diff --git a/scm-core/src/main/java/sonia/scm/repository/spi/HttpScmProtocol.java b/scm-core/src/main/java/sonia/scm/repository/spi/HttpScmProtocol.java index f2d49b8570..51467d9f5c 100644 --- a/scm-core/src/main/java/sonia/scm/repository/spi/HttpScmProtocol.java +++ b/scm-core/src/main/java/sonia/scm/repository/spi/HttpScmProtocol.java @@ -32,4 +32,8 @@ public abstract class HttpScmProtocol implements ScmProtocol { } public abstract void serve(HttpServletRequest request, HttpServletResponse response, ServletConfig config) throws ServletException, IOException; + + Repository getRepository() { + return repository; + } } diff --git a/scm-core/src/main/java/sonia/scm/repository/spi/InitializingHttpScmProtocolWrapper.java b/scm-core/src/main/java/sonia/scm/repository/spi/InitializingHttpScmProtocolWrapper.java index e2634826b1..ba63cf8501 100644 --- a/scm-core/src/main/java/sonia/scm/repository/spi/InitializingHttpScmProtocolWrapper.java +++ b/scm-core/src/main/java/sonia/scm/repository/spi/InitializingHttpScmProtocolWrapper.java @@ -1,7 +1,13 @@ package sonia.scm.repository.spi; +import org.apache.shiro.SecurityUtils; +import org.apache.shiro.subject.Subject; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import sonia.scm.api.v2.resources.UriInfoStore; import sonia.scm.repository.Repository; +import sonia.scm.web.filter.PermissionFilter; +import sonia.scm.web.filter.ProviderPermissionFilter; import javax.inject.Provider; import javax.servlet.ServletConfig; @@ -13,14 +19,19 @@ import java.io.IOException; public abstract class InitializingHttpScmProtocolWrapper { + private static final Logger logger = + LoggerFactory.getLogger(InitializingHttpScmProtocolWrapper.class); + private final Provider delegateProvider; + private final Provider permissionFilterProvider; private final Provider uriInfoStore; private volatile boolean isInitialized = false; - protected InitializingHttpScmProtocolWrapper(Provider delegateProvider, Provider uriInfoStore) { + protected InitializingHttpScmProtocolWrapper(Provider delegateProvider, Provider permissionFilterProvider, Provider uriInfoStore) { this.delegateProvider = delegateProvider; + this.permissionFilterProvider = permissionFilterProvider; this.uriInfoStore = uriInfoStore; } @@ -49,7 +60,33 @@ public abstract class InitializingHttpScmProtocolWrapper { } } } - delegateProvider.get().service(request, response); + + if (getRepository() != null) + { + Subject subject = SecurityUtils.getSubject(); + + PermissionFilter permissionFilter = permissionFilterProvider.get(); + boolean writeRequest = permissionFilter.isWriteRequest(request); + + if (permissionFilter.hasPermission(getRepository(), writeRequest)) + { +// logger.trace("{} access to repository {} for user {} granted", +// getActionAsString(writeRequest), repository.getName(), +// getUserName(subject)); + + delegateProvider.get().service(request, response); + } + else + { +// logger.info("{} access to repository {} for user {} denied", +// getActionAsString(writeRequest), repository.getName(), +// getUserName(subject)); + + permissionFilter.sendAccessDenied(request, response, subject); + } + } + } } + } diff --git a/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java b/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java index dd3c82e800..732bac1c57 100644 --- a/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java +++ b/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java @@ -106,7 +106,7 @@ public abstract class PermissionFilter extends HttpFilter * * @return returns true if the current request is a write request */ - protected abstract boolean isWriteRequest(HttpServletRequest request); + public abstract boolean isWriteRequest(HttpServletRequest request); //~--- methods -------------------------------------------------------------- @@ -249,7 +249,7 @@ public abstract class PermissionFilter extends HttpFilter * * @throws IOException */ - private void sendAccessDenied(HttpServletRequest request, + public void sendAccessDenied(HttpServletRequest request, HttpServletResponse response, Subject subject) throws IOException { @@ -328,7 +328,7 @@ public abstract class PermissionFilter extends HttpFilter * * @return true if the current user has the required permissions */ - private boolean hasPermission(Repository repository, boolean writeRequest) + public boolean hasPermission(Repository repository, boolean writeRequest) { boolean permitted; diff --git a/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/GitPermissionFilter.java b/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/GitPermissionFilter.java index 068284188d..ca88e06a41 100644 --- a/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/GitPermissionFilter.java +++ b/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/GitPermissionFilter.java @@ -98,7 +98,7 @@ public class GitPermissionFilter extends ProviderPermissionFilter } @Override - protected boolean isWriteRequest(HttpServletRequest request) { + public boolean isWriteRequest(HttpServletRequest request) { return isReceivePackRequest(request) || isReceiveServiceRequest(request) || isLfsFileUpload(request); diff --git a/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/GitScmProtocolProviderWrapper.java b/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/GitScmProtocolProviderWrapper.java index f2210259c2..ae378c2439 100644 --- a/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/GitScmProtocolProviderWrapper.java +++ b/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/GitScmProtocolProviderWrapper.java @@ -10,7 +10,7 @@ import javax.inject.Singleton; @Singleton public class GitScmProtocolProviderWrapper extends InitializingHttpScmProtocolWrapper { @Inject - public GitScmProtocolProviderWrapper(Provider servletProvider, Provider uriInfoStore) { - super(servletProvider, uriInfoStore); + public GitScmProtocolProviderWrapper(Provider servletProvider, Provider permissionFilter, Provider uriInfoStore) { + super(servletProvider, permissionFilter, uriInfoStore); } } diff --git a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgPermissionFilter.java b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgPermissionFilter.java index c05f03dc4e..9350f8399c 100644 --- a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgPermissionFilter.java +++ b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgPermissionFilter.java @@ -74,7 +74,7 @@ public class HgPermissionFilter extends ProviderPermissionFilter //~--- get methods ---------------------------------------------------------- @Override - protected boolean isWriteRequest(HttpServletRequest request) + public boolean isWriteRequest(HttpServletRequest request) { return !READ_METHODS.contains(request.getMethod()); } diff --git a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgScmProtocolProviderWrapper.java b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgScmProtocolProviderWrapper.java index a69ff10512..ba5c40e7f9 100644 --- a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgScmProtocolProviderWrapper.java +++ b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgScmProtocolProviderWrapper.java @@ -10,7 +10,7 @@ import javax.inject.Singleton; @Singleton public class HgScmProtocolProviderWrapper extends InitializingHttpScmProtocolWrapper { @Inject - public HgScmProtocolProviderWrapper(Provider servletProvider, Provider uriInfoStore) { - super(servletProvider, uriInfoStore); + public HgScmProtocolProviderWrapper(Provider servletProvider, Provider permissionFilter, Provider uriInfoStore) { + super(servletProvider, permissionFilter, uriInfoStore); } } diff --git a/scm-plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnPermissionFilter.java b/scm-plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnPermissionFilter.java index 857e3d6d71..43a4f1baec 100644 --- a/scm-plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnPermissionFilter.java +++ b/scm-plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnPermissionFilter.java @@ -126,7 +126,7 @@ public class SvnPermissionFilter extends ProviderPermissionFilter * @return */ @Override - protected boolean isWriteRequest(HttpServletRequest request) + public boolean isWriteRequest(HttpServletRequest request) { return WRITEMETHOD_SET.contains(request.getMethod().toUpperCase()); } diff --git a/scm-plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnScmProtocolProviderWrapper.java b/scm-plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnScmProtocolProviderWrapper.java index 4e619e27f8..7907e55dcc 100644 --- a/scm-plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnScmProtocolProviderWrapper.java +++ b/scm-plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnScmProtocolProviderWrapper.java @@ -17,8 +17,8 @@ import static sonia.scm.web.SvnServletModule.PARAMETER_SVN_PARENTPATH; @Singleton public class SvnScmProtocolProviderWrapper extends InitializingHttpScmProtocolWrapper { @Inject - public SvnScmProtocolProviderWrapper(Provider servletProvider, Provider uriInfoStore) { - super(servletProvider, uriInfoStore); + public SvnScmProtocolProviderWrapper(Provider servletProvider, Provider permissionFilter, Provider uriInfoStore) { + super(servletProvider, permissionFilter, uriInfoStore); } @Override