Create fine-grained configuration permissions.

No more hard-coded isAdmin() checks.
2026-03-27 22:40:19 +01:00 · 2018-07-30 17:41:00 +02:00
parent df282ee6a9
commit 7572580ac1
20 changed files with 181 additions and 77 deletions
--- a/scm-core/src/main/java/sonia/scm/config/Configuration.java
+++ b/scm-core/src/main/java/sonia/scm/config/Configuration.java
@@ -0,0 +1,28 @@
+package sonia.scm.config;
+
+import com.github.sdorra.ssp.PermissionObject;
+import com.github.sdorra.ssp.StaticPermissions;
+
+/**
+ * Base for all kinds of configurations.
+ *
+ * Allows for permission like
+ *
+ * <ul>
+ *   <li>"configuration:read:global",</li>
+ *   <li>"configuration:write:svn",</li>
+ *   <li>"configuration:*:git",</li>
+ *   <li>"configuration:*"</li>
+ * </ul>
+ *
+ * <br/>
+ *
+ * And for permission checks like {@code ConfigurationPermissions.read(configurationObject).check();}
+ */
+@StaticPermissions(
+  value = "configuration",
+  permissions = {"read", "write"},
+  globalPermissions = {}
+)
+public interface Configuration extends PermissionObject {
+}
--- a/scm-core/src/main/java/sonia/scm/config/ScmConfiguration.java
+++ b/scm-core/src/main/java/sonia/scm/config/ScmConfiguration.java
@@ -44,6 +44,7 @@ import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlElement;
 import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlTransient;
 import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
 import java.io.File;
 import java.util.Set;
@@ -57,10 +58,11 @@ import java.util.concurrent.TimeUnit;
 *
 * @author Sebastian Sdorra
 */
+
@Singleton
@XmlRootElement(name = "scm-config")
@XmlAccessorType(XmlAccessType.FIELD)
-public class ScmConfiguration {
+public class ScmConfiguration implements Configuration {

  /**
   * Default JavaScript date format
@@ -501,4 +503,12 @@ public class ScmConfiguration {
  public void setDefaultNamespaceStrategy(String defaultNamespaceStrategy) {
    this.defaultNamespaceStrategy = defaultNamespaceStrategy;
  }
+
+  @Override
+  // Only for permission checks, don't serialize to XML
+  @XmlTransient
+  public String getId() {
+    // Don't change this without migrating SCM permission configuration!
+    return "global";
+  }
 }
--- a/scm-core/src/main/java/sonia/scm/repository/AbstractRepositoryHandler.java
+++ b/scm-core/src/main/java/sonia/scm/repository/AbstractRepositoryHandler.java
@@ -56,7 +56,7 @@ import sonia.scm.store.ConfigurationStoreFactory;
 *
 * @param <C>
 */
-public abstract class AbstractRepositoryHandler<C extends SimpleRepositoryConfig>
+public abstract class AbstractRepositoryHandler<C extends RepositoryConfig>
  implements RepositoryHandler
 {

--- a/scm-core/src/main/java/sonia/scm/repository/AbstractSimpleRepositoryHandler.java
+++ b/scm-core/src/main/java/sonia/scm/repository/AbstractSimpleRepositoryHandler.java
@@ -55,7 +55,7 @@ import java.net.URL;
 * @param <C>
 * @author Sebastian Sdorra
 */
-public abstract class AbstractSimpleRepositoryHandler<C extends SimpleRepositoryConfig>
+public abstract class AbstractSimpleRepositoryHandler<C extends RepositoryConfig>
  extends AbstractRepositoryHandler<C> implements RepositoryDirectoryHandler {

  public static final String DEFAULT_VERSION_INFORMATION = "unknown";
--- a/scm-core/src/main/java/sonia/scm/repository/SimpleRepositoryConfig.java
+++ b/scm-core/src/main/java/sonia/scm/repository/SimpleRepositoryConfig.java
@@ -33,15 +33,12 @@

 package sonia.scm.repository;

-//~--- non-JDK imports --------------------------------------------------------
-
 import sonia.scm.Validateable;
-
-//~--- JDK imports ------------------------------------------------------------
-
-import java.io.File;
+import sonia.scm.config.Configuration;

 import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlTransient;
+import java.io.File;

 /**
 * Basic {@link Repository} configuration class.
@@ -49,7 +46,7 @@ import javax.xml.bind.annotation.XmlRootElement;
 * @author Sebastian Sdorra
 */
@XmlRootElement
-public class SimpleRepositoryConfig implements Validateable
+public abstract class RepositoryConfig implements Validateable, Configuration
 {

  /**
@@ -119,4 +116,19 @@ public class SimpleRepositoryConfig implements Validateable

  /** directory for repositories */
  private File repositoryDirectory;
+
+  /**
+   * Specifies the identifier of the concrete {@link RepositoryConfig} when checking permissions of an object.
+   * The permission Strings will have the following format: "configuration:*:ID", where the ID part is defined by this
+   * method.
+   *
+   * For example: "configuration:read:git".
+   *
+   * No need to serialize this.
+   *
+   * @return identifier of this RepositoryConfig in permission strings
+   */
+  @Override
+  @XmlTransient // Only for permission checks, don't serialize to XML
+  public abstract String getId();
 }
--- a/scm-core/src/main/java/sonia/scm/repository/RepositoryHandlerConfigChangedEvent.java
+++ b/scm-core/src/main/java/sonia/scm/repository/RepositoryHandlerConfigChangedEvent.java
@@ -37,7 +37,7 @@ import sonia.scm.event.Event;
 * @since 2.0.0
 */
@Event
-public class RepositoryHandlerConfigChangedEvent<C extends SimpleRepositoryConfig>
+public class RepositoryHandlerConfigChangedEvent<C extends RepositoryConfig>
 {
  
  private final C configuration;
--- a/scm-core/src/main/java/sonia/scm/repository/RepositoryUtil.java
+++ b/scm-core/src/main/java/sonia/scm/repository/RepositoryUtil.java
@@ -74,7 +74,7 @@ public final class RepositoryUtil {
    return getRepositoryId(handler.getConfig(), directory);
  }

-  public static String getRepositoryId(SimpleRepositoryConfig config, File directory) throws IOException {
+  public static String getRepositoryId(RepositoryConfig config, File directory) throws IOException {
    return getRepositoryId(config.getRepositoryDirectory(), directory);
  }