diff --git a/scm-webapp/src/main/java/sonia/scm/security/DefaultSecuritySystem.java b/scm-webapp/src/main/java/sonia/scm/security/DefaultSecuritySystem.java index 36e8be4899..787ded5d94 100644 --- a/scm-webapp/src/main/java/sonia/scm/security/DefaultSecuritySystem.java +++ b/scm-webapp/src/main/java/sonia/scm/security/DefaultSecuritySystem.java @@ -33,17 +33,26 @@ package sonia.scm.security; //~--- non-JDK imports -------------------------------------------------------- +import com.google.common.base.Predicate; +import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableList.Builder; import com.google.inject.Inject; import com.google.inject.Singleton; import org.apache.shiro.SecurityUtils; import org.apache.shiro.subject.PrincipalCollection; -import sonia.scm.event.ScmEventBus; -import sonia.scm.store.Store; -import sonia.scm.store.StoreFactory; +import sonia.scm.store.ConfigurationEntryStore; +import sonia.scm.store.ConfigurationEntryStoreFactory; + +//~--- JDK imports ------------------------------------------------------------ + +import java.util.Collections; +import java.util.List; +import java.util.Map.Entry; /** + * TODO add events * * @author Sebastian Sdorra * @since 1.31 @@ -64,9 +73,73 @@ public class DefaultSecuritySystem implements SecuritySystem * @param storeFactory */ @Inject - public DefaultSecuritySystem(StoreFactory storeFactory) + public DefaultSecuritySystem(ConfigurationEntryStoreFactory storeFactory) { - store = storeFactory.getStore(SecurityConfiguration.class, NAME); + store = storeFactory.getStore(AssignedPermission.class, NAME); + } + + //~--- methods -------------------------------------------------------------- + + /** + * Method description + * + * + * @param permission + * + * @return + */ + @Override + public StoredAssignedPermission addPermission(AssignedPermission permission) + { + assertIsAdmin(); + + String id = store.put(permission); + + return new StoredAssignedPermission(id, permission); + } + + /** + * Method description + * + * + * @param permission + */ + @Override + public void deletePermission(StoredAssignedPermission permission) + { + assertIsAdmin(); + deletePermission(permission.getId()); + } + + /** + * Method description + * + * + * @param id + */ + @Override + public void deletePermission(String id) + { + assertIsAdmin(); + store.remove(id); + } + + /** + * Method description + * + * + * @param permission + */ + @Override + public void modifyPermission(StoredAssignedPermission permission) + { + assertIsAdmin(); + + synchronized (store) + { + store.remove(permission.getId()); + store.put(permission.getId(), new AssignedPermission(permission)); + } } //~--- get methods ---------------------------------------------------------- @@ -78,16 +151,48 @@ public class DefaultSecuritySystem implements SecuritySystem * @return */ @Override - public SecurityConfiguration getConfiguration() + public List getAllPermissions() { - SecurityConfiguration configuration = store.get(); + return getPermissions(null); + } - if (configuration == null) + /** + * Method description + * + * + * @return + */ + @Override + public List getAvailablePermissions() + { + + // TODO + return Collections.EMPTY_LIST; + } + + /** + * Method description + * + * + * @param predicate + * + * @return + */ + @Override + public List getPermissions( + Predicate predicate) + { + Builder permissions = ImmutableList.builder(); + + for (Entry e : store.getAll().entrySet()) { - configuration = new SecurityConfiguration(); + if ((predicate == null) || predicate.apply(e.getValue())) + { + permissions.add(new StoredAssignedPermission(e.getKey(), e.getValue())); + } } - return configuration; + return permissions.build(); } /** @@ -99,34 +204,24 @@ public class DefaultSecuritySystem implements SecuritySystem @Override public PrincipalCollection getSystemAccount() { - throw new UnsupportedOperationException("Not supported yet."); // To change body of generated methods, choose Tools | Templates. + + // TODO + throw new UnsupportedOperationException("Not supported yet."); } - //~--- set methods ---------------------------------------------------------- + //~--- methods -------------------------------------------------------------- /** * Method description * - * - * @param newConfiguration */ - @Override - public void setConfiguration(SecurityConfiguration newConfiguration) + private void assertIsAdmin() { SecurityUtils.getSubject().checkRole(Role.ADMIN); - - SecurityConfiguration oldConfiguration = store.get(); - - store.set(newConfiguration); - //J- - ScmEventBus.getInstance().post( - new SecurityConfigurationChangedEvent(oldConfiguration, newConfiguration) - ); - //J+ } //~--- fields --------------------------------------------------------------- /** Field description */ - private Store store; + private final ConfigurationEntryStore store; } diff --git a/scm-webapp/src/main/java/sonia/scm/security/ScmRealm.java b/scm-webapp/src/main/java/sonia/scm/security/ScmRealm.java index 8c2b443b94..8bd9286fb9 100644 --- a/scm-webapp/src/main/java/sonia/scm/security/ScmRealm.java +++ b/scm-webapp/src/main/java/sonia/scm/security/ScmRealm.java @@ -36,6 +36,7 @@ package sonia.scm.security; //~--- non-JDK imports -------------------------------------------------------- import com.google.common.base.Joiner; +import com.google.common.base.Predicate; import com.google.common.collect.Lists; import com.google.common.collect.Sets; import com.google.common.eventbus.Subscribe; @@ -197,23 +198,6 @@ public class ScmRealm extends AuthorizingRealm } } - /** - * Method description - * - * - * @param event - */ - @Subscribe - public void onEvent(SecurityConfigurationChangedEvent event) - { - if (logger.isDebugEnabled()) - { - logger.debug("clear cache, because security configuration has changed"); - } - - cache.clear(); - } - /** * Method description * @@ -503,7 +487,8 @@ public class ScmRealm extends AuthorizingRealm * * @return */ - private List collectGlobalPermissions(User user, GroupNames groups) + private List collectGlobalPermissions(final User user, + final GroupNames groups) { if (logger.isTraceEnabled()) { @@ -512,21 +497,27 @@ public class ScmRealm extends AuthorizingRealm List permissions = Lists.newArrayList(); - List globalPermissions = - securitySystem.getConfiguration().getGlobalPermissions(); - - for (GlobalPermission gp : globalPermissions) + List globalPermissions = + securitySystem.getPermissions(new Predicate() { - if (isUserPermission(user, groups, gp)) - { - if (logger.isTraceEnabled()) - { - logger.trace("add permission {} for user {}", gp.getPermission(), - user.getName()); - } - permissions.add(gp.getPermission()); + @Override + public boolean apply(AssignedPermission input) + { + return isUserPermission(user, groups, input); } + }); + + for (StoredAssignedPermission gp : globalPermissions) + { + if (logger.isTraceEnabled()) + { + logger.trace("add permission {} for user {}", gp.getPermission(), + user.getName()); + } + + permissions.add(gp.getPermission()); + } return permissions;