Fix bug for repository owners without global role permission

Repository owners got an frontend error when they hat no permission to
read the global repository roles. We therefore remove the dedicated
permission to read repository.

Additionally we fix the 'write' permission to match the entry in the
'permissions.xml' file.

scm-core/src/main/java/sonia/scm/repository/RepositoryRole.java

@@ -57,7 +57,7 @@ import static java.util.Collections.unmodifiableSet;
  * Custom role with specific permissions related to {@link Repository}.
  * This object should be immutable, but could not be due to mapstruct.
  */
-@StaticPermissions(value = "repositoryRole", permissions = {}, globalPermissions = {"read", "modify"})
+@StaticPermissions(value = "repositoryRole", permissions = {}, globalPermissions = {"write"})
 @XmlRootElement(name = "roles")
 @XmlAccessorType(XmlAccessType.FIELD)
 public class RepositoryRole implements ModelObject, PermissionObject {

scm-webapp/src/main/java/sonia/scm/api/v2/resources/IndexDtoGenerator.java

@@ -63,9 +63,7 @@ public class IndexDtoGenerator extends HalAppenderMapper {
 
       builder.single(link("repositoryTypes", resourceLinks.repositoryTypeCollection().self()));
       builder.single(link("namespaceStrategies", resourceLinks.namespaceStrategies().self()));
-      if (RepositoryRolePermissions.read().isPermitted()) {
-        builder.single(link("repositoryRoles", resourceLinks.repositoryRoleCollection().self()));
-      }
+      builder.single(link("repositoryRoles", resourceLinks.repositoryRoleCollection().self()));
     } else {
       builder.single(link("login", resourceLinks.authentication().jsonLogin()));
     }

scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryRoleCollectionToDtoMapper.java

@@ -25,7 +25,7 @@ public class RepositoryRoleCollectionToDtoMapper extends BasicCollectionToDtoMap
   }
 
   Optional<String> createCreateLink() {
-    return RepositoryRolePermissions.modify().isPermitted() ? of(resourceLinks.repositoryRoleCollection().create()): empty();
+    return RepositoryRolePermissions.write().isPermitted() ? of(resourceLinks.repositoryRoleCollection().create()): empty();
   }
 
   String createSelfLink() {

scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryRoleToRepositoryRoleDtoMapper.java

@@ -27,7 +27,7 @@ public abstract class RepositoryRoleToRepositoryRoleDtoMapper extends BaseMapper
   @ObjectFactory
   RepositoryRoleDto createDto(RepositoryRole repositoryRole) {
     Links.Builder linksBuilder = linkingTo().self(resourceLinks.repositoryRole().self(repositoryRole.getName()));
-    if (!"system".equals(repositoryRole.getType()) && RepositoryRolePermissions.modify().isPermitted()) {
+    if (!"system".equals(repositoryRole.getType()) && RepositoryRolePermissions.write().isPermitted()) {
       linksBuilder.single(link("delete", resourceLinks.repositoryRole().delete(repositoryRole.getName())));
       linksBuilder.single(link("update", resourceLinks.repositoryRole().update(repositoryRole.getName())));
     }

scm-webapp/src/main/java/sonia/scm/repository/DefaultRepositoryRoleManager.java

@@ -88,7 +88,7 @@ public class DefaultRepositoryRoleManager extends AbstractRepositoryRoleManager
 
     return managerDaoAdapter.create(
       repositoryRole,
-      RepositoryRolePermissions::modify,
+      RepositoryRolePermissions::write,
       newRepositoryRole -> fireEvent(HandlerEventType.BEFORE_CREATE, newRepositoryRole),
       newRepositoryRole -> fireEvent(HandlerEventType.CREATE, newRepositoryRole)
     );
@@ -100,7 +100,7 @@ public class DefaultRepositoryRoleManager extends AbstractRepositoryRoleManager
     logger.info("delete repositoryRole {} of type {}", repositoryRole.getName(), repositoryRole.getType());
     managerDaoAdapter.delete(
       repositoryRole,
-      RepositoryRolePermissions::modify,
+      RepositoryRolePermissions::write,
       toDelete -> fireEvent(HandlerEventType.BEFORE_DELETE, toDelete),
       toDelete -> fireEvent(HandlerEventType.DELETE, toDelete)
     );
@@ -116,7 +116,7 @@ public class DefaultRepositoryRoleManager extends AbstractRepositoryRoleManager
     logger.info("modify repositoryRole {} of type {}", repositoryRole.getName(), repositoryRole.getType());
     managerDaoAdapter.modify(
       repositoryRole,
-      x -> RepositoryRolePermissions.modify(),
+      x -> RepositoryRolePermissions.write(),
       notModified -> fireEvent(HandlerEventType.BEFORE_MODIFY, repositoryRole, notModified),
       notModified -> fireEvent(HandlerEventType.MODIFY, repositoryRole, notModified));
   }
@@ -125,7 +125,6 @@ public class DefaultRepositoryRoleManager extends AbstractRepositoryRoleManager
   public void refresh(RepositoryRole repositoryRole) {
     logger.info("refresh repositoryRole {} of type {}", repositoryRole.getName(), repositoryRole.getType());
 
-    RepositoryRolePermissions.read().check();
     RepositoryRole fresh = repositoryRoleDAO.get(repositoryRole.getName());
 
     if (fresh == null) {
@@ -135,8 +134,6 @@ public class DefaultRepositoryRoleManager extends AbstractRepositoryRoleManager
 
   @Override
   public RepositoryRole get(String id) {
-    RepositoryRolePermissions.read().check();
-
     return findSystemRole(id).orElse(findCustomRole(id));
   }
 
@@ -168,9 +165,6 @@ public class DefaultRepositoryRoleManager extends AbstractRepositoryRoleManager
   public List<RepositoryRole> getAll() {
     List<RepositoryRole> repositoryRoles = new ArrayList<>();
 
-    if (!RepositoryRolePermissions.read().isPermitted()) {
-      return Collections.emptyList();
-    }
     for (RepositoryRole repositoryRole : repositoryPermissionProvider.availableRoles()) {
       repositoryRoles.add(repositoryRole.clone());
     }

scm-webapp/src/main/resources/META-INF/scm/permissions.xml

@@ -67,7 +67,7 @@
     <value>configuration:read,write:*</value>
   </permission>
   <permission>
-    <value>repositoryRole:read,write</value>
+    <value>repositoryRole:write</value>
   </permission>
 
 </permissions>