added permission check for svn

2026-03-06 12:20:56 +01:00 · 2010-11-21 15:27:28 +01:00
parent 9cb8ce5a50
commit cdb295bdf3
5 changed files with 213 additions and 34 deletions
--- a/plugins/scm-git-plugin/src/main/java/sonia/scm/web/GitPermissionFilter.java
+++ b/plugins/scm-git-plugin/src/main/java/sonia/scm/web/GitPermissionFilter.java
@@ -62,10 +62,6 @@ public class GitPermissionFilter extends PermissionFilter
  /** Field description */
  public static final String PATTERN_WRITEREQUEST = "git-receive-pack";

-  /** Field description */
-  public static final Pattern PATTERN_REPOSITORYNAME =
-    Pattern.compile("/[^/]+/([^/]+)(?:/.*)?");
-
  //~--- constructors ---------------------------------------------------------

  /**
@@ -90,28 +86,14 @@ public class GitPermissionFilter extends PermissionFilter
   * Method description
   *
   *
-   * @param request
+   * @param name
   *
   * @return
   */
  @Override
-  protected Repository getRepository(HttpServletRequest request)
+  protected Repository getRepository(String name)
  {
-    Repository repository = null;
-    String uri = request.getRequestURI();
-
-    uri = uri.substring(request.getContextPath().length());
-
-    Matcher m = PATTERN_REPOSITORYNAME.matcher(uri);
-
-    if (m.matches())
-    {
-      String repositoryname = m.group(1);
-
-      repository = handler.getByName(repositoryname);
-    }
-
-    return repository;
+    return handler.getByName(name);
  }

  /**
--- a/plugins/scm-svn-plugin/src/main/java/sonia/scm/repository/SvnRepositoryHandler.java
+++ b/plugins/scm-svn-plugin/src/main/java/sonia/scm/repository/SvnRepositoryHandler.java
@@ -67,6 +67,31 @@ public class SvnRepositoryHandler

  //~--- get methods ----------------------------------------------------------

+  /**
+   * TODO dont use getAll
+   *
+   *
+   * @param name
+   *
+   * @return
+   */
+  public Repository getByName(String name)
+  {
+    Repository repository = null;
+
+    for (Repository r : getAll())
+    {
+      if (r.getName().equals(name))
+      {
+        repository = r;
+
+        break;
+      }
+    }
+
+    return repository;
+  }
+
  /**
   * Method description
   *
--- a/plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnPermissionFilter.java
+++ b/plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnPermissionFilter.java
@@ -0,0 +1,121 @@
+/**
+ * Copyright (c) 2010, Sebastian Sdorra
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. Neither the name of SCM-Manager; nor the names of its
+ *    contributors may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+
+
+
+package sonia.scm.web;
+
+//~--- non-JDK imports --------------------------------------------------------
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.google.inject.Singleton;
+
+import sonia.scm.repository.Repository;
+import sonia.scm.repository.SvnRepositoryHandler;
+import sonia.scm.web.filter.PermissionFilter;
+import sonia.scm.web.security.SecurityContext;
+
+//~--- JDK imports ------------------------------------------------------------
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ *
+ * @author Sebastian Sdorra
+ */
+@Singleton
+public class SvnPermissionFilter extends PermissionFilter
+{
+
+  /** Field description */
+  private static Set<String> WRITEMETHOD_SET =
+    new HashSet<String>(Arrays.asList("MKACTIVITY", "PROPPATCH", "PUT",
+      "CHECKOUT", "MKCOL", "MOVE", "COPY", "DELETE", "LOCK", "UNLOCK",
+      "MERGE"));
+
+  //~--- constructors ---------------------------------------------------------
+
+  /**
+   * Constructs ...
+   *
+   *
+   *
+   * @param securityContextProvider
+   * @param handler
+   */
+  @Inject
+  public SvnPermissionFilter(Provider<SecurityContext> securityContextProvider,
+                             SvnRepositoryHandler handler)
+  {
+    super(securityContextProvider);
+    this.handler = handler;
+  }
+
+  //~--- get methods ----------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @param name
+   *
+   * @return
+   */
+  @Override
+  protected Repository getRepository(String name)
+  {
+    return handler.getByName(name);
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param request
+   *
+   * @return
+   */
+  @Override
+  protected boolean isWriteRequest(HttpServletRequest request)
+  {
+    return WRITEMETHOD_SET.contains(request.getMethod().toUpperCase());
+  }
+
+  //~--- fields ---------------------------------------------------------------
+
+  /** Field description */
+  private SvnRepositoryHandler handler;
+}
--- a/plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnServletModule.java
+++ b/plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnServletModule.java
@@ -51,6 +51,14 @@ import java.util.Map;
 public class SvnServletModule extends ServletModule
 {

+  /** Field description */
+  public static final String PARAMETER_SVN_PARENTPATH = "SVNParentPath";
+
+  /** Field description */
+  public static final String PATTERN_SVN = "/svn/*";
+
+  //~--- methods --------------------------------------------------------------
+
  /**
   * Method description
   *
@@ -58,11 +66,13 @@ public class SvnServletModule extends ServletModule
  @Override
  protected void configureServlets()
  {
-    filter("/svn/*").through(BasicAuthenticationFilter.class);
+    filter(PATTERN_SVN).through(BasicAuthenticationFilter.class);
+    filter(PATTERN_SVN).through(SvnPermissionFilter.class);

    Map<String, String> parameters = new HashMap<String, String>();

-    parameters.put("SVNParentPath", System.getProperty("java.io.tmpdir"));
-    serve("/svn/*").with(SvnDAVServlet.class, parameters);
+    parameters.put(PARAMETER_SVN_PARENTPATH,
+                   System.getProperty("java.io.tmpdir"));
+    serve(PATTERN_SVN).with(SvnDAVServlet.class, parameters);
  }
 }
--- a/scm-web-api/src/main/java/sonia/scm/web/filter/PermissionFilter.java
+++ b/scm-web-api/src/main/java/sonia/scm/web/filter/PermissionFilter.java
@@ -50,6 +50,9 @@ import sonia.scm.web.security.SecurityContext;

 import java.io.IOException;

+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -66,6 +69,10 @@ public abstract class PermissionFilter extends HttpFilter
  private static final Logger logger =
    LoggerFactory.getLogger(PermissionFilter.class);

+  /** Field description */
+  public static final Pattern PATTERN_REPOSITORYNAME =
+    Pattern.compile("/[^/]+/([^/]+)(?:/.*)?");
+
  //~--- constructors ---------------------------------------------------------

  /**
@@ -81,16 +88,6 @@ public abstract class PermissionFilter extends HttpFilter

  //~--- get methods ----------------------------------------------------------

-  /**
-   * Method description
-   *
-   *
-   * @param request
-   *
-   * @return
-   */
-  protected abstract Repository getRepository(HttpServletRequest request);
-
  /**
   * Method description
   *
@@ -173,6 +170,50 @@ public abstract class PermissionFilter extends HttpFilter
    }
  }

+  //~--- get methods ----------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @param request
+   *
+   * @return
+   */
+  protected Repository getRepository(HttpServletRequest request)
+  {
+    Repository repository = null;
+    String uri = request.getRequestURI();
+
+    uri = uri.substring(request.getContextPath().length());
+
+    Matcher m = PATTERN_REPOSITORYNAME.matcher(uri);
+
+    if (m.matches())
+    {
+      String repositoryname = m.group(1);
+
+      repository = getRepository(repositoryname);
+    }
+
+    return repository;
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param name
+   *
+   * @return
+   */
+  protected Repository getRepository(String name)
+  {
+    return null;
+  }
+
+  ;
+
  //~--- fields ---------------------------------------------------------------

  /** Field description */