mirror of
https://github.com/scm-manager/scm-manager.git
synced 2026-03-21 03:21:36 +01:00
Add namespace owner on namespace creation
Namespace owner may see the namespace configuration page. Committed-by: René Pfeuffer<rene.pfeuffer@cloudogu.com>
This commit is contained in:
Eduard Heimbuch
@@ -132,8 +132,8 @@ class NamespaceRootResourceTest {
|
||||
@BeforeEach
|
||||
void mockNoPermissions() {
|
||||
lenient().when(subject.isPermitted(anyString())).thenReturn(false);
|
||||
lenient().doThrow(AuthorizationException.class).when(subject).checkPermission("namespace:permissionRead");
|
||||
lenient().doThrow(AuthorizationException.class).when(subject).checkPermission("namespace:permissionWrite");
|
||||
lenient().doThrow(AuthorizationException.class).when(subject).checkPermission("namespace:permissionRead:space");
|
||||
lenient().doThrow(AuthorizationException.class).when(subject).checkPermission("namespace:permissionWrite:space");
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -202,8 +202,8 @@ class NamespaceRootResourceTest {
|
||||
|
||||
@BeforeEach
|
||||
void grantReadPermission() {
|
||||
lenient().when(subject.isPermitted("namespace:permissionRead")).thenReturn(true);
|
||||
lenient().when(subject.isPermitted("namespace:permissionWrite")).thenReturn(false);
|
||||
lenient().when(subject.isPermitted("namespace:permissionRead:space")).thenReturn(true);
|
||||
lenient().when(subject.isPermitted("namespace:permissionWrite:space")).thenReturn(false);
|
||||
lenient().doThrow(AuthorizationException.class).when(subject).checkPermission("namespace:permissionWrite");
|
||||
}
|
||||
|
||||
@@ -259,8 +259,10 @@ class NamespaceRootResourceTest {
|
||||
|
||||
@BeforeEach
|
||||
void grantWritePermission() {
|
||||
lenient().when(subject.isPermitted("namespace:permissionWrite")).thenReturn(true);
|
||||
lenient().doNothing().when(subject).checkPermission("namespace:permissionWrite");
|
||||
lenient().when(subject.isPermitted("namespace:permissionWrite:space")).thenReturn(true);
|
||||
lenient().when(subject.isPermitted("namespace:permissionWrite:hitchhiker")).thenReturn(true);
|
||||
lenient().doNothing().when(subject).checkPermission("namespace:permissionWrite:space");
|
||||
lenient().doNothing().when(subject).checkPermission("namespace:permissionWrite:hitchhiker");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -39,16 +39,23 @@ import sonia.scm.HandlerEventType;
|
||||
import sonia.scm.event.ScmEventBus;
|
||||
import sonia.scm.store.InMemoryDataStore;
|
||||
import sonia.scm.store.InMemoryDataStoreFactory;
|
||||
import sonia.scm.web.security.AdministrationContext;
|
||||
import sonia.scm.web.security.PrivilegedAction;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Optional;
|
||||
import java.util.function.Predicate;
|
||||
import java.util.stream.Stream;
|
||||
|
||||
import static java.util.Arrays.asList;
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.ArgumentMatchers.argThat;
|
||||
import static org.mockito.Mockito.doAnswer;
|
||||
import static org.mockito.Mockito.lenient;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
import static sonia.scm.HandlerEventType.CREATE;
|
||||
import static sonia.scm.HandlerEventType.DELETE;
|
||||
import static sonia.scm.HandlerEventType.MODIFY;
|
||||
|
||||
@@ -61,6 +68,8 @@ class DefaultNamespaceManagerTest {
|
||||
@Mock
|
||||
ScmEventBus eventBus;
|
||||
@Mock
|
||||
AdministrationContext administrationContext;
|
||||
@Mock
|
||||
Subject subject;
|
||||
|
||||
Namespace life;
|
||||
@@ -84,7 +93,7 @@ class DefaultNamespaceManagerTest {
|
||||
universe = new Namespace("universe");
|
||||
rest = new Namespace("rest");
|
||||
|
||||
manager = new DefaultNamespaceManager(repositoryManager, dao, eventBus);
|
||||
manager = new DefaultNamespaceManager(repositoryManager, dao, eventBus, administrationContext);
|
||||
}
|
||||
|
||||
@BeforeEach
|
||||
@@ -108,7 +117,7 @@ class DefaultNamespaceManagerTest {
|
||||
void shouldCleanUpPermissionWhenLastRepositoryOfNamespaceWasDeleted() {
|
||||
when(repositoryManager.getAllNamespaces()).thenReturn(asList("universe", "rest"));
|
||||
|
||||
manager.cleanupDeletedNamespaces(new RepositoryEvent(DELETE, new Repository("1", "git", "life", "earth")));
|
||||
manager.handleRepositoryEvent(new RepositoryEvent(DELETE, new Repository("1", "git", "life", "earth")));
|
||||
|
||||
assertThat(dao.get("life")).isEmpty();
|
||||
}
|
||||
@@ -117,7 +126,7 @@ class DefaultNamespaceManagerTest {
|
||||
void shouldCleanUpPermissionWhenLastRepositoryOfNamespaceWasRenamed() {
|
||||
when(repositoryManager.getAllNamespaces()).thenReturn(asList("universe", "rest", "highway"));
|
||||
|
||||
manager.cleanupDeletedNamespaces(
|
||||
manager.handleRepositoryEvent(
|
||||
new RepositoryModificationEvent(
|
||||
MODIFY,
|
||||
new Repository("1", "git", "highway", "earth"),
|
||||
@@ -126,6 +135,26 @@ class DefaultNamespaceManagerTest {
|
||||
assertThat(dao.get("life")).isEmpty();
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldCreateOwnerPermissionWhenFirstRepositoryOfNamespaceWasCreated() {
|
||||
when(subject.getPrincipal()).thenReturn("trillian");
|
||||
when(repositoryManager.getAllNamespaces()).thenReturn(asList("rest", "highway", "universe"));
|
||||
when(repositoryManager.getAll(any()))
|
||||
.thenAnswer(invocation -> Stream.of(new Repository("1", "git", "universe", "earth")).filter(invocation.getArgument(0, Predicate.class)).toList());
|
||||
doAnswer(invocation -> {
|
||||
invocation.getArgument(0, Runnable.class).run();
|
||||
return null;
|
||||
}).when(administrationContext).runAsAdmin(any(PrivilegedAction.class));
|
||||
manager.handleRepositoryEvent(
|
||||
new RepositoryModificationEvent(
|
||||
CREATE,
|
||||
new Repository("1", "git", "universe", "earth"),
|
||||
null));
|
||||
|
||||
assertThat(dao.get("universe")).isNotEmpty();
|
||||
assertThat(dao.get("universe").get().getPermissions()).extracting("name").contains("trillian");
|
||||
}
|
||||
|
||||
@Nested
|
||||
class WithPermissionToReadPermissions {
|
||||
|
||||
@@ -183,8 +212,8 @@ class DefaultNamespaceManagerTest {
|
||||
|
||||
@BeforeEach
|
||||
void grantReadPermission() {
|
||||
when(subject.isPermitted("namespace:permissionRead")).thenReturn(false);
|
||||
lenient().doThrow(AuthorizationException.class).when(subject).checkPermission("namespace:permissionWrite");
|
||||
when(subject.isPermitted("namespace:permissionRead:*")).thenReturn(false);
|
||||
lenient().doThrow(AuthorizationException.class).when(subject).checkPermission("namespace:permissionWrite:*");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -0,0 +1,56 @@
|
||||
/*
|
||||
* MIT License
|
||||
*
|
||||
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
package sonia.scm.update.security;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import sonia.scm.security.AssignedPermission;
|
||||
import sonia.scm.store.ConfigurationEntryStore;
|
||||
import sonia.scm.store.InMemoryByteConfigurationEntryStoreFactory;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
class NamespacePermissionsUpdateStepTest {
|
||||
|
||||
private final InMemoryByteConfigurationEntryStoreFactory entryStoreFactory = new InMemoryByteConfigurationEntryStoreFactory();
|
||||
private final NamespacePermissionsUpdateStep updateStep = new NamespacePermissionsUpdateStep(entryStoreFactory);
|
||||
|
||||
@Test
|
||||
void shouldUpdatePermissions() throws Exception {
|
||||
ConfigurationEntryStore<AssignedPermission> securityStore = createSecurityStore();
|
||||
securityStore.put(new AssignedPermission("trillian", false, "namespace:permissionRead"));
|
||||
securityStore.put(new AssignedPermission("dent", true, "namespace:permissionRead,permissionWrite"));
|
||||
|
||||
updateStep.doUpdate();
|
||||
|
||||
assertThat(securityStore.getAll().values())
|
||||
.hasSize(2)
|
||||
.contains(new AssignedPermission("trillian", false, "namespace:permissionRead:*"))
|
||||
.contains(new AssignedPermission("dent", true, "namespace:permissionRead,permissionWrite:*"));
|
||||
}
|
||||
|
||||
private ConfigurationEntryStore<AssignedPermission> createSecurityStore() {
|
||||
return entryStoreFactory.withType(AssignedPermission.class).withName("security").build();
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user