoped}, which holds an instance
+ * of {@link HgContext}. This way only the {@link HgContextProvider} is used for injection.</p>
+ */
+@RequestScoped
+public class HgContextRequestStore {
+
+  private final HgContext context = new HgContext();
+
+  public HgContext get() {
+    return context;
+  }
+
+}

scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgUtil.java

@@ -134,6 +134,8 @@ public final class HgUtil
 
     repoConfiguration.setHgBin(handler.getConfig().getHgBinary());
 
+    logger.debug("open hg repository {}: encoding: {}, pending: {}", directory, enc, pending);
+
     return Repository.open(repoConfiguration, directory);
   }
 

scm-plugins/scm-hg-plugin/src/main/resources/META-INF/scm/permissions.xml

@@ -34,10 +34,10 @@
 <permissions>
   
   <permission>
-    <value>configuration:read:hg</value>
+    <value>configuration:read,write:hg</value>
   </permission>
   <permission>
-    <value>configuration:write:hg</value>
+    <value>repository:hg:*</value>
   </permission>
 
 </permissions>

scm-plugins/scm-hg-plugin/src/main/resources/META-INF/scm/repository-permissions.xml

@@ -0,0 +1,7 @@
+<repository-permissions>
+  <verbs>
+    <verb>hg</verb>
+  </verbs>
+  <roles>
+  </roles>
+</repository-permissions>

scm-plugins/scm-hg-plugin/src/main/resources/locales/de/plugins.json

@@ -31,18 +31,28 @@
   },
   "permissions" : {
     "configuration": {
-      "read": {
+      "read,write": {
         "hg": {
-          "displayName": "Mercurial Konfiguration lesen",
-          "description": "Darf die Mercurial Konfiguration lesen"
-        }
-      },
-      "write": {
-        "hg": {
-          "displayName": "Mercurial Konfiguration schreiben",
+          "displayName": "Mercurial Konfiguration ändern",
           "description": "Darf die Mercurial Konfiguration verändern"
         }
       }
+    },
+    "repository": {
+      "hg": {
+        "*": {
+          "displayName": "Repository-spezifische Mercurial Konfiguration ändern",
+          "description": "Darf die Mercurial Konfiguration für alle Repositories verändern."
+        }
+      }
+    }
+  },
+  "verbs": {
+    "repository": {
+      "hg": {
+        "displayName": "Mercurial konfigurieren",
+        "description": "Darf die Mercurial Konfiguration für dieses Repository verändern."
+      }
     }
   }
 }

scm-plugins/scm-hg-plugin/src/main/resources/locales/en/plugins.json

@@ -31,18 +31,28 @@
   },
   "permissions" : {
     "configuration": {
-      "read": {
+      "read,write": {
         "hg": {
-          "displayName": "Read Mercurial configuration",
-          "description": "May read the Mercurial configuration"
-        }
-      },
-      "write": {
-        "hg": {
-          "displayName": "Write Mercurial configuration",
+          "displayName": "Modify Mercurial configuration",
           "description": "May change the Mercurial configuration"
         }
       }
+    },
+    "repository": {
+      "hg": {
+        "*": {
+          "displayName": "Modify repository specific Mercurial configuration",
+          "description": "May change the Mercurial configuration for repositories"
+        }
+      }
+    }
+  },
+  "verbs": {
+    "repository": {
+      "hg": {
+        "displayName": "configure Mercurial",
+        "description": "May change the Mercurial configuration for this repository"
+      }
     }
   }
 }

scm-plugins/scm-hg-plugin/src/main/resources/sonia/scm/python/hgweb.py

@@ -46,8 +46,8 @@ u.setconfig('web', 'push_ssl', 'false')
 u.setconfig('web', 'allow_read', '*')
 u.setconfig('web', 'allow_push', '*')
 
-u.setconfig('hooks', 'changegroup.scm', 'python:scmhooks.callback')
-u.setconfig('hooks', 'pretxnchangegroup.scm', 'python:scmhooks.callback')
+u.setconfig('hooks', 'changegroup.scm', 'python:scmhooks.postHook')
+u.setconfig('hooks', 'pretxnchangegroup.scm', 'python:scmhooks.preHook')
 
 # pass SCM_HTTP_POST_ARGS to enable experimental httppostargs protocol of mercurial
 # SCM_HTTP_POST_ARGS is set by HgCGIServlet

scm-plugins/scm-hg-plugin/src/main/resources/sonia/scm/python/scmhooks.py

@@ -85,9 +85,7 @@ def callHookUrl(ui, repo, hooktype, node):
     ui.traceback()
   return abort
 
-def callback(ui, repo, hooktype, node=None, source=None, pending=None, **kwargs):
-  if pending != None:
-    pending()
+def callback(ui, repo, hooktype, node=None):
   abort = True
   if node != None:
     if len(baseUrl) > 0:
@@ -98,3 +96,28 @@ def callback(ui, repo, hooktype, node=None, source=None, pending=None, **kwargs)
   else:
     ui.warn("changeset node is not available")
   return abort
+
+def preHook(ui, repo, hooktype, node=None, source=None, pending=None, **kwargs):
+  # older mercurial versions
+  if pending != None:
+    pending()
+  
+  # newer mercurial version
+  # we have to make in-memory changes visible to external process
+  # this does not happen automatically, because mercurial treat our hooks as internal hooks
+  # see hook.py at mercurial sources _exthook
+  try:
+    if repo is not None:
+      tr = repo.currenttransaction()
+      repo.dirstate.write(tr)
+      if tr and not tr.writepending():
+        ui.warn("no pending write transaction found")
+  except AttributeError:
+    ui.debug("mercurial does not support currenttransation")
+    # do nothing
+
+  return callback(ui, repo, hooktype, node)
+
+def postHook(ui, repo, hooktype, node=None, source=None, pending=None, **kwargs):
+  return callback(ui, repo, hooktype, node)
+

scm-plugins/scm-hg-plugin/src/test/java/sonia/scm/api/v2/resources/HgConfigInIndexResourceTest.java

@@ -15,6 +15,7 @@ import java.net.URI;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
 
 @SubjectAware(configuration = "classpath:sonia/scm/configuration/shiro.ini")
 public class HgConfigInIndexResourceTest {
@@ -50,7 +51,7 @@ public class HgConfigInIndexResourceTest {
 
     hgConfigInIndexResource.enrich(context);
 
-    assertFalse(root.get("_links").iterator().hasNext());
+    assertTrue(root.get("_links").iterator().hasNext());
   }
 
   @Test

scm-plugins/scm-hg-plugin/src/test/java/sonia/scm/repository/HgContextProviderTest.java

@@ -0,0 +1,87 @@
+package sonia.scm.repository;
+
+import com.google.inject.AbstractModule;
+import com.google.inject.Guice;
+import com.google.inject.Injector;
+import com.google.inject.Key;
+import com.google.inject.OutOfScopeException;
+import com.google.inject.Provider;
+import com.google.inject.ProvisionException;
+import com.google.inject.Scope;
+import com.google.inject.servlet.RequestScoped;
+import com.google.inject.util.Providers;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.when;
+
+@ExtendWith(MockitoExtension.class)
+class HgContextProviderTest {
+
+  @Mock
+  private Scope scope;
+
+  @Test
+  void shouldThrowNonOutOfScopeProvisionExceptions() {
+    Provider<HgContextRequestStore> provider = () -> {
+      throw new RuntimeException("something different");
+    };
+
+    when(scope.scope(any(Key.class), any(Provider.class))).thenReturn(provider);
+
+    Injector injector = Guice.createInjector(new HgContextModule(scope));
+
+    assertThrows(ProvisionException.class, () -> injector.getInstance(HgContext.class));
+  }
+
+  @Test
+  void shouldCreateANewInstanceIfOutOfRequestScope() {
+    Provider<HgContextRequestStore> provider = () -> {
+      throw new OutOfScopeException("no request");
+    };
+    when(scope.scope(any(Key.class), any(Provider.class))).thenReturn(provider);
+
+    Injector injector = Guice.createInjector(new HgContextModule(scope));
+
+    HgContext contextOne = injector.getInstance(HgContext.class);
+    HgContext contextTwo = injector.getInstance(HgContext.class);
+
+    assertThat(contextOne).isNotSameAs(contextTwo);
+  }
+
+  @Test
+  void shouldInjectFromRequestScope() {
+    HgContextRequestStore requestStore = new HgContextRequestStore();
+    Provider<HgContextRequestStore> provider = Providers.of(requestStore);
+
+    when(scope.scope(any(Key.class), any(Provider.class))).thenReturn(provider);
+
+    Injector injector = Guice.createInjector(new HgContextModule(scope));
+
+    HgContext contextOne = injector.getInstance(HgContext.class);
+    HgContext contextTwo = injector.getInstance(HgContext.class);
+
+    assertThat(contextOne).isSameAs(contextTwo);
+  }
+
+  private static class HgContextModule extends AbstractModule {
+
+    private Scope scope;
+
+    private HgContextModule(Scope scope) {
+      this.scope = scope;
+    }
+
+    @Override
+    protected void configure() {
+      bindScope(RequestScoped.class, scope);
+      bind(HgContextRequestStore.class);
+      bind(HgContext.class).toProvider(HgContextProvider.class);
+    }
+  }
+}

scm-plugins/scm-hg-plugin/yarn.lock

@@ -641,9 +641,9 @@
   version "0.0.2"
   resolved "https://registry.yarnpkg.com/@scm-manager/eslint-config/-/eslint-config-0.0.2.tgz#94cc8c3fb4f51f870b235893dc134fc6c423ae85"
 
-"@scm-manager/ui-bundler@^0.0.24":
-  version "0.0.24"
-  resolved "https://registry.yarnpkg.com/@scm-manager/ui-bundler/-/ui-bundler-0.0.24.tgz#034d5500c79b438c48d8f7ee985be07c4ea46d1e"
+"@scm-manager/ui-bundler@^0.0.25":
+  version "0.0.25"
+  resolved "https://registry.yarnpkg.com/@scm-manager/ui-bundler/-/ui-bundler-0.0.25.tgz#1f65b3ff0ae81559a114c6a8d8cf43856cc6e166"
   dependencies:
     "@babel/core" "^7.0.0"
     "@babel/plugin-proposal-class-properties" "^7.0.0"
@@ -684,7 +684,6 @@
 "@scm-manager/ui-extensions@^0.1.2":
   version "0.1.2"
   resolved "https://registry.yarnpkg.com/@scm-manager/ui-extensions/-/ui-extensions-0.1.2.tgz#0689427ca45c8e4e045b5b9dbc89036f1d2c45fc"
-  integrity sha512-oIkXcc/VWssnK/yjWKC/Wnq5DZ01rArsz76n4X/0DT0hkGNIKmwk/Fdp7OoXiUEb7+aaPjUX1VvDqlTwCNKPmA==
   dependencies:
     react "^16.4.2"
     react-dom "^16.4.2"

scm-plugins/scm-svn-plugin/package.json

@@ -9,6 +9,6 @@
     "@scm-manager/ui-extensions": "^0.1.2"
   },
   "devDependencies": {
-    "@scm-manager/ui-bundler": "^0.0.24"
+    "@scm-manager/ui-bundler": "^0.0.25"
   }
 }

scm-plugins/scm-svn-plugin/src/main/java/sonia/scm/api/v2/resources/SvnConfigInIndexResource.java

@@ -4,6 +4,7 @@ import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import sonia.scm.config.ConfigurationPermissions;
 import sonia.scm.plugin.Extension;
+import sonia.scm.repository.SvnConfig;
 import sonia.scm.web.JsonEnricherBase;
 import sonia.scm.web.JsonEnricherContext;
 
@@ -26,7 +27,7 @@ public class SvnConfigInIndexResource extends JsonEnricherBase {
 
   @Override
   public void enrich(JsonEnricherContext context) {
-    if (resultHasMediaType(INDEX, context) && ConfigurationPermissions.list().isPermitted()) {
+    if (resultHasMediaType(INDEX, context) && ConfigurationPermissions.read(SvnConfig.PERMISSION).isPermitted()) {
       String svnConfigUrl = new LinkBuilder(scmPathInfoStore.get().get(), SvnConfigResource.class)
         .method("get")
         .parameters()

scm-plugins/scm-svn-plugin/src/main/resources/META-INF/scm/permissions.xml

@@ -34,10 +34,10 @@
 <permissions>
   
   <permission>
-    <value>configuration:read:svn</value>
+    <value>configuration:read,write:svn</value>
   </permission>
   <permission>
-    <value>configuration:write:svn</value>
+    <value>repository:svn:*</value>
   </permission>
 
 </permissions>

scm-plugins/scm-svn-plugin/src/main/resources/META-INF/scm/repository-permissions.xml

@@ -0,0 +1,7 @@
+<repository-permissions>
+  <verbs>
+    <verb>svn</verb>
+  </verbs>
+  <roles>
+  </roles>
+</repository-permissions>

scm-plugins/scm-svn-plugin/src/main/resources/locales/de/plugins.json

@@ -25,18 +25,28 @@
   },
   "permissions": {
     "configuration": {
-      "read": {
+      "read,write": {
         "svn": {
-          "displayName": "Subversion Konfiguration lesen",
-          "description": "Darf die Subversion Konfiguration lesen"
-        }
-      },
-      "write": {
-        "svn": {
-          "displayName": "Subversion Konfiguration schreiben",
+          "displayName": "Subversion Konfiguration ändern",
           "description": "Darf die Subversion Konfiguration verändern"
         }
       }
+    },
+    "repository": {
+      "svn": {
+        "*": {
+          "displayName": "Repository-spezifische Subversion Konfiguration ändern",
+          "description": "Darf die Subversion Konfiguration für alle Repositories verändern."
+        }
+      }
+    }
+  },
+  "verbs": {
+    "repository": {
+      "svn": {
+        "displayName": "Subversion konfigurieren",
+        "description": "Darf die Subversion Konfiguration für dieses Repository verändern."
+      }
     }
   }
 }

scm-plugins/scm-svn-plugin/src/main/resources/locales/en/plugins.json

@@ -25,18 +25,28 @@
   },
   "permissions": {
     "configuration": {
-      "read": {
+      "read,write": {
         "svn": {
-          "displayName": "Read Subversion configuration",
-          "description": "May read the Subversion configuration"
+          "displayName": "Modify Subversion configuration",
+          "description": "May modify the Subversion configuration"
         }
-      },
-      "write": {
-        "svn": {
-          "displayName": "Write Subversion configuration",
-          "description": "May change the Subversion configuration"
+      }
+    },
+    "repository": {
+      "svn": {
+        "*": {
+          "displayName": "Modify repository specific Subversion configuration",
+          "description": "May change the Subversion configuration for repositories"
         }
       }
     }
+  },
+  "verbs": {
+    "repository": {
+      "svn": {
+        "displayName": "configure Subversion",
+        "description": "May change the Subversion configuration for this repository"
+      }
+    }
   }
 }

scm-plugins/scm-svn-plugin/src/test/java/sonia/scm/api/v2/resources/SvnConfigInIndexResourceTest.java

@@ -15,6 +15,7 @@ import java.net.URI;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
 
 @SubjectAware(configuration = "classpath:sonia/scm/configuration/shiro.ini")
 public class SvnConfigInIndexResourceTest {
@@ -50,7 +51,7 @@ public class SvnConfigInIndexResourceTest {
 
     svnConfigInIndexResource.enrich(context);
 
-    assertFalse(root.get("_links").iterator().hasNext());
+    assertTrue(root.get("_links").iterator().hasNext());
   }
 
   @Test

scm-plugins/scm-svn-plugin/yarn.lock

@@ -641,9 +641,9 @@
   version "0.0.2"
   resolved "https://registry.yarnpkg.com/@scm-manager/eslint-config/-/eslint-config-0.0.2.tgz#94cc8c3fb4f51f870b235893dc134fc6c423ae85"
 
-"@scm-manager/ui-bundler@^0.0.24":
-  version "0.0.24"
-  resolved "https://registry.yarnpkg.com/@scm-manager/ui-bundler/-/ui-bundler-0.0.24.tgz#034d5500c79b438c48d8f7ee985be07c4ea46d1e"
+"@scm-manager/ui-bundler@^0.0.25":
+  version "0.0.25"
+  resolved "https://registry.yarnpkg.com/@scm-manager/ui-bundler/-/ui-bundler-0.0.25.tgz#1f65b3ff0ae81559a114c6a8d8cf43856cc6e166"
   dependencies:
     "@babel/core" "^7.0.0"
     "@babel/plugin-proposal-class-properties" "^7.0.0"
@@ -684,7 +684,6 @@
 "@scm-manager/ui-extensions@^0.1.2":
   version "0.1.2"
   resolved "https://registry.yarnpkg.com/@scm-manager/ui-extensions/-/ui-extensions-0.1.2.tgz#0689427ca45c8e4e045b5b9dbc89036f1d2c45fc"
-  integrity sha512-oIkXcc/VWssnK/yjWKC/Wnq5DZ01rArsz76n4X/0DT0hkGNIKmwk/Fdp7OoXiUEb7+aaPjUX1VvDqlTwCNKPmA==
   dependencies:
     react "^16.4.2"
     react-dom "^16.4.2"

scm-ui-components/packages/ui-components/package.json

@@ -14,7 +14,7 @@
     "eslint-fix": "eslint src --fix"
   },
   "devDependencies": {
-    "@scm-manager/ui-bundler": "^0.0.24",
+    "@scm-manager/ui-bundler": "^0.0.25",
     "create-index": "^2.3.0",
     "enzyme": "^3.5.0",
     "enzyme-adapter-react-16": "^1.3.1",
@@ -31,12 +31,15 @@
     "classnames": "^2.2.6",
     "moment": "^2.22.2",
     "react": "^16.5.2",
+    "react-diff-view": "^1.8.1",
     "react-dom": "^16.5.2",
     "react-i18next": "^7.11.0",
     "react-jss": "^8.6.1",
     "react-router-dom": "^4.3.1",
-    "react-select": "^2.1.2",
-    "diff2html": "^2.5.0"
+    "react-select": "^2.1.2"
+  },
+  "resolutions": {
+    "gitdiff-parser": "https://github.com/cloudogu/gitdiff-parser#3a72da4a8e3d9bfb4b9e01a43e85628c19f26cc4"
   },
   "browserify": {
     "transform": [

scm-ui-components/packages/ui-components/src/Help.js

@@ -7,7 +7,8 @@ import HelpIcon from './HelpIcon';
 const styles = {
   tooltip: {
     display: "inline-block",
-    paddingLeft: "3px"
+    paddingLeft: "3px",
+    position: "absolute"
   }
 };
 

scm-ui-components/packages/ui-components/src/buttons/CreateButton.js

@@ -2,8 +2,8 @@
 import React from "react";
 import injectSheet from "react-jss";
 import { type ButtonProps } from "./Button";
-import SubmitButton from "./SubmitButton";
 import classNames from "classnames";
+import Button from "./Button";
 
 const styles = {
   spacing: {
@@ -19,7 +19,7 @@ class CreateButton extends React.Component<ButtonProps> {
     const { classes } = this.props;
     return (
       <div className={classNames("has-text-centered", classes.spacing)}>
-        <SubmitButton {...this.props} />
+        <Button color="primary" {...this.props} />
       </div>
     );
   }

scm-ui-components/packages/ui-components/src/buttons/SubmitButton.js

@@ -4,7 +4,20 @@ import Button, { type ButtonProps } from "./Button";
 
 class SubmitButton extends React.Component<ButtonProps> {
   render() {
-    return <Button type="submit" color="primary" {...this.props} />;
+    const { action } = this.props;
+    return (
+      <Button
+        type="submit"
+        color="primary"
+        {...this.props}
+        action={(event) => {
+          if (action) {
+            action(event)
+          }
+          window.scrollTo(0, 0);
+        }}
+      />
+    );
   }
 }
 

scm-ui-components/packages/ui-components/src/config/ConfigurationBinder.js

@@ -86,7 +86,7 @@ class ConfigurationBinder {
     });
 
     // bind navigation link to extension point
-    binder.bind("repository.subnavigation", RepoNavLink, repoPredicate);
+    binder.bind("repository.setting", RepoNavLink, repoPredicate);
 
 
     // route for global configuration, passes the current repository to component

scm-ui-components/packages/ui-components/src/forms/Radio.js

@@ -22,8 +22,7 @@ class Radio extends React.Component<Props> {
 
   render() {
     return (
-      <div className="field is-grouped">
-        <div className="control">
+
           <label className="radio" disabled={this.props.disabled}>
             <input
               type="radio"
@@ -36,8 +35,6 @@ class Radio extends React.Component<Props> {
             {this.props.label}
             {this.renderHelp()}
           </label>
-        </div>
-      </div>
     );
   }
 }

scm-ui-components/packages/ui-components/src/layout/Page.js

@@ -4,6 +4,9 @@ import Loading from "./../Loading";
 import ErrorNotification from "./../ErrorNotification";
 import Title from "./Title";
 import Subtitle from "./Subtitle";
+import injectSheet from "react-jss";
+import classNames from "classnames";
+import PageActions from "./PageActions";
 
 type Props = {
   title?: string,
@@ -11,17 +14,26 @@ type Props = {
   loading?: boolean,
   error?: Error,
   showContentOnError?: boolean,
-  children: React.Node
+  children: React.Node,
+
+  // context props
+  classes: Object
+};
+
+const styles = {
+  spacing: {
+    marginTop: "1.25rem",
+    textAlign: "right"
+  }
 };
 
 class Page extends React.Component<Props> {
   render() {
-    const { title, error, subtitle } = this.props;
+    const { error } = this.props;
     return (
       <section className="section">
         <div className="container">
-          <Title title={title} />
-          <Subtitle subtitle={subtitle} />
+          {this.renderPageHeader()}
           <ErrorNotification error={error} />
           {this.renderContent()}
         </div>
@@ -29,16 +41,64 @@ class Page extends React.Component<Props> {
     );
   }
 
+  renderPageHeader() {
+    const { title, subtitle, children, classes } = this.props;
+
+    let pageActions = null;
+    let pageActionsExists = false;
+    React.Children.forEach(children, child => {
+      if (child && child.type.name === PageActions.name) {
+        pageActions = (
+          <div className="column is-two-fifths">
+            <div
+              className={classNames(
+                classes.spacing,
+                "is-mobile-create-button-spacing"
+              )}
+            >
+              {child}
+            </div>
+          </div>
+        );
+        pageActionsExists = true;
+      }
+    });
+    let underline = pageActionsExists ? (
+      <hr className="header-with-actions" />
+    ) : null;
+
+    return (
+      <>
+        <div className="columns">
+          <div className="column">
+            <Title title={title} />
+            <Subtitle subtitle={subtitle} />
+          </div>
+          {pageActions}
+        </div>
+        {underline}
+      </>
+    );
+  }
+
   renderContent() {
     const { loading, children, showContentOnError, error } = this.props;
+
     if (error && !showContentOnError) {
       return null;
     }
     if (loading) {
       return <Loading />;
     }
-    return children;
+
+    let content = [];
+    React.Children.forEach(children, child => {
+      if (child && child.type.name !== PageActions.name) {
+        content.push(child);
+      }
+    });
+    return content;
   }
 }
 
-export default Page;
+export default injectSheet(styles)(Page);

scm-ui-components/packages/ui-components/src/layout/PageActions.js

@@ -0,0 +1,28 @@
+//@flow
+import * as React from "react";
+import Loading from "./../Loading";
+
+type Props = {
+  loading?: boolean,
+  error?: Error,
+  children: React.Node
+};
+
+class PageActions extends React.Component<Props> {
+  render() {
+    return <>{this.renderContent()}</>;
+  }
+
+  renderContent() {
+    const { loading, children, error } = this.props;
+    if (error) {
+      return null;
+    }
+    if (loading) {
+      return <Loading />;
+    }
+    return children;
+  }
+}
+
+export default PageActions;

scm-ui-components/packages/ui-components/src/layout/Subtitle.js

@@ -9,7 +9,7 @@ class Subtitle extends React.Component<Props> {
   render() {
     const { subtitle } = this.props;
     if (subtitle) {
-      return <h1 className="subtitle">{subtitle}</h1>;
+      return <h2 className="subtitle">{subtitle}</h2>;
     }
     return null;
   }

scm-ui-components/packages/ui-components/src/layout/index.js

@@ -3,6 +3,7 @@
 export { default as Footer } from "./Footer.js";
 export { default as Header } from "./Header.js";
 export { default as Page } from "./Page.js";
+export { default as PageActions } from "./PageActions.js";
 export { default as Subtitle } from "./Subtitle.js";
 export { default as Title } from "./Title.js";
 

scm-ui-components/packages/ui-components/src/modals/Modal.js

@@ -1,7 +1,6 @@
 // @flow
 import * as React from "react";
 import classNames from "classnames";
-import injectSheet from "react-jss";
 
 type Props = {
   title: string,
@@ -9,20 +8,13 @@ type Props = {
   body: any,
   footer?: any,
   active: boolean,
-  classes: any
 };
 
-const styles = {
-  resize: {
-    maxWidth: "100%",
-    width: "auto !important",
-    display: "inline-block"
-  }
-};
+
 
 class Modal extends React.Component<Props> {
   render() {
-    const { title, closeFunction, body, footer, active, classes } = this.props;
+    const { title, closeFunction, body, footer, active } = this.props;
 
     const isActive = active ? "is-active" : null;
 
@@ -34,7 +26,7 @@ class Modal extends React.Component<Props> {
     return (
       <div className={classNames("modal", isActive)}>
         <div className="modal-background" />
-        <div className={classNames("modal-card", classes.resize)}>
+        <div className="modal-card">
           <header className="modal-card-head">
             <p className="modal-card-title">{title}</p>
             <button
@@ -51,4 +43,4 @@ class Modal extends React.Component<Props> {
   }
 }
 
-export default injectSheet(styles)(Modal);
+export default Modal;

scm-ui-components/packages/ui-components/src/repos/Diff.js

@@ -1,9 +1,9 @@
 //@flow
 import React from "react";
-import { Diff2Html } from "diff2html";
+import DiffFile from "./DiffFile";
 
 type Props = {
-  diff: string,
+  diff: any,
   sideBySide: boolean
 };
 
@@ -13,21 +13,17 @@ class Diff extends React.Component<Props> {
     sideBySide: false
   };
 
+  renderFile = (file: any, i: number) => {
+    const { sideBySide } = this.props;
+    return <DiffFile key={i} file={file} sideBySide={sideBySide} />;
+  };
+
   render() {
-    const { diff, sideBySide } = this.props;
-
-    const options = {
-      inputFormat: "diff",
-      outputFormat: sideBySide ? "side-by-side" : "line-by-line",
-      showFiles: false,
-      matching: "lines"
-    };
-
-    const outputHtml = Diff2Html.getPrettyHtml(diff, options);
-
+    const { diff } = this.props;
     return (
-      // eslint-disable-next-line react/no-danger
-      <div dangerouslySetInnerHTML={{ __html: outputHtml }} />
+      <>
+        {diff.map(this.renderFile)}
+      </>
     );
   }
 

scm-ui-components/packages/ui-components/src/repos/DiffFile.js

@@ -0,0 +1,120 @@
+//@flow
+import React from "react";
+import { Hunk, Diff as DiffComponent } from "react-diff-view";
+import injectSheets from "react-jss";
+import classNames from "classnames";
+import {translate} from "react-i18next";
+
+const styles = {
+  panel: {
+    fontSize: "1rem"
+  },
+  header: {
+    cursor: "pointer"
+  },
+  title: {
+    marginLeft: ".25rem",
+    fontSize: "1rem"
+  },
+  hunkDivider: {
+    margin: ".5rem 0"
+  }
+};
+
+type Props = {
+  file: any,
+  sideBySide: boolean,
+  // context props
+  classes: any,
+  t: string => string
+}
+
+type State = {
+  collapsed: boolean
+}
+
+class DiffFile extends React.Component<Props, State> {
+
+  constructor(props: Props) {
+    super(props);
+    this.state = {
+      collapsed: false
+    };
+  }
+
+  toggleCollapse = () => {
+    this.setState((state) => ({
+      collapsed: ! state.collapsed
+    }));
+  };
+
+  renderHunk = (hunk: any, i: number) => {
+    const { classes } = this.props;
+    let header = null;
+    if (i > 0) {
+      header = <hr className={classes.hunkDivider} />;
+    }
+    return <Hunk key={hunk.content} hunk={hunk} header={header} />;
+  };
+
+  renderFileTitle = (file: any) => {
+    if (file.oldPath !== file.newPath && (file.type === "copy" || file.type === "rename")) {
+      return (<>{file.oldPath} <i className="fa fa-arrow-right" /> {file.newPath}</>);
+    } else if (file.type === "delete") {
+      return file.oldPath;
+    }
+    return file.newPath;
+  };
+
+  renderChangeTag = (file: any) => {
+    const { t } = this.props;
+    const key = "diff.changes." + file.type;
+    let value = t(key);
+    if (key === value) {
+      value = file.type;
+    }
+    return (
+      <span className="tag is-info has-text-weight-normal">
+        {value}
+      </span>
+    );
+  };
+
+  render() {
+    const { file, sideBySide, classes } = this.props;
+    const { collapsed } = this.state;
+    const viewType = sideBySide ? "split" : "unified";
+
+    let body = null;
+    let icon = "fa fa-angle-right";
+    if (!collapsed) {
+      icon = "fa fa-angle-down";
+      body = (
+        <div className="panel-block is-paddingless is-size-7">
+          <DiffComponent viewType={viewType}>
+            { file.hunks.map(this.renderHunk) }
+          </DiffComponent>
+        </div>
+      );
+    }
+
+    return (
+      <div className={classNames("panel", classes.panel)}>
+        <div className={classNames("panel-heading", classes.header)} onClick={this.toggleCollapse}>
+          <div className="level">
+            <div className="level-left">
+              <i className={icon} /><span className={classes.title}>{this.renderFileTitle(file)}</span>
+            </div>
+            <div className="level-right">
+              {this.renderChangeTag(file)}
+            </div>
+          </div>
+        </div>
+        {body}
+      </div>
+    );
+  }
+
+}
+
+export default injectSheets(styles)(translate("repos")(DiffFile));

scm-ui-components/packages/ui-components/src/repos/LoadingDiff.js

@@ -2,6 +2,8 @@
 import React from "react";
 import { apiClient } from "../apiclient";
 import ErrorNotification from "../ErrorNotification";
+import parser from "gitdiff-parser";
+
 import Loading from "../Loading";
 import Diff from "./Diff";
 
@@ -11,7 +13,7 @@ type Props = {
 };
 
 type State = {
-  diff?: string,
+  diff?: any,
   loading: boolean,
   error?: Error
 };
@@ -44,10 +46,11 @@ class LoadingDiff extends React.Component<Props, State> {
     apiClient
       .get(url)
       .then(response => response.text())
-      .then(text => {
+      .then(parser.parse)
+      .then(diff => {
         this.setState({
           loading: false,
-          diff: text
+          diff: diff
         });
       })
       .catch(error => {

scm-ui-components/packages/ui-components/src/validation.js

@@ -5,7 +5,7 @@ export const isNameValid = (name: string) => {
   return nameRegex.test(name);
 };
 
-const mailRegex = /^[A-z0-9][\w.-]*@[A-z0-9][\w\-.]*\.[A-z0-9][A-z0-9-]+$/;
+const mailRegex  =  /^[ -~]+@[A-Za-z0-9][\w\-.]*\.[A-Za-z0-9][A-Za-z0-9-]+$/;
 
 export const isMailValid = (mail: string) => {
   return mailRegex.test(mail);

scm-ui-components/packages/ui-components/src/validation.test.js

@@ -59,9 +59,8 @@ describe("test mail validation", () => {
       "@ostfalia.de",
       "s.sdorra@",
       "s.sdorra@ostfalia",
-      "s.sdorra@@ostfalia.de",
       "s.sdorra@ ostfalia.de",
-      "s.sdorra @ostfalia.de"
+      "s.sdorra@[ostfalia.de"
     ];
     for (let mail of invalid) {
       expect(validator.isMailValid(mail)).toBe(false);
@@ -78,7 +77,9 @@ describe("test mail validation", () => {
       "s.sdorra@t.co",
       "s.sdorra@ucla.college",
       "s.sdorra@example.xn--p1ai",
-      "s.sdorra@scm.solutions"
+      "s.sdorra@scm.solutions",
+      "s'sdorra@scm.solutions",
+      "\"S Sdorra\"@scm.solutions"
     ];
     for (let mail of valid) {
       expect(validator.isMailValid(mail)).toBe(true);

scm-ui-components/packages/ui-components/yarn.lock

@@ -687,9 +687,9 @@
   version "0.0.2"
   resolved "https://registry.yarnpkg.com/@scm-manager/eslint-config/-/eslint-config-0.0.2.tgz#94cc8c3fb4f51f870b235893dc134fc6c423ae85"
 
-"@scm-manager/ui-bundler@^0.0.24":
-  version "0.0.24"
-  resolved "https://registry.yarnpkg.com/@scm-manager/ui-bundler/-/ui-bundler-0.0.24.tgz#034d5500c79b438c48d8f7ee985be07c4ea46d1e"
+"@scm-manager/ui-bundler@^0.0.25":
+  version "0.0.25"
+  resolved "https://registry.yarnpkg.com/@scm-manager/ui-bundler/-/ui-bundler-0.0.25.tgz#1f65b3ff0ae81559a114c6a8d8cf43856cc6e166"
   dependencies:
     "@babel/core" "^7.0.0"
     "@babel/plugin-proposal-class-properties" "^7.0.0"
@@ -2444,16 +2444,7 @@ dev-ip@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/dev-ip/-/dev-ip-1.0.1.tgz#a76a3ed1855be7a012bb8ac16cb80f3c00dc28f0"
 
-diff2html@^2.5.0:
-  version "2.5.0"
-  resolved "https://registry.yarnpkg.com/diff2html/-/diff2html-2.5.0.tgz#2d16f1a8f115354733b16b0264a594fa7db98aa2"
-  dependencies:
-    diff "^3.5.0"
-    hogan.js "^3.0.2"
-    lodash "^4.17.11"
-    whatwg-fetch "^3.0.0"
-
-diff@^3.2.0, diff@^3.5.0:
+diff@^3.2.0:
   version "3.5.0"
   resolved "https://registry.yarnpkg.com/diff/-/diff-3.5.0.tgz#800c0dd1e0a8bfbc95835c202ad220fe317e5a12"
 
@@ -3456,6 +3447,10 @@ getpass@^0.1.1:
   dependencies:
     assert-plus "^1.0.0"
 
+gitdiff-parser@^0.1.2, "gitdiff-parser@https://github.com/cloudogu/gitdiff-parser#3a72da4a8e3d9bfb4b9e01a43e85628c19f26cc4":
+  version "0.1.2"
+  resolved "https://github.com/cloudogu/gitdiff-parser#3a72da4a8e3d9bfb4b9e01a43e85628c19f26cc4"
+
 glob-base@^0.3.0:
   version "0.3.0"
   resolved "https://registry.yarnpkg.com/glob-base/-/glob-base-0.3.0.tgz#dbb164f6221b1c0b1ccf82aea328b497df0ea3c4"
@@ -3867,13 +3862,6 @@ hoek@2.x.x:
   version "2.16.3"
   resolved "https://registry.yarnpkg.com/hoek/-/hoek-2.16.3.tgz#20bb7403d3cea398e91dc4710a8ff1b8274a25ed"
 
-hogan.js@^3.0.2:
-  version "3.0.2"
-  resolved "https://registry.yarnpkg.com/hogan.js/-/hogan.js-3.0.2.tgz#4cd9e1abd4294146e7679e41d7898732b02c7bfd"
-  dependencies:
-    mkdirp "0.3.0"
-    nopt "1.0.10"
-
 hoist-non-react-statics@^2.3.1, hoist-non-react-statics@^2.5.0:
   version "2.5.5"
   resolved "https://registry.yarnpkg.com/hoist-non-react-statics/-/hoist-non-react-statics-2.5.5.tgz#c5903cf409c0dfd908f388e619d86b9c1174cb47"
@@ -5213,6 +5201,10 @@ lodash.escape@^4.0.1:
   version "4.0.1"
   resolved "https://registry.yarnpkg.com/lodash.escape/-/lodash.escape-4.0.1.tgz#c9044690c21e04294beaa517712fded1fa88de98"
 
+lodash.findlastindex@^4.6.0:
+  version "4.6.0"
+  resolved "https://registry.yarnpkg.com/lodash.findlastindex/-/lodash.findlastindex-4.6.0.tgz#b8375ac0f02e9b926375cdf8dc3ea814abf9c6ac"
+
 lodash.flattendeep@^4.4.0:
   version "4.4.0"
   resolved "https://registry.yarnpkg.com/lodash.flattendeep/-/lodash.flattendeep-4.4.0.tgz#fb030917f86a3134e5bc9bec0d69e0013ddfedb2"
@@ -5241,6 +5233,10 @@ lodash.keys@^3.0.0:
     lodash.isarguments "^3.0.0"
     lodash.isarray "^3.0.0"
 
+lodash.mapvalues@^4.6.0:
+  version "4.6.0"
+  resolved "https://registry.yarnpkg.com/lodash.mapvalues/-/lodash.mapvalues-4.6.0.tgz#1bafa5005de9dd6f4f26668c30ca37230cc9689c"
+
 lodash.memoize@~3.0.3:
   version "3.0.4"
   resolved "https://registry.yarnpkg.com/lodash.memoize/-/lodash.memoize-3.0.4.tgz#2dcbd2c287cbc0a55cc42328bd0c736150d53e3f"
@@ -5274,7 +5270,7 @@ lodash.templatesettings@^3.0.0:
     lodash._reinterpolate "^3.0.0"
     lodash.escape "^3.0.0"
 
-lodash@^4.13.1, lodash@^4.15.0, lodash@^4.16.6, lodash@^4.17.10, lodash@^4.17.11, lodash@^4.17.4, lodash@^4.17.5:
+lodash@^4.13.1, lodash@^4.15.0, lodash@^4.16.6, lodash@^4.17.10, lodash@^4.17.4, lodash@^4.17.5:
   version "4.17.11"
   resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.11.tgz#b39ea6229ef607ecd89e2c8df12536891cac9b8d"
 
@@ -5534,10 +5530,6 @@ mixin-deep@^1.2.0:
     for-in "^1.0.2"
     is-extendable "^1.0.1"
 
-mkdirp@0.3.0:
-  version "0.3.0"
-  resolved "http://registry.npmjs.org/mkdirp/-/mkdirp-0.3.0.tgz#1bbf5ab1ba827af23575143490426455f481fe1e"
-
 "mkdirp@>=0.5 0", mkdirp@^0.5.0, mkdirp@^0.5.1:
   version "0.5.1"
   resolved "http://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz#30057438eac6cf7f8c4767f38648d6697d75c903"
@@ -5716,12 +5708,6 @@ nomnom@~1.6.2:
     colors "0.5.x"
     underscore "~1.4.4"
 
-nopt@1.0.10, nopt@~1.0.10:
-  version "1.0.10"
-  resolved "https://registry.yarnpkg.com/nopt/-/nopt-1.0.10.tgz#6ddd21bd2a31417b92727dd585f8a6f37608ebee"
-  dependencies:
-    abbrev "1"
-
 nopt@^4.0.1:
   version "4.0.1"
   resolved "https://registry.yarnpkg.com/nopt/-/nopt-4.0.1.tgz#d0d4685afd5415193c8c7505602d0d17cd64474d"
@@ -5729,6 +5715,12 @@ nopt@^4.0.1:
     abbrev "1"
     osenv "^0.1.4"
 
+nopt@~1.0.10:
+  version "1.0.10"
+  resolved "https://registry.yarnpkg.com/nopt/-/nopt-1.0.10.tgz#6ddd21bd2a31417b92727dd585f8a6f37608ebee"
+  dependencies:
+    abbrev "1"
+
 normalize-package-data@^2.3.2:
   version "2.4.0"
   resolved "https://registry.yarnpkg.com/normalize-package-data/-/normalize-package-data-2.4.0.tgz#12f95a307d58352075a04907b84ac8be98ac012f"
@@ -6433,6 +6425,18 @@ rc@^1.2.7:
     minimist "^1.2.0"
     strip-json-comments "~2.0.1"
 
+react-diff-view@^1.8.1:
+  version "1.8.1"
+  resolved "https://registry.yarnpkg.com/react-diff-view/-/react-diff-view-1.8.1.tgz#0b9b4adcb92de6730d28177d68654dfcc2097f73"
+  dependencies:
+    classnames "^2.2.6"
+    gitdiff-parser "^0.1.2"
+    leven "^2.1.0"
+    lodash.escape "^4.0.1"
+    lodash.findlastindex "^4.6.0"
+    lodash.mapvalues "^4.6.0"
+    warning "^4.0.1"
+
 react-dom@^16.4.2:
   version "16.6.0"
   resolved "https://registry.yarnpkg.com/react-dom/-/react-dom-16.6.0.tgz#6375b8391e019a632a89a0988bce85f0cc87a92f"
@@ -8060,10 +8064,6 @@ whatwg-encoding@^1.0.1, whatwg-encoding@^1.0.3:
   dependencies:
     iconv-lite "0.4.24"
 
-whatwg-fetch@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/whatwg-fetch/-/whatwg-fetch-3.0.0.tgz#fc804e458cc460009b1a2b966bc8817d2578aefb"
-
 whatwg-mimetype@^2.1.0:
   version "2.2.0"
   resolved "https://registry.yarnpkg.com/whatwg-mimetype/-/whatwg-mimetype-2.2.0.tgz#a3d58ef10b76009b042d03e25591ece89b88d171"

scm-ui-components/packages/ui-types/package.json

@@ -14,7 +14,7 @@
     "check": "flow check"
   },
   "devDependencies": {
-    "@scm-manager/ui-bundler": "^0.0.24"
+    "@scm-manager/ui-bundler": "^0.0.25"
   },
   "browserify": {
     "transform": [

scm-ui-components/packages/ui-types/yarn.lock

@@ -707,9 +707,9 @@
   version "0.0.2"
   resolved "https://registry.yarnpkg.com/@scm-manager/eslint-config/-/eslint-config-0.0.2.tgz#94cc8c3fb4f51f870b235893dc134fc6c423ae85"
 
-"@scm-manager/ui-bundler@^0.0.24":
-  version "0.0.24"
-  resolved "https://registry.yarnpkg.com/@scm-manager/ui-bundler/-/ui-bundler-0.0.24.tgz#034d5500c79b438c48d8f7ee985be07c4ea46d1e"
+"@scm-manager/ui-bundler@^0.0.25":
+  version "0.0.25"
+  resolved "https://registry.yarnpkg.com/@scm-manager/ui-bundler/-/ui-bundler-0.0.25.tgz#1f65b3ff0ae81559a114c6a8d8cf43856cc6e166"
   dependencies:
     "@babel/core" "^7.0.0"
     "@babel/plugin-proposal-class-properties" "^7.0.0"

scm-ui/package.json

@@ -11,7 +11,6 @@
     "bulma": "^0.7.1",
     "bulma-tooltip": "^2.0.2",
     "classnames": "^2.2.5",
-    "diff2html": "^2.5.0",
     "font-awesome": "^4.7.0",
     "history": "^4.7.2",
     "i18next": "^11.4.0",
@@ -22,6 +21,7 @@
     "node-sass": "^4.9.3",
     "postcss-easy-import": "^3.0.0",
     "react": "^16.4.2",
+    "react-diff-view": "^1.8.1",
     "react-dom": "^16.4.2",
     "react-i18next": "^7.9.0",
     "react-jss": "^8.6.0",
@@ -52,7 +52,7 @@
     "pre-commit": "jest && flow && eslint src"
   },
   "devDependencies": {
-    "@scm-manager/ui-bundler": "^0.0.24",
+    "@scm-manager/ui-bundler": "^0.0.25",
     "concat": "^1.0.3",
     "copyfiles": "^2.0.0",
     "enzyme": "^3.3.0",

scm-ui/public/locales/en/repos.json

@@ -144,5 +144,14 @@
       "submit": "Yes",
       "cancel": "No"
     }
+  },
+  "diff": {
+    "changes": {
+      "add": "added",
+      "delete":  "deleted",
+      "modify": "modified",
+      "rename": "renamed",
+      "copy": "copied"
+    }
   }
 }

scm-ui/src/containers/Index.js

@@ -14,6 +14,7 @@ import {
 } from "../modules/indexResource";
 import PluginLoader from "./PluginLoader";
 import type { IndexResources } from "@scm-manager/ui-types";
+import ScrollToTop from "./ScrollToTop";
 
 type Props = {
   error: Error,
@@ -32,7 +33,6 @@ type State = {
 };
 
 class Index extends Component<Props, State> {
-
   constructor(props: Props) {
     super(props);
     this.state = {
@@ -66,9 +66,14 @@ class Index extends Component<Props, State> {
       return <Loading />;
     } else {
       return (
-        <PluginLoader loaded={ pluginsLoaded } callback={ this.pluginLoaderCallback }>
-          <App />
-        </PluginLoader>
+        <ScrollToTop>
+          <PluginLoader
+            loaded={pluginsLoaded}
+            callback={this.pluginLoaderCallback}
+          >
+            <App />
+          </PluginLoader>
+        </ScrollToTop>
       );
     }
   }

scm-ui/src/containers/PluginLoader.js

@@ -34,7 +34,7 @@ class PluginLoader extends React.Component<Props, State> {
       this.setState({
         message: "loading plugin information"
       });
-  
+
       this.getPlugins(this.props.link);
     }
   }
@@ -55,12 +55,19 @@ class PluginLoader extends React.Component<Props, State> {
     });
 
     const promises = [];
-    for (let plugin of plugins) {
+    const sortedPlugins = plugins.sort(comparePluginsByName);
+    for (let plugin of sortedPlugins) {
       promises.push(this.loadPlugin(plugin));
     }
-    return Promise.all(promises);
+    return promises.reduce((chain, current) => {
+      return chain.then(chainResults => {
+          return current.then(currentResult => [...chainResults, currentResult])
+        }
+      );
+    }, Promise.resolve([]));
   };
 
+
   loadPlugin = (plugin: Plugin) => {
     this.setState({
       message: `loading ${plugin.name}`
@@ -94,7 +101,15 @@ class PluginLoader extends React.Component<Props, State> {
     return <Loading message={message} />;
   }
 }
-
+const comparePluginsByName = (a: Plugin, b: Plugin) => {
+  if (a.name < b.name) {
+    return -1;
+  }
+  if (a.name > b.name) {
+    return 1;
+  }
+  return 0;
+};
 const mapStateToProps = state => {
   const link = getUiPluginsLink(state);
   return {

scm-ui/src/containers/Profile.js

@@ -96,7 +96,7 @@ class Profile extends React.Component<Props, State> {
                     label={t("profile.changePasswordNavLink")}
                   />
                   <ExtensionPoint
-                    name="profile.subnavigation"
+                    name="profile.setting"
                     props={extensionProps}
                     renderAll={true}
                   />

scm-ui/src/containers/ProfileInfo.js

@@ -1,19 +1,30 @@
 // @flow
 import React from "react";
 import type { Me } from "@scm-manager/ui-types";
-import { MailLink, AvatarWrapper, AvatarImage } from "@scm-manager/ui-components";
+import {
+  MailLink,
+  AvatarWrapper,
+  AvatarImage
+} from "@scm-manager/ui-components";
 import { compose } from "redux";
 import { translate } from "react-i18next";
+import injectSheet from "react-jss";
 
 type Props = {
   me: Me,
 
   // Context props
+  classes: any,
   t: string => string
 };
-type State = {};
 
-class ProfileInfo extends React.Component<Props, State> {
+const styles = {
+  spacing: {
+    padding: "0 !important"
+  }
+};
+
+class ProfileInfo extends React.Component<Props> {
   render() {
     const { me, t } = this.props;
     return (
@@ -21,33 +32,64 @@ class ProfileInfo extends React.Component<Props, State> {
         <AvatarWrapper>
           <figure className="media-left">
             <p className="image is-64x64">
-              <AvatarImage person={ me }/>
+              <AvatarImage person={me} />
             </p>
           </figure>
         </AvatarWrapper>
         <div className="media-content">
-          <table className="table">
+          <table className="table content">
             <tbody>
-            <tr>
-              <td className="has-text-weight-semibold">{t("profile.username")}</td>
-              <td>{me.name}</td>
-            </tr>
-            <tr>
-              <td className="has-text-weight-semibold">{t("profile.displayName")}</td>
-              <td>{me.displayName}</td>
-            </tr>
-            <tr>
-              <td className="has-text-weight-semibold">{t("profile.mail")}</td>
-              <td>
-                <MailLink address={me.mail} />
-              </td>
-            </tr>
+              <tr>
+                <th>
+                  {t("profile.username")}
+                </th>
+                <td>{me.name}</td>
+              </tr>
+              <tr>
+                <th>
+                  {t("profile.displayName")}
+                </th>
+                <td>{me.displayName}</td>
+              </tr>
+              <tr>
+                <th>
+                  {t("profile.mail")}
+                </th>
+                <td>
+                  <MailLink address={me.mail} />
+                </td>
+              </tr>
+              {this.renderGroups()}
             </tbody>
           </table>
         </div>
       </div>
     );
   }
+
+  renderGroups() {
+    const { me, t, classes } = this.props;
+
+    let groups = null;
+    if (me.groups.length > 0) {
+      groups = (
+        <tr>
+          <th>{t("profile.groups")}</th>
+          <td className={classes.spacing}>
+            <ul>
+              {me.groups.map(group => {
+                return <li>{group}</li>;
+              })}
+            </ul>
+          </td>
+        </tr>
+      );
+    }
+    return groups;
+  }
 }
 
-export default compose(translate("commons"))(ProfileInfo);
+export default compose(
+  injectSheet(styles),
+  translate("commons")
+)(ProfileInfo);

scm-ui/src/containers/ScrollToTop.js

@@ -0,0 +1,23 @@
+// @flow
+import React from "react";
+import { withRouter } from "react-router-dom";
+
+
+type Props = {
+  location: any,
+  children: any
+}
+
+class ScrollToTop extends React.Component<Props> {
+  componentDidUpdate(prevProps) {
+    if (this.props.location.pathname !== prevProps.location.pathname) {
+      window.scrollTo(0, 0);
+    }
+  }
+
+  render() {
+    return this.props.children;
+  }
+}
+
+export default withRouter(ScrollToTop);

scm-ui/src/groups/components/table/Details.js

@@ -1,69 +1,81 @@
-//@flow
-import React from "react";
-import type { Group } from "@scm-manager/ui-types";
-import { translate } from "react-i18next";
-import GroupMember from "./GroupMember";
-import { DateFromNow } from "@scm-manager/ui-components";
-
-type Props = {
-  group: Group,
-  t: string => string
-};
-
-class Details extends React.Component<Props> {
-  render() {
-    const { group, t } = this.props;
-    return (
-      <table className="table content">
-        <tbody>
-          <tr>
-            <td className="has-text-weight-semibold">{t("group.name")}</td>
-            <td>{group.name}</td>
-          </tr>
-          <tr>
-            <td className="has-text-weight-semibold">{t("group.description")}</td>
-            <td>{group.description}</td>
-          </tr>
-          <tr>
-            <td className="has-text-weight-semibold">{t("group.type")}</td>
-            <td>{group.type}</td>
-          </tr>
-          <tr>
-            <td className="has-text-weight-semibold">{t("group.creationDate")}</td>
-            <td>
-              <DateFromNow date={group.creationDate} />
-            </td>
-          </tr>
-          <tr>
-            <td className="has-text-weight-semibold">{t("group.lastModified")}</td>
-            <td>
-              <DateFromNow date={group.lastModified} />
-            </td>
-          </tr>
-          {this.renderMembers()}
-        </tbody>
-      </table>
-    );
-  }
-
-  renderMembers() {
-    if (this.props.group.members.length > 0) {
-      return (
-        <tr>
-          <td>
-            {this.props.t("group.members")}
-            <ul>
-               {this.props.group._embedded.members.map((member, index) => {
-                return <GroupMember key={index} member={member} />;
-              })}
-            </ul>
-          </td>
-        </tr>
-      );
-    } else {
-      return;
-    }
-  }
-}
-
-export default translate("groups")(Details);
+//@flow
+import React from "react";
+import type { Group } from "@scm-manager/ui-types";
+import GroupMember from "./GroupMember";
+import { DateFromNow } from "@scm-manager/ui-components";
+import { translate } from "react-i18next";
+import injectSheet from "react-jss";
+
+type Props = {
+  group: Group,
+
+  // Context props
+  classes: any,
+  t: string => string
+};
+
+const styles = {
+  spacing: {
+    padding: "0 !important"
+  }
+};
+
+class Details extends React.Component<Props> {
+  render() {
+    const { group, t } = this.props;
+    return (
+      <table className="table content">
+        <tbody>
+        <tr>
+          <th>{t("group.name")}</th>
+          <td>{group.name}</td>
+        </tr>
+        <tr>
+          <th>{t("group.description")}</th>
+          <td>{group.description}</td>
+        </tr>
+        <tr>
+          <th>{t("group.type")}</th>
+          <td>{group.type}</td>
+        </tr>
+        <tr>
+          <th>{t("group.creationDate")}</th>
+          <td>
+            <DateFromNow date={group.creationDate} />
+          </td>
+        </tr>
+        <tr>
+          <th>{t("group.lastModified")}</th>
+          <td>
+            <DateFromNow date={group.lastModified} />
+          </td>
+        </tr>
+        {this.renderMembers()}
+        </tbody>
+      </table>
+    );
+  }
+
+  renderMembers() {
+    const { group, t, classes } = this.props;
+
+    let member = null;
+    if (group.members.length > 0) {
+      member = (
+        <tr>
+          <th>{t("group.members")}</th>
+          <td className={classes.spacing}>
+            <ul>
+              {group._embedded.members.map((member, index) => {
+                return <GroupMember key={index} member={member}/>;
+              })}
+            </ul>
+          </td>
+        </tr>
+      );
+    }
+    return member;
+  }
+}
+
+export default injectSheet(styles)(translate("groups")(Details));

scm-ui/src/groups/containers/Groups.js

@@ -5,7 +5,12 @@ import { translate } from "react-i18next";
 import type { Group } from "@scm-manager/ui-types";
 import type { PagedCollection } from "@scm-manager/ui-types";
 import type { History } from "history";
-import { Page, Paginator } from "@scm-manager/ui-components";
+import {
+  Page,
+  PageActions,
+  Button,
+  Paginator
+} from "@scm-manager/ui-components";
 import { GroupTable } from "./../components/table";
 import CreateGroupButton from "../components/buttons/CreateGroupButton";
 
@@ -73,6 +78,7 @@ class Groups extends React.Component<Props> {
         <GroupTable groups={groups} />
         {this.renderPaginator()}
         {this.renderCreateButton()}
+        {this.renderPageActionCreateButton()}
       </Page>
     );
   }
@@ -87,7 +93,25 @@ class Groups extends React.Component<Props> {
 
   renderCreateButton() {
     if (this.props.canAddGroups) {
-      return <CreateGroupButton />;
+      return (
+        <CreateGroupButton />
+      );
+    } else {
+      return;
+    }
+  }
+
+  renderPageActionCreateButton() {
+    if (this.props.canAddGroups) {
+      return (
+        <PageActions>
+          <Button
+            label={this.props.t("create-group-button.label")}
+            link="/groups/add"
+            color="primary"
+          />
+        </PageActions>
+      );
     } else {
       return;
     }

scm-ui/src/groups/containers/SingleGroup.js

@@ -142,7 +142,7 @@ class SingleGroup extends React.Component<Props> {
                     permissionsUrl={`${url}/settings/permissions`}
                   />
                   <ExtensionPoint
-                    name="group.subnavigation"
+                    name="group.setting"
                     props={extensionProps}
                     renderAll={true}
                   />

scm-ui/src/repos/containers/Overview.js

@@ -14,7 +14,13 @@ import {
   isFetchReposPending
 } from "../modules/repos";
 import { translate } from "react-i18next";
-import { CreateButton, Page, Paginator } from "@scm-manager/ui-components";
+import {
+  Page,
+  PageActions,
+  Button,
+  CreateButton,
+  Paginator
+} from "@scm-manager/ui-components";
 import RepositoryList from "../components/list";
 import { withRouter } from "react-router-dom";
 import type { History } from "history";
@@ -67,6 +73,7 @@ class Overview extends React.Component<Props> {
         error={error}
       >
         {this.renderList()}
+        {this.renderPageActionCreateButton()}
       </Page>
     );
   }
@@ -89,10 +96,23 @@ class Overview extends React.Component<Props> {
     const { showCreateButton, t } = this.props;
     if (showCreateButton) {
       return (
-        <CreateButton
-          label={t("overview.createButton")}
-          link="/repos/create"
-        />
+        <CreateButton label={t("overview.createButton")} link="/repos/create" />
+      );
+    }
+    return null;
+  }
+
+  renderPageActionCreateButton() {
+    const { showCreateButton, t } = this.props;
+    if (showCreateButton) {
+      return (
+        <PageActions>
+          <Button
+            label={t("overview.createButton")}
+            link="/repos/create"
+            color="primary"
+          />
+        </PageActions>
       );
     }
     return null;

scm-ui/src/repos/containers/RepositoryRoot.js

@@ -214,7 +214,7 @@ class RepositoryRoot extends React.Component<Props> {
                     repository={repository}
                   />
                   <ExtensionPoint
-                    name="repository.subnavigation"
+                    name="repository.setting"
                     props={extensionProps}
                     renderAll={true}
                   />

scm-ui/src/repos/permissions/components/buttons/DeletePermissionButton.js

@@ -2,7 +2,7 @@
 import React from "react";
 import { translate } from "react-i18next";
 import type { Permission } from "@scm-manager/ui-types";
-import { confirmAlert, DeleteButton } from "@scm-manager/ui-components";
+import { confirmAlert } from "@scm-manager/ui-components";
 
 type Props = {
   permission: Permission,
@@ -54,18 +54,18 @@ class DeletePermissionButton extends React.Component<Props> {
   };
 
   render() {
-    const { confirmDialog, loading, t } = this.props;
+    const { confirmDialog } = this.props;
     const action = confirmDialog ? this.confirmDelete : this.deletePermission;
 
     if (!this.isDeletable()) {
       return null;
     }
     return (
-      <DeleteButton
-        label={t("permission.delete-permission-button.label")}
-        action={action}
-        loading={loading}
-      />
+      <a className="level-item" onClick={action}>
+        <span className="icon is-small">
+          <i className="fas fa-trash" />
+        </span>
+      </a>
     );
   }
 }

scm-ui/src/repos/permissions/components/buttons/DeletePermissionButton.test.js

@@ -29,7 +29,7 @@ describe("DeletePermissionButton", () => {
     expect(navLink.text()).toBe("");
   });
 
-  it("should render the navLink", () => {
+  it("should render the delete icon", () => {
     const permission = {
       _links: {
         delete: {
@@ -38,14 +38,14 @@ describe("DeletePermissionButton", () => {
       }
     };
 
-    const navLink = mount(
+    const deleteIcon = mount(
       <DeletePermissionButton
         permission={permission}
         deletePermission={() => {}}
       />,
       options.get()
     );
-    expect(navLink.text()).not.toBe("");
+    expect(deleteIcon.html()).not.toBe("");
   });
 
   it("should open the confirm dialog on button click", () => {
@@ -64,7 +64,7 @@ describe("DeletePermissionButton", () => {
       />,
       options.get()
     );
-    button.find("button").simulate("click");
+    button.find(".fa-trash").simulate("click");
 
     expect(confirmAlert.mock.calls.length).toBe(1);
   });
@@ -91,7 +91,7 @@ describe("DeletePermissionButton", () => {
       />,
       options.get()
     );
-    button.find("button").simulate("click");
+    button.find(".fa-trash").simulate("click");
 
     expect(calledUrl).toBe("/permission");
   });

scm-ui/src/repos/permissions/containers/AdvancedPermissionsDialog.js

@@ -50,18 +50,20 @@ class AdvancedPermissionsDialog extends React.Component<Props, State> {
       <SubmitButton label={t("permission.advanced.dialog.submit")} />
     ) : null;
 
+    const body = <>{verbSelectBoxes}</>;
 
-    const body = (
-      <>
-        <div className="content">{verbSelectBoxes}</div>
-        <form onSubmit={this.onSubmit}>
-          {submitButton}
-          <Button
-            label={t("permission.advanced.dialog.abort")}
-            action={onClose}
-          />
-        </form>
-      </>
+    const footer = (
+      <form onSubmit={this.onSubmit}>
+        <div className="field is-grouped">
+          <p className="control">{submitButton}</p>
+          <p className="control">
+            <Button
+              label={t("permission.advanced.dialog.abort")}
+              action={onClose}
+            />
+          </p>
+        </div>
+      </form>
     );
 
     return (
@@ -69,6 +71,7 @@ class AdvancedPermissionsDialog extends React.Component<Props, State> {
         title={t("permission.advanced.dialog.title")}
         closeFunction={() => onClose()}
         body={body}
+        footer={footer}
         active={true}
       />
     );

scm-ui/src/repos/permissions/containers/CreatePermissionForm.js

@@ -5,7 +5,8 @@ import {
   Autocomplete,
   SubmitButton,
   Button,
-  LabelWithHelpIcon
+  LabelWithHelpIcon,
+  Radio
 } from "@scm-manager/ui-components";
 import RoleSelector from "../components/RoleSelector";
 import type {
@@ -54,14 +55,11 @@ class CreatePermissionForm extends React.Component<Props, State> {
   permissionScopeChanged = event => {
     const groupPermission = event.target.value === "GROUP_PERMISSION";
     this.setState({
+      value: undefined,
+      name: "",
       groupPermission: groupPermission,
-      valid: validator.isPermissionValid(
-        this.state.name,
-        groupPermission,
-        this.props.currentPermissions
-      )
+      valid: false
     });
-    this.setState({ ...this.state, groupPermission });
   };
 
   loadUserAutocompletion = (inputValue: string) => {
@@ -98,7 +96,7 @@ class CreatePermissionForm extends React.Component<Props, State> {
         <Autocomplete
           loadSuggestions={this.loadGroupAutocompletion}
           valueSelected={this.groupOrUserSelected}
-          value={this.state.value}
+          value={this.state.value ? this.state.value : ""}
           label={t("permission.group")}
           noOptionsMessage={t("permission.autocomplete.no-group-options")}
           loadingMessage={t("permission.autocomplete.loading")}
@@ -110,7 +108,7 @@ class CreatePermissionForm extends React.Component<Props, State> {
       <Autocomplete
         loadSuggestions={this.loadUserAutocompletion}
         valueSelected={this.groupOrUserSelected}
-        value={this.state.value}
+        value={this.state.value ? this.state.value : ""}
         label={t("permission.user")}
         noOptionsMessage={t("permission.autocomplete.no-user-options")}
         loadingMessage={t("permission.autocomplete.loading")}
@@ -158,36 +156,31 @@ class CreatePermissionForm extends React.Component<Props, State> {
         </h2>
         {advancedDialog}
         <form onSubmit={this.submit}>
-          <div className="control">
-            <label className="radio">
-              <input
-                type="radio"
+          <div className="field is-grouped">
+            <div className="control">
+              <Radio
                 name="permission_scope"
-                checked={!this.state.groupPermission}
                 value="USER_PERMISSION"
+                checked={!this.state.groupPermission}
+                label={t("permission.user-permission")}
                 onChange={this.permissionScopeChanged}
               />
-              {t("permission.user-permission")}
-            </label>
-            <label className="radio">
-              <input
-                type="radio"
+              <Radio
                 name="permission_scope"
                 value="GROUP_PERMISSION"
                 checked={this.state.groupPermission}
+                label={t("permission.group-permission")}
                 onChange={this.permissionScopeChanged}
               />
-              {t("permission.group-permission")}
-            </label>
+            </div>
           </div>
-
           <div className="columns">
-            <div className="column is-two-thirds">
+            <div className="column is-three-fifths">
               {this.renderAutocompletionField()}
             </div>
-            <div className="column is-one-third">
+            <div className="column is-two-fifths">
               <div className="columns">
-                <div className="column is-half">
+                <div className="column is-narrow">
                   <RoleSelector
                     availableRoles={availableRoleNames}
                     label={t("permission.role")}
@@ -196,7 +189,7 @@ class CreatePermissionForm extends React.Component<Props, State> {
                     role={matchingRole}
                   />
                 </div>
-                <div className="column is-half">
+                <div className="column">
                   <LabelWithHelpIcon
                     label={t("permission.permissions")}
                     helpText={t("permission.help.permissionsHelpText")}
@@ -252,13 +245,16 @@ class CreatePermissionForm extends React.Component<Props, State> {
     this.setState({
       name: "",
       verbs: this.props.availablePermissions.availableRoles[0].verbs,
-      groupPermission: false,
-      valid: true
+      valid: true,
+      value: undefined
     });
   };
 
   handleRoleChange = (role: string) => {
     const selectedRole = this.findAvailableRole(role);
+    if (!selectedRole) {
+      return;
+    }
     this.setState({
       verbs: selectedRole.verbs
     });

scm-ui/src/repos/permissions/containers/Permissions.js

@@ -74,6 +74,7 @@ type Props = {
   history: History
 };
 
+
 class Permissions extends React.Component<Props> {
   componentDidMount() {
     const {
@@ -154,12 +155,6 @@ class Permissions extends React.Component<Props> {
                   helpText={t("permission.help.nameHelpText")}
                 />
               </th>
-              <th className="is-hidden-mobile">
-                <LabelWithHelpIcon
-                  label={t("permission.group-permission")}
-                  helpText={t("permission.help.groupPermissionHelpText")}
-                />
-              </th>
               <th>
                 <LabelWithHelpIcon
                   label={t("permission.role")}

scm-ui/src/repos/permissions/containers/SinglePermission.js

@@ -14,15 +14,21 @@ import {
 } from "../modules/permissions";
 import { connect } from "react-redux";
 import type { History } from "history";
-import { Button, Checkbox } from "@scm-manager/ui-components";
+import { Button } from "@scm-manager/ui-components";
 import DeletePermissionButton from "../components/buttons/DeletePermissionButton";
 import RoleSelector from "../components/RoleSelector";
 import AdvancedPermissionsDialog from "./AdvancedPermissionsDialog";
+import classNames from "classnames";
+import injectSheet from "react-jss";
 
 type Props = {
   availablePermissions: AvailableRepositoryPermissions,
   submitForm: Permission => void,
-  modifyPermission: (permission: Permission, namespace: string, name: string) => void,
+  modifyPermission: (
+    permission: Permission,
+    namespace: string,
+    name: string
+  ) => void,
   permission: Permission,
   t: string => string,
   namespace: string,
@@ -30,8 +36,13 @@ type Props = {
   match: any,
   history: History,
   loading: boolean,
-  deletePermission: (permission: Permission, namespace: string, name: string) => void,
-  deleteLoading: boolean
+  deletePermission: (
+    permission: Permission,
+    namespace: string,
+    name: string
+  ) => void,
+  deleteLoading: boolean,
+  classes: any
 };
 
 type State = {
@@ -40,6 +51,19 @@ type State = {
   showAdvancedDialog: boolean
 };
 
+const styles = {
+  iconColor: {
+    color: "#9a9a9a"
+  },
+  centerMiddle: {
+    display: "table-cell",
+    verticalAlign: "middle !important"
+  },
+  columnWidth: {
+    width: "100%"
+  }
+};
+
 class SinglePermission extends React.Component<Props, State> {
   constructor(props: Props) {
     super(props);
@@ -96,7 +120,8 @@ class SinglePermission extends React.Component<Props, State> {
       availablePermissions,
       loading,
       namespace,
-      repoName
+      repoName,
+      classes
     } = this.props;
     const availableRoleNames = availablePermissions.availableRoles.map(
       r => r.name
@@ -125,23 +150,26 @@ class SinglePermission extends React.Component<Props, State> {
       />
     ) : null;
 
+    const iconType =
+      permission && permission.groupPermission ? (
+        <i title={t("permission.group")} className={classNames("fas fa-user-friends", classes.iconColor)} />
+      ) : (
+        <i title={t("permission.user")} className={classNames("fas fa-user", classes.iconColor)} />
+      );
+
     return (
-      <tr>
-        <td>{permission.name}</td>
-        <td>
-          <Checkbox
-            checked={permission ? permission.groupPermission : false}
-            disabled={true}
-          />
+      <tr className={classes.columnWidth}>
+        <td className={classes.centerMiddle}>
+          {iconType} {permission.name}
         </td>
         {roleSelector}
-        <td>
+        <td className={classes.centerMiddle}>
           <Button
             label={t("permission.advanced-button.label")}
             action={this.handleDetailedPermissionsPressed}
           />
         </td>
-        <td>
+        <td className={classes.centerMiddle}>
           <DeletePermissionButton
             permission={permission}
             namespace={namespace}
@@ -253,4 +281,4 @@ const mapDispatchToProps = dispatch => {
 export default connect(
   mapStateToProps,
   mapDispatchToProps
-)(translate("repos")(SinglePermission));
+)(translate("repos")(injectSheet(styles)(SinglePermission)));

scm-ui/src/repos/sources/containers/Content.js

@@ -11,6 +11,7 @@ import SourcesView from "./SourcesView";
 import HistoryView from "./HistoryView";
 import { getSources } from "../modules/sources";
 import { connect } from "react-redux";
+import { ExtensionPoint } from "@scm-manager/ui-extensions";
 
 type Props = {
   loading: boolean,
@@ -103,7 +104,7 @@ class Content extends React.Component<Props, State> {
 
   showMoreInformation() {
     const collapsed = this.state.collapsed;
-    const { classes, file, revision, t } = this.props;
+    const { classes, file, revision, t, repository } = this.props;
     const date = <DateFromNow date={file.lastModified} />;
     const description = file.description ? (
       <p>
@@ -120,12 +121,7 @@ class Content extends React.Component<Props, State> {
     const fileSize = file.directory ? "" : <FileSize bytes={file.length} />;
     if (!collapsed) {
       return (
-        <div
-          className={classNames(
-            "panel-block",
-            classes.hasBackground
-          )}
-        >
+        <div className={classNames("panel-block", classes.hasBackground)}>
           <table className={classNames("table", classes.hasBackground)}>
             <tbody>
               <tr>
@@ -148,6 +144,11 @@ class Content extends React.Component<Props, State> {
                 <td>{t("sources.content.description")}</td>
                 <td className="is-word-break">{description}</td>
               </tr>
+              <ExtensionPoint
+                name="repos.content.metadata"
+                renderAll={true}
+                props={{ file, repository, revision }}
+              />
             </tbody>
           </table>
         </div>

scm-ui/src/users/containers/SingleUser.js

@@ -136,7 +136,7 @@ class SingleUser extends React.Component<Props> {
                     permissionsUrl={`${url}/settings/permissions`}
                   />
                   <ExtensionPoint
-                    name="user.subnavigation"
+                    name="user.setting"
                     props={extensionProps}
                     renderAll={true}
                   />

scm-ui/src/users/containers/Users.js

@@ -14,7 +14,13 @@ import {
   getFetchUsersFailure
 } from "../modules/users";
 
-import { Page, CreateButton, Paginator } from "@scm-manager/ui-components";
+import {
+  Page,
+  PageActions,
+  Button,
+  CreateButton,
+  Paginator
+} from "@scm-manager/ui-components";
 import { UserTable } from "./../components/table";
 import type { User, PagedCollection } from "@scm-manager/ui-types";
 import { getUsersLink } from "../../modules/indexResource";
@@ -72,6 +78,7 @@ class Users extends React.Component<Props> {
         <UserTable users={users} />
         {this.renderPaginator()}
         {this.renderCreateButton()}
+        {this.renderPageActionCreateButton()}
       </Page>
     );
   }
@@ -92,6 +99,23 @@ class Users extends React.Component<Props> {
       return;
     }
   }
+
+  renderPageActionCreateButton() {
+    const { t } = this.props;
+    if (this.props.canAddUsers) {
+      return (
+        <PageActions>
+          <Button
+            label={t("users.createButton")}
+            link="/users/add"
+            color="primary"
+          />
+        </PageActions>
+      );
+    } else {
+      return;
+    }
+  }
 }
 
 const getPageFromProps = props => {

scm-ui/styles/scm.scss

@@ -40,6 +40,25 @@ $info: $blue;
 .main {
   min-height: calc(100vh - 260px);
 }
+
+// shown in top section when pageactions set
+hr.header-with-actions {
+  margin-top: -10px;
+
+  @media screen and (max-width: 768px) {
+    display: none;
+  }
+}
+.is-mobile-create-button-spacing {
+  @media screen and (max-width: 768px) {
+    border: 2px solid #e9f7fd;
+    padding: 1em 1em;
+    margin-top: 0 !important;
+    width: 100%;
+    text-align: center !important;
+  }
+}
+
 .footer {
   height: 50px;
 }
@@ -63,7 +82,7 @@ $info: $blue;
 $fa-font-path: "webfonts";
 @import "@fortawesome/fontawesome-free/scss/solid.scss";
 
-@import "diff2html/dist/diff2html";
+@import "react-diff-view/index";
 
 // NEW STYLES
 
@@ -221,7 +240,7 @@ $fa-font-path: "webfonts";
 }
 
 // forms
-.field:not(.is-grouped) {
+form .field:not(.is-grouped) {
   margin-bottom: 1rem;
 }
 .input,
@@ -231,6 +250,15 @@ $fa-font-path: "webfonts";
   box-shadow: none;
 }
 
+// label with help-icon compensation
+.label-icon-spacing {
+  margin-top: 30px;
+
+  @media screen and (max-width: 768px) {
+    margin-top: 0;
+  }
+}
+
 // pagination
 .pagination-next,
 .pagination-link,

scm-ui/yarn.lock

@@ -698,9 +698,9 @@
   version "0.0.2"
   resolved "https://registry.yarnpkg.com/@scm-manager/eslint-config/-/eslint-config-0.0.2.tgz#94cc8c3fb4f51f870b235893dc134fc6c423ae85"
 
-"@scm-manager/ui-bundler@^0.0.24":
-  version "0.0.24"
-  resolved "https://registry.yarnpkg.com/@scm-manager/ui-bundler/-/ui-bundler-0.0.24.tgz#034d5500c79b438c48d8f7ee985be07c4ea46d1e"
+"@scm-manager/ui-bundler@^0.0.25":
+  version "0.0.25"
+  resolved "https://registry.yarnpkg.com/@scm-manager/ui-bundler/-/ui-bundler-0.0.25.tgz#1f65b3ff0ae81559a114c6a8d8cf43856cc6e166"
   dependencies:
     "@babel/core" "^7.0.0"
     "@babel/plugin-proposal-class-properties" "^7.0.0"
@@ -741,7 +741,6 @@
 "@scm-manager/ui-extensions@^0.1.2":
   version "0.1.2"
   resolved "https://registry.yarnpkg.com/@scm-manager/ui-extensions/-/ui-extensions-0.1.2.tgz#0689427ca45c8e4e045b5b9dbc89036f1d2c45fc"
-  integrity sha512-oIkXcc/VWssnK/yjWKC/Wnq5DZ01rArsz76n4X/0DT0hkGNIKmwk/Fdp7OoXiUEb7+aaPjUX1VvDqlTwCNKPmA==
   dependencies:
     react "^16.4.2"
     react-dom "^16.4.2"
@@ -1926,7 +1925,7 @@ class-utils@^0.3.5:
     isobject "^3.0.0"
     static-extend "^0.1.1"
 
-classnames@^2.2.5:
+classnames@^2.2.5, classnames@^2.2.6:
   version "2.2.6"
   resolved "https://registry.yarnpkg.com/classnames/-/classnames-2.2.6.tgz#43935bffdd291f326dad0a205309b38d00f650ce"
 
@@ -2550,16 +2549,7 @@ dev-ip@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/dev-ip/-/dev-ip-1.0.1.tgz#a76a3ed1855be7a012bb8ac16cb80f3c00dc28f0"
 
-diff2html@^2.5.0:
-  version "2.5.0"
-  resolved "https://registry.yarnpkg.com/diff2html/-/diff2html-2.5.0.tgz#2d16f1a8f115354733b16b0264a594fa7db98aa2"
-  dependencies:
-    diff "^3.5.0"
-    hogan.js "^3.0.2"
-    lodash "^4.17.11"
-    whatwg-fetch "^3.0.0"
-
-diff@^3.2.0, diff@^3.5.0:
+diff@^3.2.0:
   version "3.5.0"
   resolved "https://registry.yarnpkg.com/diff/-/diff-3.5.0.tgz#800c0dd1e0a8bfbc95835c202ad220fe317e5a12"
 
@@ -3605,6 +3595,10 @@ getpass@^0.1.1:
   dependencies:
     assert-plus "^1.0.0"
 
+gitdiff-parser@^0.1.2:
+  version "0.1.2"
+  resolved "https://registry.yarnpkg.com/gitdiff-parser/-/gitdiff-parser-0.1.2.tgz#26a256e05e9c2d5016b512a96c1dacb40862b92a"
+
 glob-base@^0.3.0:
   version "0.3.0"
   resolved "https://registry.yarnpkg.com/glob-base/-/glob-base-0.3.0.tgz#dbb164f6221b1c0b1ccf82aea328b497df0ea3c4"
@@ -4064,13 +4058,6 @@ hoek@2.x.x:
   version "2.16.3"
   resolved "https://registry.yarnpkg.com/hoek/-/hoek-2.16.3.tgz#20bb7403d3cea398e91dc4710a8ff1b8274a25ed"
 
-hogan.js@^3.0.2:
-  version "3.0.2"
-  resolved "https://registry.yarnpkg.com/hogan.js/-/hogan.js-3.0.2.tgz#4cd9e1abd4294146e7679e41d7898732b02c7bfd"
-  dependencies:
-    mkdirp "0.3.0"
-    nopt "1.0.10"
-
 hoist-non-react-statics@^2.3.1, hoist-non-react-statics@^2.5.0:
   version "2.5.5"
   resolved "https://registry.yarnpkg.com/hoist-non-react-statics/-/hoist-non-react-statics-2.5.5.tgz#c5903cf409c0dfd908f388e619d86b9c1174cb47"
@@ -5478,6 +5465,10 @@ lodash.escape@^4.0.1:
   version "4.0.1"
   resolved "https://registry.yarnpkg.com/lodash.escape/-/lodash.escape-4.0.1.tgz#c9044690c21e04294beaa517712fded1fa88de98"
 
+lodash.findlastindex@^4.6.0:
+  version "4.6.0"
+  resolved "https://registry.yarnpkg.com/lodash.findlastindex/-/lodash.findlastindex-4.6.0.tgz#b8375ac0f02e9b926375cdf8dc3ea814abf9c6ac"
+
 lodash.flattendeep@^4.4.0:
   version "4.4.0"
   resolved "https://registry.yarnpkg.com/lodash.flattendeep/-/lodash.flattendeep-4.4.0.tgz#fb030917f86a3134e5bc9bec0d69e0013ddfedb2"
@@ -5510,6 +5501,10 @@ lodash.keys@^3.0.0:
     lodash.isarguments "^3.0.0"
     lodash.isarray "^3.0.0"
 
+lodash.mapvalues@^4.6.0:
+  version "4.6.0"
+  resolved "https://registry.yarnpkg.com/lodash.mapvalues/-/lodash.mapvalues-4.6.0.tgz#1bafa5005de9dd6f4f26668c30ca37230cc9689c"
+
 lodash.memoize@~3.0.3:
   version "3.0.4"
   resolved "https://registry.yarnpkg.com/lodash.memoize/-/lodash.memoize-3.0.4.tgz#2dcbd2c287cbc0a55cc42328bd0c736150d53e3f"
@@ -5547,7 +5542,7 @@ lodash.templatesettings@^3.0.0:
     lodash._reinterpolate "^3.0.0"
     lodash.escape "^3.0.0"
 
-lodash@^4.0.0, lodash@^4.13.1, lodash@^4.15.0, lodash@^4.17.10, lodash@^4.17.11, lodash@^4.17.4, lodash@^4.17.5, lodash@~4.17.10:
+lodash@^4.0.0, lodash@^4.13.1, lodash@^4.15.0, lodash@^4.17.10, lodash@^4.17.4, lodash@^4.17.5, lodash@~4.17.10:
   version "4.17.11"
   resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.11.tgz#b39ea6229ef607ecd89e2c8df12536891cac9b8d"
 
@@ -5848,10 +5843,6 @@ mixin-deep@^1.2.0:
     for-in "^1.0.2"
     is-extendable "^1.0.1"
 
-mkdirp@0.3.0:
-  version "0.3.0"
-  resolved "http://registry.npmjs.org/mkdirp/-/mkdirp-0.3.0.tgz#1bbf5ab1ba827af23575143490426455f481fe1e"
-
 "mkdirp@>=0.5 0", mkdirp@^0.5.0, mkdirp@^0.5.1:
   version "0.5.1"
   resolved "http://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz#30057438eac6cf7f8c4767f38648d6697d75c903"
@@ -6091,12 +6082,6 @@ noms@0.0.0:
     inherits "^2.0.1"
     readable-stream "~1.0.31"
 
-nopt@1.0.10, nopt@~1.0.10:
-  version "1.0.10"
-  resolved "https://registry.yarnpkg.com/nopt/-/nopt-1.0.10.tgz#6ddd21bd2a31417b92727dd585f8a6f37608ebee"
-  dependencies:
-    abbrev "1"
-
 "nopt@2 || 3":
   version "3.0.6"
   resolved "https://registry.yarnpkg.com/nopt/-/nopt-3.0.6.tgz#c6465dbf08abcd4db359317f79ac68a646b28ff9"
@@ -6110,6 +6095,12 @@ nopt@^4.0.1:
     abbrev "1"
     osenv "^0.1.4"
 
+nopt@~1.0.10:
+  version "1.0.10"
+  resolved "https://registry.yarnpkg.com/nopt/-/nopt-1.0.10.tgz#6ddd21bd2a31417b92727dd585f8a6f37608ebee"
+  dependencies:
+    abbrev "1"
+
 normalize-package-data@^2.3.2, normalize-package-data@^2.3.4:
   version "2.4.0"
   resolved "https://registry.yarnpkg.com/normalize-package-data/-/normalize-package-data-2.4.0.tgz#12f95a307d58352075a04907b84ac8be98ac012f"
@@ -6908,6 +6899,18 @@ rc@^1.2.7:
     minimist "^1.2.0"
     strip-json-comments "~2.0.1"
 
+react-diff-view@^1.8.1:
+  version "1.8.1"
+  resolved "https://registry.yarnpkg.com/react-diff-view/-/react-diff-view-1.8.1.tgz#0b9b4adcb92de6730d28177d68654dfcc2097f73"
+  dependencies:
+    classnames "^2.2.6"
+    gitdiff-parser "^0.1.2"
+    leven "^2.1.0"
+    lodash.escape "^4.0.1"
+    lodash.findlastindex "^4.6.0"
+    lodash.mapvalues "^4.6.0"
+    warning "^4.0.1"
+
 react-dom@^16.4.2:
   version "16.5.2"
   resolved "https://registry.yarnpkg.com/react-dom/-/react-dom-16.5.2.tgz#b69ee47aa20bab5327b2b9d7c1fe2a30f2cfa9d7"

scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryResource.java

@@ -154,6 +154,7 @@ public class RepositoryResource {
 
   private Repository processUpdate(RepositoryDto repositoryDto, Repository existing) {
     Repository changedRepository = dtoToRepositoryMapper.map(repositoryDto, existing.getId());
+    changedRepository.setPermissions(existing.getPermissions());
     return changedRepository;
   }
 

scm-webapp/src/main/java/sonia/scm/security/JwtAccessTokenBuilder.java

@@ -50,6 +50,7 @@ import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.subject.Subject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import sonia.scm.group.GroupNames;
 
 /**
  * Jwt implementation of {@link AccessTokenBuilder}.
@@ -207,6 +208,12 @@ public final class JwtAccessTokenBuilder implements AccessTokenBuilder {
 
     if (!groups.isEmpty()) {
       claims.put(JwtAccessToken.GROUPS_CLAIM_KEY, groups);
+    } else {
+      Subject currentSubject = SecurityUtils.getSubject();
+      GroupNames groupNames = currentSubject.getPrincipals().oneByType(GroupNames.class);
+      if (groupNames != null && groupNames.isExternal()) {
+        claims.put(JwtAccessToken.GROUPS_CLAIM_KEY, groupNames.getCollection().toArray(new String[]{}));
+      }
     }
 
     // sign token and create compact version

scm-webapp/src/main/java/sonia/scm/security/RepositoryPermissionProvider.java

@@ -18,6 +18,8 @@ import java.util.Collection;
 import java.util.Enumeration;
 import java.util.LinkedHashSet;
 import java.util.List;
+import java.util.Optional;
+import java.util.Set;
 import java.util.stream.Collectors;
 
 import static java.util.Collections.unmodifiableCollection;
@@ -63,7 +65,7 @@ public class RepositoryPermissionProvider {
 
         RepositoryPermissionsRoot repositoryPermissionsRoot = parsePermissionDescriptor(context, descriptorUrl);
         availableVerbs.addAll(repositoryPermissionsRoot.verbs.verbs);
-        availableRoles.addAll(repositoryPermissionsRoot.roles.roles);
+        mergeRolesInto(availableRoles, repositoryPermissionsRoot.roles.roles);
       }
     } catch (IOException ex) {
       logger.error("could not read permission descriptors", ex);
@@ -75,7 +77,22 @@ public class RepositoryPermissionProvider {
     return new AvailableRepositoryPermissions(availableVerbs, availableRoles);
   }
 
-  @SuppressWarnings("unchecked")
+  private static void mergeRolesInto(Collection<RoleDescriptor> targetRoles, List<RoleDescriptor> additionalRoles) {
+    additionalRoles.forEach(r -> addOrMergeInto(targetRoles, r));
+  }
+
+  private static void addOrMergeInto(Collection<RoleDescriptor> targetRoles, RoleDescriptor additionalRole) {
+    Optional<RoleDescriptor> existingRole = targetRoles
+      .stream()
+      .filter(r -> r.name.equals(additionalRole.name))
+      .findFirst();
+    if (existingRole.isPresent()) {
+      existingRole.get().verbs.verbs.addAll(additionalRole.verbs.verbs);
+    } else {
+      targetRoles.add(additionalRole);
+    }
+  }
+
   private static RepositoryPermissionsRoot parsePermissionDescriptor(JAXBContext context, URL descriptorUrl) {
     try {
       RepositoryPermissionsRoot descriptorWrapper =
@@ -110,7 +127,7 @@ public class RepositoryPermissionProvider {
   @XmlRootElement(name = "verbs")
   private static class VerbListDescriptor {
     @XmlElement(name = "verb")
-    private List<String> verbs = new ArrayList<>();
+    private Set<String> verbs = new LinkedHashSet<>();
   }
 
   @XmlRootElement(name = "roles")

scm-webapp/src/main/resources/META-INF/scm/permissions.xml

@@ -40,7 +40,7 @@
     <value>repository:read,pull,push:*</value>
   </permission>
   <permission>
-    <value>repository:*:*</value>
+    <value>repository:*</value>
   </permission>
   <permission>
     <value>repository:create</value>
@@ -51,5 +51,17 @@
   <permission>
     <value>group:*</value>
   </permission>
+  <permission>
+    <value>permission:*</value>
+  </permission>
+  <permission>
+    <value>configuration:list</value>
+  </permission>
+  <permission>
+    <value>configuration:read,write:global</value>
+  </permission>
+  <permission>
+    <value>configuration:read,write:*</value>
+  </permission>
 
 </permissions>

scm-webapp/src/main/resources/META-INF/scm/repository-permissions.xml

@@ -7,7 +7,6 @@
     <verb>push</verb>
     <verb>permissionRead</verb>
     <verb>permissionWrite</verb>
-    <verb>healthCheck</verb>
     <verb>*</verb>
   </verbs>
   <roles>
@@ -26,12 +25,6 @@
         <verb>push</verb>
       </verbs>
     </role>
-    <role>
-      <name>HEALTH</name>
-      <verbs>
-        <verb>healthCheck</verb>
-      </verbs>
-    </role>
     <role>
       <name>OWNER</name>
       <verbs>

scm-webapp/src/main/resources/locales/de/plugins.json

@@ -14,10 +14,8 @@
         }
       },
       "*": {
-        "*": {
-          "displayName": "Alle Repositories besitzen (Owner)",
-          "description": "Darf alle Repositories lesen, klonen, schreiben, konfigurieren und löschen."
-        }
+        "displayName": "Alle Repositories besitzen (Owner)",
+        "description": "Darf alle Repositories lesen, klonen, schreiben, konfigurieren und löschen."
       },
       "create": {
         "displayName": "Repositories erstellen",
@@ -36,20 +34,42 @@
         "description": "Darf Gruppen administrieren."
       }
     },
+    "permission": {
+      "*": {
+        "displayName": "Berechtigungen verwalten",
+        "description": "Darf Berechtigungen verwalten (benötigt zusätzlich 'Benutzer administrieren' bzw. 'Gruppen administrieren')."
+      }
+    },
+    "configuration": {
+      "list": {
+        "displayName": "Basis für Administration",
+        "description": "Voraussetzung für alle anderen Administrationsberechtigungen. Ohne diese Berechtigung wird keine Administrationsansicht gezeigt."
+      },
+      "read,write": {
+        "global": {
+          "displayName": "zentrale Konfiguration",
+          "description": "Darf die Konfiguration des SCM-Manager anpassen"
+        },
+        "*": {
+          "displayName": "zentrale + Plugin Konfiguration",
+          "description": "Darf die Konfiguration des SCM-Manager und aller Plugins anpassen"
+        }
+      }
+    },
     "unknown": "Unbekannte Berechtigung"
   },
   "verbs": {
     "repository": {
       "read": {
-        "displayName": "Lesen",
+        "displayName": "Repository Lesen",
         "description": "Darf das Repository im SCM-Manager sehen."
       },
       "modify": {
-        "displayName": "Modifizieren",
+        "displayName": "Repository Modifizieren",
         "description": "Darf die Eigenschaften des Repository verändern."
       },
       "delete": {
-        "displayName": "Löschen",
+        "displayName": "Repository Löschen",
         "description": "Darf das Repository löschen."
       },
       "pull": {
@@ -68,10 +88,6 @@
         "displayName": "Berechtigungen modifizieren",
         "description": "Darf die Berechtigungen des Repository bearbeiten."
       },
-      "healthCheck": {
-        "displayName": "Health Check",
-        "description": "Darf den Repository Health Check ausführen."
-      },
       "*": {
         "displayName": "Alle Repository Rechte",
         "description": "Darf im Repository Kontext alles ausführen. Dies beinhaltet alle Repository Berechtigungen."

scm-webapp/src/main/resources/locales/en/plugins.json

@@ -14,10 +14,8 @@
         }
       },
       "*": {
-        "*": {
-          "displayName": "Own all repositories",
-          "description": "May see, clone, push to, configure and delete all repositories"
-        }
+        "displayName": "Own all repositories",
+        "description": "May see, clone, push to, configure and delete all repositories"
       },
       "create": {
         "displayName": "Create repositories",
@@ -36,28 +34,50 @@
         "description": "May administer all groups"
       }
     },
+    "permission": {
+      "*": {
+        "displayName": "Administer permissions",
+        "description": "May administer permissions (additionally needs 'administer users' and/or 'administer groups')."
+      }
+    },
+    "configuration": {
+      "list": {
+        "displayName": "Basic administration",
+        "description": "Prerequisite for all other administration permissions. Without this, no configuration will be visible."
+      },
+      "read,write": {
+        "global": {
+          "displayName": "Administer core",
+          "description": "May configure core settings of SCM-Manager"
+        },
+        "*": {
+          "displayName": "Administer core and plugins",
+          "description": "May configure settings of SCM-Manager core and all plugins"
+        }
+      }
+    },
     "unknown": "Unknown permission"
   },
   "verbs": {
     "repository": {
       "read": {
-        "displayName": "read",
+        "displayName": "read repository",
         "description": "May see the repository inside the SCM-Manager"
       },
       "modify": {
-        "displayName": "modify",
-        "description": "May modify the properties of the repository"
+        "displayName": "modify repository metadata",
+        "description": "May modify the basic properties of the repository"
       },
       "delete": {
-        "displayName": "delete",
+        "displayName": "delete repository",
         "description": "May delete the repository"
       },
       "pull": {
-        "displayName": "pull/checkout",
+        "displayName": "pull/checkout repository",
         "description": "May pull/checkout the repository"
       },
       "push": {
-        "displayName": "push/commit",
+        "displayName": "push/commit repository",
         "description": "May change the content of the repository (push/commit)"
       },
       "permissionRead": {
@@ -68,12 +88,8 @@
         "displayName": "modify permissions",
         "description": "May modify the permissions of the repository"
       },
-      "healthCheck": {
-        "displayName": "health check",
-        "description": "May run the health check for the repository"
-      },
       "*": {
-        "displayName": "overall",
+        "displayName": "own repository",
         "description": "May change everything for the repository (includes all other permissions)"
       }
     }

scm-webapp/src/main/resources/logback.default.xml

@@ -51,7 +51,8 @@
   </appender>
   
   <logger name="sonia.scm" level="TRACE" />
-  
+  <logger name="com.cloudogu.scm" level="TRACE" />
+
   <logger name="sonia.scm.security.AuthorizationCollector" level="DEBUG" />
   <logger name="sonia.scm.web.filter.AutoLoginFilter" level="DEBUG" />
   <logger name="sonia.scm.security.XsrfProtectionFilter" level="DEBUG" />

scm-webapp/src/main/resources/logback.release.xml

@@ -74,7 +74,8 @@
   </appender>
 
   <logger name="sonia.scm" level="INFO" />
-  
+  <logger name="com.cloudogu.scm" level="INFO" />
+
   <!-- suppress massive gzip logging -->
   <logger name="sonia.scm.filter.GZipFilter" level="WARN" />
   <logger name="sonia.scm.filter.GZipResponseStream" level="WARN" />

scm-webapp/src/test/java/sonia/scm/security/JwtAccessTokenBuilderTest.java

@@ -36,23 +36,32 @@ import com.github.sdorra.shiro.SubjectAware;
 import com.google.common.collect.Sets;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.apache.shiro.subject.Subject;
 import org.apache.shiro.util.ThreadContext;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
+import org.mockito.invocation.InvocationOnMock;
 import org.mockito.junit.MockitoJUnitRunner;
+import sonia.scm.group.GroupNames;
 
+import java.util.Arrays;
 import java.util.Set;
 import java.util.concurrent.TimeUnit;
 
 import static org.hamcrest.Matchers.*;
+import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertThat;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Mockito.anyString;
+import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.when;
 import static sonia.scm.security.SecureKeyTestUtil.createSecureKey;
 
@@ -62,6 +71,11 @@ import static sonia.scm.security.SecureKeyTestUtil.createSecureKey;
  * @author Sebastian Sdorra
  */
 @RunWith(MockitoJUnitRunner.class)
+@SubjectAware(
+  configuration = "classpath:sonia/scm/shiro-001.ini",
+  username = "trillian",
+  password = "secret"
+)
 public class JwtAccessTokenBuilderTest {
   
   {
@@ -96,11 +110,6 @@ public class JwtAccessTokenBuilderTest {
    * Tests {@link JwtAccessTokenBuilder#build()} with subject from shiro context.
    */
   @Test
-  @SubjectAware(
-    configuration = "classpath:sonia/scm/shiro-001.ini",
-    username = "trillian",
-    password = "secret"
-  )
   public void testBuildWithoutSubject() {
     JwtAccessToken token = factory.create().build();
     assertEquals("trillian", token.getSubject());
@@ -150,7 +159,33 @@ public class JwtAccessTokenBuilderTest {
       .getBody();
     assertClaims(new JwtAccessToken(claims, compact));
   }
-  
+
+  @Test
+  public void testWithExternalGroups() {
+    applyExternalGroupsToSubject(true, "external");
+    JwtAccessToken token = factory.create().subject("dent").build();
+    assertArrayEquals(new String[]{"external"}, token.getCustom(JwtAccessToken.GROUPS_CLAIM_KEY).map(x -> (String[]) x).get());
+  }
+
+  @Test
+  public void testWithInternalGroups() {
+    applyExternalGroupsToSubject(false, "external");
+    JwtAccessToken token = factory.create().subject("dent").build();
+    assertFalse(token.getCustom(JwtAccessToken.GROUPS_CLAIM_KEY).isPresent());
+  }
+
+  private void applyExternalGroupsToSubject(boolean external, String... groups) {
+    Subject subject = spy(SecurityUtils.getSubject());
+    when(subject.getPrincipals()).thenAnswer(invocation -> enrichWithGroups(invocation, groups, external));
+    shiro.setSubject(subject);
+  }
+
+  private Object enrichWithGroups(InvocationOnMock invocation, String[] groups, boolean external) throws Throwable {
+    PrincipalCollection principals = (PrincipalCollection) spy(invocation.callRealMethod());
+    when(principals.oneByType(GroupNames.class)).thenReturn(new GroupNames(Arrays.asList(groups), external));
+    return principals;
+  }
+
   private void assertClaims(JwtAccessToken token){
     assertThat(token.getId(), not(isEmptyOrNullString()));
     assertNotNull( token.getIssuedAt() );

scm-webapp/src/test/java/sonia/scm/security/RepositoryPermissionProviderTest.java

@@ -8,6 +8,7 @@ import sonia.scm.util.ClassLoaders;
 
 import java.lang.reflect.Field;
 import java.util.Arrays;
+import java.util.Collection;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.jupiter.api.Assertions.fail;
@@ -27,6 +28,7 @@ class RepositoryPermissionProviderTest {
     repositoryPermissionProvider = new RepositoryPermissionProvider(pluginLoader);
     allVerbsFromRepositoryClass = Arrays.stream(RepositoryPermissions.class.getDeclaredFields())
       .filter(field -> field.getName().startsWith("ACTION_"))
+      .filter(field -> !field.getName().equals("ACTION_HEALTHCHECK"))
       .map(this::getString)
       .filter(verb -> !"create".equals(verb))
       .toArray(String[]::new);
@@ -47,6 +49,18 @@ class RepositoryPermissionProviderTest {
     assertThat(repositoryPermissionProvider.availableVerbs()).contains(allVerbsFromRepositoryClass);
   }
 
+  @Test
+  void shouldMergeRepositoryRoles() {
+    Collection<String> verbsInMergedRole = repositoryPermissionProvider
+      .availableRoles()
+      .stream()
+      .filter(r -> "READ".equals(r.getName()))
+      .findFirst()
+      .get()
+      .getVerbs();
+    assertThat(verbsInMergedRole).contains("read", "pull", "test");
+  }
+
   private String getString(Field field) {
     try {
       return (String) field.get(null);

scm-webapp/src/test/resources/META-INF/scm/repository-permissions.xml

@@ -0,0 +1,13 @@
+<repository-permissions>
+  <verbs>
+    <verb>test</verb>
+  </verbs>
+  <roles>
+    <role>
+      <name>READ</name>
+      <verbs>
+        <verb>test</verb>
+      </verbs>
+    </role>
+  </roles>
+</repository-permissions>

scm-webapp/src/test/resources/logback-test.xml

@@ -51,7 +51,8 @@
   </appender>
   
   <logger name="sonia.scm" level="DEBUG" />
-  
+  <logger name="com.cloudogu.scm" level="DEBUG" />
+
   <!-- suppress massive gzip logging -->
   <logger name="sonia.scm.filter.GZipFilter" level="WARN" />
   <logger name="sonia.scm.filter.GZipResponseStream" level="WARN" />
@@ -86,4 +87,4 @@
     <appender-ref ref="STDOUT" />
   </root>
   
-</configuration>
+</configuration>