mirror of
https://github.com/scm-manager/scm-manager.git
synced 2026-07-04 09:09:18 +02:00
add permission check to hal links for tags
This commit is contained in:
@@ -354,7 +354,7 @@ public class BranchRootResource {
|
||||
@PathParam("name") String name,
|
||||
@PathParam("branch") String branch) {
|
||||
try (RepositoryService repositoryService = serviceFactory.create(new NamespaceAndName(namespace, name))) {
|
||||
RepositoryPermissions.modify(repositoryService.getRepository()).check();
|
||||
RepositoryPermissions.push(repositoryService.getRepository()).check();
|
||||
|
||||
Optional<Branch> branchToBeDeleted = repositoryService.getBranchesCommand().getBranches().getBranches().stream()
|
||||
.filter(b -> b.getName().equalsIgnoreCase(branch))
|
||||
|
||||
@@ -36,6 +36,7 @@ import sonia.scm.repository.Changeset;
|
||||
import sonia.scm.repository.Contributor;
|
||||
import sonia.scm.repository.Person;
|
||||
import sonia.scm.repository.Repository;
|
||||
import sonia.scm.repository.RepositoryPermissions;
|
||||
import sonia.scm.repository.Signature;
|
||||
import sonia.scm.repository.Tags;
|
||||
import sonia.scm.repository.api.Command;
|
||||
@@ -128,9 +129,11 @@ public abstract class DefaultChangesetToChangesetDtoMapper extends HalAppenderMa
|
||||
}
|
||||
if (tags != null) {
|
||||
embeddedBuilder.with("tags", tagCollectionToDtoMapper.getTagDtoList(namespace, name,
|
||||
getListOfObjects(source.getTags(), tags::getTagByName)));
|
||||
getListOfObjects(source.getTags(), tags::getTagByName), repository));
|
||||
}
|
||||
if (RepositoryPermissions.push(repository).isPermitted()) {
|
||||
linksBuilder.single(link("tag", resourceLinks.tag().create(namespace, name)));
|
||||
}
|
||||
linksBuilder.single(link("tag", resourceLinks.tag().create(namespace, name)));
|
||||
}
|
||||
if (repositoryService.isSupported(Command.BRANCHES)) {
|
||||
embeddedBuilder.with("branches", branchCollectionToDtoMapper.getBranchDtoList(repository,
|
||||
|
||||
@@ -29,6 +29,8 @@ import de.otto.edison.hal.Embedded;
|
||||
import de.otto.edison.hal.HalRepresentation;
|
||||
import de.otto.edison.hal.Links;
|
||||
import sonia.scm.repository.NamespaceAndName;
|
||||
import sonia.scm.repository.Repository;
|
||||
import sonia.scm.repository.RepositoryManager;
|
||||
import sonia.scm.repository.Tag;
|
||||
|
||||
import java.util.Collection;
|
||||
@@ -50,12 +52,13 @@ public class TagCollectionToDtoMapper {
|
||||
this.tagToTagDtoMapper = tagToTagDtoMapper;
|
||||
}
|
||||
|
||||
public HalRepresentation map(String namespace, String name, Collection<Tag> tags) {
|
||||
return new HalRepresentation(createLinks(namespace, name), embedDtos(getTagDtoList(namespace, name, tags)));
|
||||
public HalRepresentation map(String namespace, String name, Collection<Tag> tags, Repository repository) {
|
||||
return new HalRepresentation(createLinks(namespace, name), embedDtos(getTagDtoList(namespace, name, tags, repository)));
|
||||
}
|
||||
|
||||
public List<TagDto> getTagDtoList(String namespace, String name, Collection<Tag> tags) {
|
||||
return tags.stream().map(tag -> tagToTagDtoMapper.map(tag, new NamespaceAndName(namespace, name))).collect(toList());
|
||||
public List<TagDto> getTagDtoList(String namespace, String name, Collection<Tag> tags, Repository repository) {
|
||||
final NamespaceAndName namespaceAndName = new NamespaceAndName(namespace, name);
|
||||
return tags.stream().map(tag -> tagToTagDtoMapper.map(tag, namespaceAndName, repository)).collect(toList());
|
||||
}
|
||||
|
||||
private Links createLinks(String namespace, String name) {
|
||||
|
||||
@@ -100,7 +100,7 @@ public class TagRootResource {
|
||||
try (RepositoryService repositoryService = serviceFactory.create(new NamespaceAndName(namespace, name))) {
|
||||
Tags tags = getTags(repositoryService);
|
||||
if (tags != null && tags.getTags() != null) {
|
||||
return Response.ok(tagCollectionToDtoMapper.map(namespace, name, tags.getTags())).build();
|
||||
return Response.ok(tagCollectionToDtoMapper.map(namespace, name, tags.getTags(), repositoryService.getRepository())).build();
|
||||
} else {
|
||||
return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
|
||||
.entity("Error on getting tag from repository.")
|
||||
@@ -194,7 +194,7 @@ public class TagRootResource {
|
||||
.filter(t -> tagName.equals(t.getName()))
|
||||
.findFirst()
|
||||
.orElseThrow(() -> createNotFoundException(namespace, name, tagName));
|
||||
return Response.ok(tagToTagDtoMapper.map(tag, namespaceAndName)).build();
|
||||
return Response.ok(tagToTagDtoMapper.map(tag, namespaceAndName, repositoryService.getRepository())).build();
|
||||
} else {
|
||||
return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
|
||||
.entity("Error on getting tag from repository.")
|
||||
@@ -230,7 +230,7 @@ public class TagRootResource {
|
||||
public Response delete(@PathParam("namespace") String namespace, @PathParam("name") String name, @PathParam("tagName") String tagName) {
|
||||
NamespaceAndName namespaceAndName = new NamespaceAndName(namespace, name);
|
||||
try (RepositoryService repositoryService = serviceFactory.create(namespaceAndName)) {
|
||||
RepositoryPermissions.modify(repositoryService.getRepository()).check();
|
||||
RepositoryPermissions.push(repositoryService.getRepository()).check();
|
||||
|
||||
if (tagExists(tagName, repositoryService)) {
|
||||
repositoryService.getTagCommand().delete()
|
||||
|
||||
@@ -55,16 +55,16 @@ public abstract class TagToTagDtoMapper extends HalAppenderMapper {
|
||||
@Mapping(target = "date", source = "date", qualifiedByName = "mapDate")
|
||||
@Mapping(target = "attributes", ignore = true) // We do not map HAL attributes
|
||||
@Mapping(target = "signatures")
|
||||
public abstract TagDto map(Tag tag, @Context NamespaceAndName namespaceAndName);
|
||||
public abstract TagDto map(Tag tag, @Context NamespaceAndName namespaceAndName, @Context Repository repository);
|
||||
|
||||
@ObjectFactory
|
||||
TagDto createDto(@Context NamespaceAndName namespaceAndName, Tag tag) {
|
||||
TagDto createDto(@Context NamespaceAndName namespaceAndName, @Context Repository repository, Tag tag) {
|
||||
Links.Builder linksBuilder = linkingTo()
|
||||
.self(resourceLinks.tag().self(namespaceAndName.getNamespace(), namespaceAndName.getName(), tag.getName()))
|
||||
.single(link("sources", resourceLinks.source().self(namespaceAndName.getNamespace(), namespaceAndName.getName(), tag.getRevision())))
|
||||
.single(link("changeset", resourceLinks.changeset().self(namespaceAndName.getNamespace(), namespaceAndName.getName(), tag.getRevision())));
|
||||
|
||||
if (tag.getDeletable()) {
|
||||
if (tag.getDeletable() && RepositoryPermissions.push(repository).isPermitted()) {
|
||||
linksBuilder
|
||||
.single(link("delete", resourceLinks.tag().delete(namespaceAndName.getNamespace(), namespaceAndName.getName(), tag.getName())));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user