Move authorization check to manager

scm-webapp/src/main/java/sonia/scm/api/v2/resources/NamespacePermissionResource.java

@@ -34,7 +34,6 @@ import lombok.extern.slf4j.Slf4j;
 import sonia.scm.NotFoundException;
 import sonia.scm.repository.Namespace;
 import sonia.scm.repository.NamespaceManager;
-import sonia.scm.repository.NamespacePermissions;
 import sonia.scm.repository.RepositoryPermission;
 import sonia.scm.web.VndMediaType;
 
@@ -50,7 +49,6 @@ import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Response;
 import java.net.URI;
-import java.util.Collection;
 import java.util.Optional;
 import java.util.function.Predicate;
 
@@ -120,7 +118,6 @@ public class NamespacePermissionResource {
   public Response create(@PathParam("namespace") String namespaceName, @Valid RepositoryPermissionDto permission) {
     log.info("try to add new permission: {}", permission);
     Namespace namespace = load(namespaceName);
-    NamespacePermissions.permissionWrite().check();
     checkPermissionAlreadyExists(permission, namespace);
     namespace.addPermission(dtoToModelMapper.map(permission));
     manager.modify(namespace);
@@ -164,7 +161,6 @@ public class NamespacePermissionResource {
   )
   public RepositoryPermissionDto get(@PathParam("namespace") String namespaceName, @PathParam("permission-name") String permissionName) {
     Namespace namespace = load(namespaceName);
-    NamespacePermissions.permissionRead().check();
     return
       namespace.getPermissions()
         .stream()
@@ -210,7 +206,6 @@ public class NamespacePermissionResource {
   )
   public HalRepresentation getAll(@PathParam("namespace") String namespaceMame) {
     Namespace namespace = load(namespaceMame);
-    NamespacePermissions.permissionRead().check();
     return repositoryPermissionCollectionToDtoMapper.map(namespace);
   }
 
@@ -241,7 +236,6 @@ public class NamespacePermissionResource {
                          @Valid RepositoryPermissionDto permission) {
     log.info("try to update the permission with name: {}. the modified permission is: {}", permissionName, permission);
     Namespace namespace = load(namespaceName);
-    NamespacePermissions.permissionWrite().check();
     String extractedPermissionName = getPermissionName(permissionName);
     if (!isPermissionExist(new RepositoryPermissionDto(extractedPermissionName, isGroupPermission(permissionName)), namespace)) {
       throw notFound(entity(RepositoryPermission.class, permissionName).in(Namespace.class, namespaceName));
@@ -289,7 +283,6 @@ public class NamespacePermissionResource {
                          @PathParam("permission-name") String permissionName) {
     log.info("try to delete the permission with name: {}.", permissionName);
     Namespace namespace = load(namespaceName);
-    NamespacePermissions.permissionWrite().check();
     namespace.getPermissions()
       .stream()
       .filter(filterPermission(permissionName))

scm-webapp/src/main/java/sonia/scm/repository/DefaultNamespaceManager.java

@@ -70,12 +70,10 @@ public class DefaultNamespaceManager implements NamespaceManager {
 
   @Override
   public void modify(Namespace namespace) {
+    NamespacePermissions.permissionWrite().check();
     Namespace oldNamespace = get(namespace.getNamespace())
       .orElseThrow(() -> notFound(entity(Namespace.class, namespace.getNamespace())));
     fireEvent(HandlerEventType.BEFORE_MODIFY, namespace, oldNamespace);
-    if (!get(namespace.getNamespace()).isPresent()) {
-      throw notFound(entity("Namespace", namespace.getNamespace()));
-    }
     dao.add(namespace);
     fireEvent(HandlerEventType.MODIFY, namespace, oldNamespace);
   }
@@ -101,9 +99,13 @@ public class DefaultNamespaceManager implements NamespaceManager {
   }
 
   private Namespace createNamespaceForName(String namespace) {
-    return dao.get(namespace)
-      .map(Namespace::clone)
-      .orElse(new Namespace(namespace));
+    if (NamespacePermissions.permissionRead().isPermitted()) {
+      return dao.get(namespace)
+        .map(Namespace::clone)
+        .orElse(new Namespace(namespace));
+    } else {
+      return new Namespace(namespace);
+    }
   }
 
   protected void fireEvent(HandlerEventType event, Namespace namespace, Namespace oldNamespace) {

scm-webapp/src/main/java/sonia/scm/security/AuthorizationChangedEventProducer.java

@@ -153,10 +153,8 @@ public class AuthorizationChangedEventProducer {
 
   @Subscribe
   public void onEvent(NamespaceEvent event) {
-    if (event.getEventType().isPost()) {
-      if (isModificationEvent(event)) {
-        handleNamespaceModificationEvent((NamespaceModificationEvent) event);
-      }
+    if (event.getEventType().isPost() && isModificationEvent(event)) {
+      handleNamespaceModificationEvent((NamespaceModificationEvent) event);
     }
   }