From f74003e4856be8a3f1b2beca2663c8f0c024716a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Pfeuffer?= Date: Thu, 27 Sep 2018 08:55:07 +0200 Subject: [PATCH] Introduce new permissions for listings --- .../java/sonia/scm/config/Configuration.java | 2 +- .../src/main/java/sonia/scm/group/Group.java | 2 +- .../src/main/java/sonia/scm/user/User.java | 2 +- .../api/v2/resources/IndexDtoGenerator.java | 13 ++++++++ .../api/v2/resources/IndexResourceTest.java | 31 +++++++++++++++++++ 5 files changed, 47 insertions(+), 3 deletions(-) diff --git a/scm-core/src/main/java/sonia/scm/config/Configuration.java b/scm-core/src/main/java/sonia/scm/config/Configuration.java index e9bf3528d5..823c50b155 100644 --- a/scm-core/src/main/java/sonia/scm/config/Configuration.java +++ b/scm-core/src/main/java/sonia/scm/config/Configuration.java @@ -22,7 +22,7 @@ import com.github.sdorra.ssp.StaticPermissions; @StaticPermissions( value = "configuration", permissions = {"read", "write"}, - globalPermissions = {} + globalPermissions = {"list"} ) public interface Configuration extends PermissionObject { } diff --git a/scm-core/src/main/java/sonia/scm/group/Group.java b/scm-core/src/main/java/sonia/scm/group/Group.java index 98d9dcc7a3..5e7f596c58 100644 --- a/scm-core/src/main/java/sonia/scm/group/Group.java +++ b/scm-core/src/main/java/sonia/scm/group/Group.java @@ -60,7 +60,7 @@ import java.util.List; * * @author Sebastian Sdorra */ -@StaticPermissions("group") +@StaticPermissions(value = "group", globalPermissions = {"create", "list"}) @XmlRootElement(name = "groups") @XmlAccessorType(XmlAccessType.FIELD) public class Group extends BasicPropertiesAware diff --git a/scm-core/src/main/java/sonia/scm/user/User.java b/scm-core/src/main/java/sonia/scm/user/User.java index 97c6bb16c7..057554013c 100644 --- a/scm-core/src/main/java/sonia/scm/user/User.java +++ b/scm-core/src/main/java/sonia/scm/user/User.java @@ -55,7 +55,7 @@ import java.security.Principal; * * @author Sebastian Sdorra */ -@StaticPermissions("user") +@StaticPermissions(value = "user", globalPermissions = {"create", "list"}) @XmlRootElement(name = "users") @XmlAccessorType(XmlAccessType.FIELD) public class diff --git a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/IndexDtoGenerator.java b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/IndexDtoGenerator.java index 1e969824bf..72cd2e277f 100644 --- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/IndexDtoGenerator.java +++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/IndexDtoGenerator.java @@ -3,6 +3,9 @@ package sonia.scm.api.v2.resources; import de.otto.edison.hal.Link; import de.otto.edison.hal.Links; import org.apache.shiro.SecurityUtils; +import sonia.scm.config.ConfigurationPermissions; +import sonia.scm.group.GroupPermissions; +import sonia.scm.user.UserPermissions; import javax.inject.Inject; @@ -22,6 +25,16 @@ public class IndexDtoGenerator { Link.link("me", resourceLinks.me().self()), Link.link("logout", resourceLinks.authentication().logout()) ); + if (UserPermissions.list().isPermitted()) { + builder.single(Link.link("users", resourceLinks.userCollection().self())); + } + if (GroupPermissions.list().isPermitted()) { + builder.single(Link.link("groups", resourceLinks.groupCollection().self())); + } + if (ConfigurationPermissions.list().isPermitted()) { + builder.single(Link.link("configuration", resourceLinks.config().self())); + } + builder.single(Link.link("repositories", resourceLinks.repositoryCollection().self())); } else { builder.single( Link.link("formLogin", resourceLinks.authentication().formLogin()), diff --git a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/IndexResourceTest.java b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/IndexResourceTest.java index f3f6c94006..c674feabcd 100644 --- a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/IndexResourceTest.java +++ b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/IndexResourceTest.java @@ -3,12 +3,15 @@ package sonia.scm.api.v2.resources; import com.github.sdorra.shiro.ShiroRule; import com.github.sdorra.shiro.SubjectAware; import org.assertj.core.api.Assertions; +import org.assertj.core.api.Condition; import org.junit.Rule; import org.junit.Test; import java.net.URI; import java.util.Optional; +import static org.mockito.AdditionalMatchers.not; + @SubjectAware(configuration = "classpath:sonia/scm/shiro-001.ini") public class IndexResourceTest { @@ -41,4 +44,32 @@ public class IndexResourceTest { Assertions.assertThat(index.getLinks().getLinkBy("logout")).matches(Optional::isPresent); } + + @Test + @SubjectAware(username = "trillian", password = "secret") + public void shouldRenderRepositoriesForAuthenticatedRequest() { + IndexDto index = indexResource.getIndex(); + + Assertions.assertThat(index.getLinks().getLinkBy("repositories")).matches(Optional::isPresent); + } + + @Test + @SubjectAware(username = "trillian", password = "secret") + public void shouldNotRenderUserCollectionIfNotAuthorized() { + IndexDto index = indexResource.getIndex(); + + Assertions.assertThat(index.getLinks().getLinkBy("users")).matches(o -> !o.isPresent()); + Assertions.assertThat(index.getLinks().getLinkBy("groups")).matches(o -> !o.isPresent()); + Assertions.assertThat(index.getLinks().getLinkBy("configuration")).matches(o -> !o.isPresent()); + } + + @Test + @SubjectAware(username = "dent", password = "secret") + public void shouldRenderUserCollectionIfAuthorized() { + IndexDto index = indexResource.getIndex(); + + Assertions.assertThat(index.getLinks().getLinkBy("users")).matches(Optional::isPresent); + Assertions.assertThat(index.getLinks().getLinkBy("groups")).matches(Optional::isPresent); + Assertions.assertThat(index.getLinks().getLinkBy("configuration")).matches(Optional::isPresent); + } }