Invalidate authorization cache when namespace permissions are changed

2026-01-29 02:39:11 +01:00 · 2020-09-17 15:31:47 +02:00
parent 7777dd46ea
commit 7247641e33
6 changed files with 211 additions and 10 deletions
--- a/scm-webapp/src/test/java/sonia/scm/repository/DefaultNamespaceManagerTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/repository/DefaultNamespaceManagerTest.java
@@ -24,11 +24,13 @@

 package sonia.scm.repository;

+import com.github.legman.EventBus;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
+import sonia.scm.HandlerEventType;
 import sonia.scm.store.InMemoryDataStore;
 import sonia.scm.store.InMemoryDataStoreFactory;

@@ -37,6 +39,9 @@ import java.util.Optional;

 import static java.util.Arrays.asList;
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.argThat;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;


@@ -45,6 +50,8 @@ class DefaultNamespaceManagerTest {

  @Mock
  RepositoryManager repositoryManager;
+  @Mock
+  EventBus eventBus;

  Namespace life;

@@ -56,7 +63,7 @@ class DefaultNamespaceManagerTest {
  @BeforeEach
  void mockExistingNamespaces() {
    dao = new NamespaceDao(new InMemoryDataStoreFactory(new InMemoryDataStore()));
-    manager = new DefaultNamespaceManager(repositoryManager, dao);
+    manager = new DefaultNamespaceManager(repositoryManager, dao, eventBus);

    when(repositoryManager.getAllNamespaces()).thenReturn(asList("life", "universe", "rest"));

@@ -115,5 +122,7 @@ class DefaultNamespaceManagerTest {
    Namespace newLife = manager.get("life").get();

    assertThat(newLife).isEqualTo(modifiedNamespace);
+    verify(eventBus).post(argThat(event -> ((NamespaceModificationEvent)event).getEventType() == HandlerEventType.BEFORE_MODIFY));
+    verify(eventBus).post(argThat(event -> ((NamespaceModificationEvent)event).getEventType() == HandlerEventType.MODIFY));
  }
 }
--- a/scm-webapp/src/test/java/sonia/scm/security/AuthorizationChangedEventProducerTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/AuthorizationChangedEventProducerTest.java
@@ -21,7 +21,7 @@
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */
-    
+
 package sonia.scm.security;

 import com.google.common.collect.Lists;
@@ -31,6 +31,8 @@ import sonia.scm.HandlerEventType;
 import sonia.scm.group.Group;
 import sonia.scm.group.GroupEvent;
 import sonia.scm.group.GroupModificationEvent;
+import sonia.scm.repository.Namespace;
+import sonia.scm.repository.NamespaceModificationEvent;
 import sonia.scm.repository.Repository;
 import sonia.scm.repository.RepositoryEvent;
 import sonia.scm.repository.RepositoryModificationEvent;
@@ -251,6 +253,55 @@ public class AuthorizationChangedEventProducerTest {
    assertUserEventIsFired("trillian");
  }

+  @Test
+  public void testOnNamespaceModificationEvent()
+  {
+    Namespace namespaceModified = new Namespace("hitchhiker");
+    namespaceModified.setPermissions(Lists.newArrayList(new RepositoryPermission("test", singletonList("read"), false)));
+
+    Namespace namespace = new Namespace("hitchhiker");
+    namespace.setPermissions(Lists.newArrayList(new RepositoryPermission("test", singletonList("read"), false)));
+
+    producer.onEvent(new NamespaceModificationEvent(HandlerEventType.BEFORE_CREATE, namespaceModified, namespace));
+    assertEventIsNotFired();
+
+    producer.onEvent(new NamespaceModificationEvent(HandlerEventType.CREATE, namespaceModified, namespace));
+    assertEventIsNotFired();
+
+    namespaceModified.setPermissions(Lists.newArrayList(new RepositoryPermission("test", singletonList("read"), false)));
+    producer.onEvent(new NamespaceModificationEvent(HandlerEventType.CREATE, namespaceModified, namespace));
+    assertEventIsNotFired();
+
+    namespaceModified.setPermissions(Lists.newArrayList(new RepositoryPermission("test123", singletonList("read"), false)));
+    producer.onEvent(new NamespaceModificationEvent(HandlerEventType.CREATE, namespaceModified, namespace));
+    assertGlobalEventIsFired();
+
+    resetStoredEvent();
+
+    namespaceModified.setPermissions(
+      Lists.newArrayList(new RepositoryPermission("test", singletonList("read"), true))
+    );
+    producer.onEvent(new NamespaceModificationEvent(HandlerEventType.CREATE, namespaceModified, namespace));
+    assertGlobalEventIsFired();
+
+    resetStoredEvent();
+
+    namespaceModified.setPermissions(
+      Lists.newArrayList(new RepositoryPermission("test", asList("read", "write"), false))
+    );
+    producer.onEvent(new NamespaceModificationEvent(HandlerEventType.CREATE, namespaceModified, namespace));
+    assertGlobalEventIsFired();
+
+    resetStoredEvent();
+    namespace.setPermissions(Lists.newArrayList(new RepositoryPermission("test", asList("read", "write"), false)));
+
+    namespaceModified.setPermissions(
+      Lists.newArrayList(new RepositoryPermission("test", asList("write", "read"), false))
+    );
+    producer.onEvent(new NamespaceModificationEvent(HandlerEventType.CREATE, namespaceModified, namespace));
+    assertEventIsNotFired();
+  }
+
  private static class StoringAuthorizationChangedEventProducer extends AuthorizationChangedEventProducer {

    private AuthorizationChangedEvent event;