diff --git a/gitop.core/src/main/java/com/pmease/gitop/core/manager/UserManager.java b/gitop.core/src/main/java/com/pmease/gitop/core/manager/UserManager.java index 515784163a..11ff3c247c 100644 --- a/gitop.core/src/main/java/com/pmease/gitop/core/manager/UserManager.java +++ b/gitop.core/src/main/java/com/pmease/gitop/core/manager/UserManager.java @@ -1,5 +1,6 @@ package com.pmease.gitop.core.manager; +import java.util.Collection; import java.util.Set; import javax.annotation.Nullable; @@ -30,6 +31,8 @@ public interface UserManager extends GenericDao { */ @Nullable User find(String userName); + Collection findPublic(); + Set getReservedNames(); EntityLoader asEntityLoader(); diff --git a/gitop.core/src/main/java/com/pmease/gitop/core/manager/impl/DefaultUserManager.java b/gitop.core/src/main/java/com/pmease/gitop/core/manager/impl/DefaultUserManager.java index 3482b9e822..6f418692d7 100644 --- a/gitop.core/src/main/java/com/pmease/gitop/core/manager/impl/DefaultUserManager.java +++ b/gitop.core/src/main/java/com/pmease/gitop/core/manager/impl/DefaultUserManager.java @@ -1,5 +1,6 @@ package com.pmease.gitop.core.manager.impl; +import java.util.Collection; import java.util.HashSet; import java.util.Set; @@ -55,6 +56,11 @@ public class DefaultUserManager extends AbstractGenericDao implements User return find(new Criterion[]{Restrictions.eq("name", userName)}); } + @Override + public Collection findPublic() { + return query(new Criterion[]{Restrictions.eq("publiclyAccessible", true)}); + } + @Override public EntityLoader asEntityLoader() { return new EntityLoader() { diff --git a/gitop.core/src/main/java/com/pmease/gitop/core/model/User.java b/gitop.core/src/main/java/com/pmease/gitop/core/model/User.java index 22baa7121a..6cc2a1e650 100644 --- a/gitop.core/src/main/java/com/pmease/gitop/core/model/User.java +++ b/gitop.core/src/main/java/com/pmease/gitop/core/model/User.java @@ -46,6 +46,11 @@ public class User extends AbstractUser implements ProtectedObject { private boolean admin; + private boolean publiclyAccessible; + + @Column(nullable=false) + private GeneralOperation defaultAuthorizedOperation = GeneralOperation.NO_ACCESS; + @OneToMany(mappedBy="user") private Collection memberships = new ArrayList(); @@ -221,18 +226,48 @@ public class User extends AbstractUser implements ProtectedObject { if (projectPermission.implies(objectPermission)) return true; } + + for (User each: Gitop.getInstance(UserManager.class).query()) { + ObjectPermission userPermission = new ObjectPermission(each, each.getDefaultAuthorizedOperation()); + if (userPermission.implies(objectPermission)) + return true; + } } - // check if is public access + // check if is public access to projects for (Project each: Gitop.getInstance(ProjectManager.class).findPublic()) { ObjectPermission projectPermission = new ObjectPermission(each, GeneralOperation.READ); if (projectPermission.implies(objectPermission)) return true; } + + // check if is public access to accounts + for (User each: Gitop.getInstance(UserManager.class).findPublic()) { + ObjectPermission userPermission = new ObjectPermission(each, GeneralOperation.READ); + if (userPermission.implies(objectPermission)) + return true; + } } return false; } + public boolean isPubliclyAccessible() { + return publiclyAccessible; + } + + public void setPubliclyAccessible(boolean publiclyAccessible) { + this.publiclyAccessible = publiclyAccessible; + } + + public GeneralOperation getDefaultAuthorizedOperation() { + return defaultAuthorizedOperation; + } + + public void setDefaultAuthorizedOperation( + GeneralOperation defaultAuthorizedOperation) { + this.defaultAuthorizedOperation = defaultAuthorizedOperation; + } + public boolean isRoot() { return Gitop.getInstance(UserManager.class).getRootUser().equals(this); } diff --git a/gitop.core/src/main/java/com/pmease/gitop/core/permission/ObjectPermission.java b/gitop.core/src/main/java/com/pmease/gitop/core/permission/ObjectPermission.java index 8200f8f221..0f2fb2e480 100644 --- a/gitop.core/src/main/java/com/pmease/gitop/core/permission/ObjectPermission.java +++ b/gitop.core/src/main/java/com/pmease/gitop/core/permission/ObjectPermission.java @@ -53,7 +53,7 @@ public class ObjectPermission implements Permission { } public static ObjectPermission ofUserAdmin(User user) { - return new ObjectPermission(user, GeneralOperation.ADMINISTRATION); + return new ObjectPermission(user, GeneralOperation.ADMIN); } public static ObjectPermission ofUserRead(User user) { @@ -65,7 +65,7 @@ public class ObjectPermission implements Permission { } public static ObjectPermission ofProjectAdmin(Project project) { - return new ObjectPermission(project, GeneralOperation.ADMINISTRATION); + return new ObjectPermission(project, GeneralOperation.ADMIN); } public static ObjectPermission ofProjectRead(Project project) { diff --git a/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/GeneralOperation.java b/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/GeneralOperation.java index f327cd0aaa..fbbc325720 100644 --- a/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/GeneralOperation.java +++ b/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/GeneralOperation.java @@ -26,7 +26,7 @@ public enum GeneralOperation implements PrivilegedOperation { } }, - ADMINISTRATION("Administration") { + ADMIN("Admin") { @Override public boolean can(PrivilegedOperation operation) {