From dd9fab825b032691874afd8fd60c13a4c6a5b7ba Mon Sep 17 00:00:00 2001 From: Sebastian Sdorra Date: Thu, 3 Nov 2011 08:56:51 +0100 Subject: [PATCH 1/2] improve handling of the admin flag --- scm-webapp/pom.xml | 2 +- .../web/security/BasicSecurityContext.java | 89 ++++++++++++++----- .../resources/js/user/sonia.user.formpanel.js | 2 + 3 files changed, 72 insertions(+), 21 deletions(-) diff --git a/scm-webapp/pom.xml b/scm-webapp/pom.xml index 1b053644ab..84427e2955 100644 --- a/scm-webapp/pom.xml +++ b/scm-webapp/pom.xml @@ -356,7 +356,7 @@ 1.13 1.0 3.0.3 - gfv3ee6 + Tomcat diff --git a/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java b/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java index 58891c3a47..5f9ca864b1 100644 --- a/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java +++ b/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java @@ -123,43 +123,82 @@ public class BasicSecurityContext implements WebSecurityContext AuthenticationResult ar = authenticator.authenticate(request, response, username, password); - if (ar != null) + if ((ar != null) && (ar.getState() == AuthenticationState.SUCCESS)) { user = ar.getUser(); try { + Set groupSet = new HashSet(); + + // load external groups + Collection extGroups = ar.getGroups(); + + if (extGroups != null) + { + groupSet.addAll(extGroups); + } + + // load internal groups + loadGroups(groupSet); + + // check for admin user + if (!user.isAdmin()) + { + user.setAdmin(isAdmin(groupSet)); + + if (logger.isDebugEnabled() && user.isAdmin()) + { + logger.debug("user '{}' is marked as admin by configuration", + user.getType(), user.getName()); + } + } + else if (logger.isDebugEnabled()) + { + logger.debug("authenticator {} marked user '{}' as admin", + user.getType(), user.getName()); + } + + // store user User dbUser = userManager.get(user.getName()); - if ((dbUser != null) && user.copyProperties(dbUser, false)) + if (dbUser != null) { - userManager.modify(dbUser); + + // if database user is an admin, set admin for the current user + if (dbUser.isAdmin()) + { + if (logger.isDebugEnabled()) + { + logger.debug("user '{}' is marked as admin by local database", + user.getType(), user.getName()); + } + + user.setAdmin(true); + } + + // modify existing user, copy properties except password and admin + if (user.copyProperties(dbUser, false)) + { + userManager.modify(dbUser); + } } + + // create new user else if (dbUser == null) { userManager.create(user); } - Collection groupCollection = ar.getGroups(); - - if (groupCollection != null) - { - groups.addAll(groupCollection); - } - - loadGroups(); - - if (!user.isAdmin()) - { - user.setAdmin(isAdmin()); - } + groups = groupSet; if (logger.isDebugEnabled()) { logGroups(); } - String credentials = dbUser.getName(); + // store encrypted credentials in session + String credentials = user.getName(); if (Util.isNotEmpty(password)) { @@ -172,6 +211,12 @@ public class BasicSecurityContext implements WebSecurityContext catch (Exception ex) { user = null; + + if (groups != null) + { + groups.clear(); + } + logger.error("authentication failed", ex); } } @@ -253,8 +298,10 @@ public class BasicSecurityContext implements WebSecurityContext /** * Method description * + * + * @param groupSet */ - private void loadGroups() + private void loadGroups(Set groupSet) { Collection groupCollection = groupManager.getGroupsForMember(user.getName()); @@ -263,7 +310,7 @@ public class BasicSecurityContext implements WebSecurityContext { for (Group group : groupCollection) { - groups.add(group.getName()); + groupSet.add(group.getName()); } } } @@ -308,9 +355,11 @@ public class BasicSecurityContext implements WebSecurityContext * Method description * * + * + * @param groups * @return */ - private boolean isAdmin() + private boolean isAdmin(Collection groups) { boolean result = false; Set adminUsers = configuration.getAdminUsers(); diff --git a/scm-webapp/src/main/webapp/resources/js/user/sonia.user.formpanel.js b/scm-webapp/src/main/webapp/resources/js/user/sonia.user.formpanel.js index 84f6a906e4..a19ce5d471 100644 --- a/scm-webapp/src/main/webapp/resources/js/user/sonia.user.formpanel.js +++ b/scm-webapp/src/main/webapp/resources/js/user/sonia.user.formpanel.js @@ -62,12 +62,14 @@ Sonia.user.FormPanel = Ext.extend(Sonia.rest.FormPanel,{ fieldLabel: this.displayNameText, name: 'displayName', allowBlank: false, + readOnly: this.item != null && this.item != 'xml', helpText: this.displayNameHelpText },{ fieldLabel: this.mailText, name: 'mail', allowBlank: true, vtype: 'email', + readOnly: this.item != null && this.item != 'xml', helpText: this.mailHelpText }]; From 46de287fe732e27f941632887946a8e3004fb0b5 Mon Sep 17 00:00:00 2001 From: Sebastian Sdorra Date: Tue, 15 Nov 2011 22:01:56 +0100 Subject: [PATCH 2/2] close issue-73 branch