diff --git a/scm-webapp/src/main/java/sonia/scm/security/DefaultAuthorizationCollector.java b/scm-webapp/src/main/java/sonia/scm/security/DefaultAuthorizationCollector.java index f07cdce900..baff3b951c 100644 --- a/scm-webapp/src/main/java/sonia/scm/security/DefaultAuthorizationCollector.java +++ b/scm-webapp/src/main/java/sonia/scm/security/DefaultAuthorizationCollector.java @@ -201,7 +201,7 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector { hasPermission = isUserPermitted(user, groups, permission); if (hasPermission) { - addRepositoryPermission(builder, repository, user, hasPermission, permission); + addRepositoryPermission(builder, repository, user, permission); } } @@ -217,7 +217,7 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector } } - private void addRepositoryPermission(Builder builder, Repository repository, User user, boolean hasPermission, RepositoryPermission permission) { + private void addRepositoryPermission(Builder builder, Repository repository, User user, RepositoryPermission permission) { Collection verbs = getVerbs(permission); if (!verbs.isEmpty()) { @@ -237,7 +237,12 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector } private Collection getVerbsForRole(String roleName) { - return repositoryPermissionProvider.availableRoles().stream().filter(role -> roleName.equals(role.getName())).findFirst().orElseThrow(() -> new RuntimeException()).getVerbs(); + return repositoryPermissionProvider.availableRoles() + .stream() + .filter(role -> roleName.equals(role.getName())) + .findFirst() + .orElseThrow(() -> new IllegalStateException("unknown role: " + roleName)) + .getVerbs(); } private AuthorizationInfo createAuthorizationInfo(User user, GroupNames groups) { diff --git a/scm-webapp/src/test/java/sonia/scm/security/DefaultAuthorizationCollectorTest.java b/scm-webapp/src/test/java/sonia/scm/security/DefaultAuthorizationCollectorTest.java index bf49c12005..8e7cb8a70e 100644 --- a/scm-webapp/src/test/java/sonia/scm/security/DefaultAuthorizationCollectorTest.java +++ b/scm-webapp/src/test/java/sonia/scm/security/DefaultAuthorizationCollectorTest.java @@ -58,7 +58,10 @@ import sonia.scm.repository.RepositoryTestData; import sonia.scm.user.User; import sonia.scm.user.UserTestData; +import java.util.Collections; + import static java.util.Arrays.asList; +import static java.util.Collections.singletonList; import static org.hamcrest.Matchers.containsInAnyOrder; import static org.hamcrest.Matchers.hasSize; import static org.hamcrest.Matchers.nullValue; @@ -203,9 +206,9 @@ public class DefaultAuthorizationCollectorTest { public void testCollectWithRepositoryRolePermissions() { when(repositoryPermissionProvider.availableRoles()).thenReturn( asList( - new RepositoryRole("user role", asList("user"), "xml"), - new RepositoryRole("group role", asList("group"), "xml"), - new RepositoryRole("system role", asList("system"), "system") + new RepositoryRole("user role", singletonList("user"), "xml"), + new RepositoryRole("group role", singletonList("group"), "xml"), + new RepositoryRole("system role", singletonList("system"), "system") )); String group = "heart-of-gold-crew"; @@ -236,6 +239,32 @@ public class DefaultAuthorizationCollectorTest { "user:read:trillian")); } + /** + * Tests {@link AuthorizationCollector#collect(PrincipalCollection)} with repository roles. + */ + @Test(expected = IllegalStateException.class) + @SubjectAware( + configuration = "classpath:sonia/scm/shiro-001.ini" + ) + public void testCollectWithUnknownRepositoryRole() { + when(repositoryPermissionProvider.availableRoles()).thenReturn( + singletonList( + new RepositoryRole("something", singletonList("something"), "xml") + )); + + String group = "heart-of-gold-crew"; + authenticate(UserTestData.createTrillian(), group); + Repository heartOfGold = RepositoryTestData.createHeartOfGold(); + heartOfGold.setId("one"); + heartOfGold.setPermissions(singletonList( + new RepositoryPermission("trillian", "unknown", false) + )); + when(repositoryDAO.getAll()).thenReturn(Lists.newArrayList(heartOfGold)); + + // execute and assert + AuthorizationInfo authInfo = collector.collect(); + } + /** * Tests {@link AuthorizationCollector#collect(PrincipalCollection)} ()} with global permissions. */