From 88e9e83647d1c4b0910f51739f2dec0914f2c2c2 Mon Sep 17 00:00:00 2001
From: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Date: Wed, 1 May 2013 20:57:47 +0200
Subject: [PATCH] remove permission objects if a group or a user is deleted

---
 .../scm/security/DefaultSecuritySystem.java   | 70 +++++++++++++++++++
 1 file changed, 70 insertions(+)

diff --git a/scm-webapp/src/main/java/sonia/scm/security/DefaultSecuritySystem.java b/scm-webapp/src/main/java/sonia/scm/security/DefaultSecuritySystem.java
index cdf9ce26e5..b3d4be0c1a 100644
--- a/scm-webapp/src/main/java/sonia/scm/security/DefaultSecuritySystem.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/DefaultSecuritySystem.java
@@ -36,6 +36,7 @@ package sonia.scm.security;
 import com.google.common.base.Predicate;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableList.Builder;
+import com.google.common.eventbus.Subscribe;
 import com.google.inject.Inject;
 import com.google.inject.Singleton;
 
@@ -45,8 +46,12 @@ import org.apache.shiro.subject.PrincipalCollection;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import sonia.scm.HandlerEvent;
+import sonia.scm.event.Subscriber;
+import sonia.scm.group.GroupEvent;
 import sonia.scm.store.ConfigurationEntryStore;
 import sonia.scm.store.ConfigurationEntryStoreFactory;
+import sonia.scm.user.UserEvent;
 
 //~--- JDK imports ------------------------------------------------------------
 
@@ -73,6 +78,7 @@ import javax.xml.bind.annotation.XmlRootElement;
  * @since 1.31
  */
 @Singleton
+@Subscriber(async = true)
 public class DefaultSecuritySystem implements SecuritySystem
 {
 
@@ -150,6 +156,54 @@ public class DefaultSecuritySystem implements SecuritySystem
     store.remove(id);
   }
 
+  /**
+   * Method description
+   *
+   *
+   * @param event
+   */
+  @Subscribe
+  public void handleEvent(final UserEvent event)
+  {
+    if (event.getEventType() == HandlerEvent.DELETE)
+    {
+      deletePermissions(new Predicate<AssignedPermission>()
+      {
+
+        @Override
+        public boolean apply(AssignedPermission p)
+        {
+          return !p.isGroupPermission()
+            && event.getItem().getName().equals(p.getName());
+        }
+      });
+    }
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param event
+   */
+  @Subscribe
+  public void handleEvent(final GroupEvent event)
+  {
+    if (event.getEventType() == HandlerEvent.DELETE)
+    {
+      deletePermissions(new Predicate<AssignedPermission>()
+      {
+
+        @Override
+        public boolean apply(AssignedPermission p)
+        {
+          return p.isGroupPermission()
+            && event.getItem().getName().equals(p.getName());
+        }
+      });
+    }
+  }
+
   /**
    * Method description
    *
@@ -270,6 +324,22 @@ public class DefaultSecuritySystem implements SecuritySystem
     SecurityUtils.getSubject().checkRole(Role.ADMIN);
   }
 
+  /**
+   * Method description
+   *
+   *
+   * @param predicate
+   */
+  private void deletePermissions(Predicate<AssignedPermission> predicate)
+  {
+    List<StoredAssignedPermission> permissions = getPermissions(predicate);
+
+    for (StoredAssignedPermission permission : permissions)
+    {
+      deletePermission(permission);
+    }
+  }
+
   /**
    * Method description
    *