Check log permission before returning stream

scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryImportResource.java

@@ -261,7 +261,8 @@ public class RepositoryImportResource {
   @GET
   @Path("log/{logId}")
   @Produces(MediaType.TEXT_PLAIN)
-  public StreamingOutput getImportLog(@PathParam("logId") String logId) {
+  public StreamingOutput getImportLog(@PathParam("logId") String logId) throws IOException {
+    importLoggerFactory.checkCanReadLog(logId);
     return out -> importLoggerFactory.getLog(logId, out);
   }
 

scm-webapp/src/main/java/sonia/scm/importexport/RepositoryImportLoggerFactory.java

@@ -53,13 +53,25 @@ public class RepositoryImportLoggerFactory {
     return new RepositoryImportLogger(blobStoreFactory.withName("imports").build());
   }
 
+  public void checkCanReadLog(String logId) throws IOException {
+    try (InputStream blob = getBlob(logId)) {
+      // nothing to read
+    }
+  }
+
   public void getLog(String logId, OutputStream out) throws IOException {
+    try (InputStream log = getBlob(logId)) {
+      IOUtil.copy(log, out);
+    }
+  }
+
+  private InputStream getBlob(String logId) throws IOException {
     BlobStore importStore = blobStoreFactory.withName("imports").build();
     InputStream log = importStore
       .getOptional(logId).orElseThrow(() -> new NotFoundException("Log", logId))
       .getInputStream();
     checkPermission(log);
-    IOUtil.copy(log, out);
+    return log;
   }
 
   private void checkPermission(InputStream log) throws IOException {

scm-webapp/src/test/java/sonia/scm/api/v2/resources/RepositoryImportResourceTest.java

@@ -289,6 +289,7 @@ public class RepositoryImportResourceTest extends RepositoryTestBase {
 
     assertThat(response.getStatus()).isEqualTo(SC_OK);
     assertThat(response.getContentAsString()).isEqualTo("some log");
+    verify(importLoggerFactory).checkCanReadLog("42");
   }
 
   private boolean streamHasContent(InputStream argument, String expectedContent) {