From b95066946eaad95a8c67bd65de3a856f03dcbe40 Mon Sep 17 00:00:00 2001 From: Johannes Schnatterer Date: Thu, 21 Jun 2018 14:50:55 +0200 Subject: [PATCH] User resource: No longer check for admin role. In SCMM v2 we use permissions. The checks are already implemented in DefaultUserManager called by the resource. When not authorized, the check results in an AuthorizationException, which is mapped to 403. As this is no longer realized in the resource, the corresponding test is removed. --- .../scm/api/v2/resources/UserResource.java | 18 +++--------------- .../api/v2/resources/UserRootResourceTest.java | 12 ------------ 2 files changed, 3 insertions(+), 27 deletions(-) diff --git a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserResource.java b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserResource.java index 87ac1844c2..ebfbdda6f1 100644 --- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserResource.java +++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserResource.java @@ -4,9 +4,7 @@ import com.google.inject.Inject; import com.webcohesion.enunciate.metadata.rs.ResponseCode; import com.webcohesion.enunciate.metadata.rs.StatusCodes; import com.webcohesion.enunciate.metadata.rs.TypeHint; -import org.apache.shiro.SecurityUtils; import sonia.scm.api.rest.resources.AbstractManagerResource; -import sonia.scm.security.Role; import sonia.scm.user.User; import sonia.scm.user.UserException; import sonia.scm.user.UserManager; @@ -47,18 +45,10 @@ public class UserResource extends AbstractManagerResource { @ResponseCode(code = 404, condition = "not found, no group with the specified id/name available"), @ResponseCode(code = 500, condition = "internal server error") }) - public Response get(@Context Request request, @Context UriInfo uriInfo, @PathParam("id") String id) - { - if (SecurityUtils.getSubject().hasRole(Role.ADMIN)) - { + public Response get(@Context Request request, @Context UriInfo uriInfo, @PathParam("id") String id) { User user = manager.get(id); UserDto userDto = userToDtoMapper.map(user); return Response.ok(userDto).build(); - } - else - { - return Response.status(Response.Status.FORBIDDEN).build(); - } } @PUT @@ -70,8 +60,7 @@ public class UserResource extends AbstractManagerResource { }) @TypeHint(TypeHint.NO_CONTENT.class) public Response update(@Context UriInfo uriInfo, - @PathParam("id") String name, UserDto userDto) - { + @PathParam("id") String name, UserDto userDto) { String originalPassword = manager.get(name).getPassword(); User user = dtoToUserMapper.map(userDto, originalPassword); return update(name, user); @@ -85,8 +74,7 @@ public class UserResource extends AbstractManagerResource { @ResponseCode(code = 500, condition = "internal server error") }) @TypeHint(TypeHint.NO_CONTENT.class) - public Response delete(@PathParam("id") String name) - { + public Response delete(@PathParam("id") String name) { return super.delete(name); } diff --git a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/UserRootResourceTest.java b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/UserRootResourceTest.java index 4064432a72..93f0499f14 100644 --- a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/UserRootResourceTest.java +++ b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/UserRootResourceTest.java @@ -93,7 +93,6 @@ public class UserRootResourceTest { dispatcher.invoke(request, response); assertEquals(HttpServletResponse.SC_OK, response.getStatus()); - System.out.println(response.getContentAsString()); assertTrue(response.getContentAsString().contains("\"name\":\"Neo\"")); assertTrue(response.getContentAsString().contains("\"password\":\"__dummypassword__\"")); assertTrue(response.getContentAsString().contains("\"self\":{\"href\":\"/v2/users/Neo\"}")); @@ -115,17 +114,6 @@ public class UserRootResourceTest { assertFalse(response.getContentAsString().contains("\"delete\":{\"href\":\"/v2/users/Neo\"}")); } - @Test - @SubjectAware(username = "unpriv") - public void shouldNotGetSingleUserForSimpleUser() throws URISyntaxException { - MockHttpRequest request = MockHttpRequest.get("/" + UserRootResource.USERS_PATH_V2 + "Neo"); - MockHttpResponse response = new MockHttpResponse(); - - dispatcher.invoke(request, response); - - assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus()); - } - @Test public void shouldCreateNewUserWithEncryptedPassword() throws URISyntaxException, IOException { URL url = Resources.getResource("sonia/scm/api/v2/user-test-create.json");