archive-gh-me/onedev
1
0
Fork 0
mirror of https://github.com/theonedev/onedev.git synced 2025-12-08 18:26:30 +00:00
Code Issues Projects Releases Wiki Activity

Revert to use local team but leveled permission.

Browse Source
This commit is contained in:
robin shine 2013-08-16 21:44:55 +08:00
parent f8a6434ec6
commit 8bee5be88b
31 changed files with 691 additions and 221 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
gitop.core/src/main/java/com/pmease/gitop/core/entitymanager/GroupManager.java
View File

@ -5,11 +5,11 @@ import java.util.Collection;
import com.google.inject.ImplementedBy;
import com.pmease.commons.persistence.dao.GenericDao;
import com.pmease.gitop.core.entitymanager.impl.DefaultGroupManager;
import com.pmease.gitop.core.model.Group;
import com.pmease.gitop.core.model.Team;
@ImplementedBy(DefaultGroupManager.class)
public interface GroupManager extends GenericDao<Group> {
public interface GroupManager extends GenericDao<Team> {
Collection<Group> getGroups(Long userId);
Collection<Team> getGroups(Long userId);
}

12
gitop.core/src/main/java/com/pmease/gitop/core/entitymanager/impl/DefaultGroupManager.java
View File

@ -13,11 +13,11 @@ import com.pmease.commons.persistence.dao.DefaultGenericDao;
import com.pmease.commons.persistence.dao.GeneralDao;
import com.pmease.gitop.core.entitymanager.GroupManager;
import com.pmease.gitop.core.entitymanager.UserManager;
import com.pmease.gitop.core.model.Group;
import com.pmease.gitop.core.model.Membership;
import com.pmease.gitop.core.model.Team;
import com.pmease.gitop.core.model.TeamMembership;
@Singleton
public class DefaultGroupManager extends DefaultGenericDao<Group> implements GroupManager {
public class DefaultGroupManager extends DefaultGenericDao<Team> implements GroupManager {
private final UserManager userManager;
@ -28,9 +28,9 @@ public class DefaultGroupManager extends DefaultGenericDao<Group> implements Gro
@Transactional
@Override
public Collection<Group> getGroups(Long userId) {
Collection<Group> groups = new ArrayList<Group>();
for (Membership membership: userManager.load(userId).getMemberships())
public Collection<Team> getGroups(Long userId) {
Collection<Team> groups = new ArrayList<Team>();
for (TeamMembership membership: userManager.load(userId).getMemberships())
groups.add(membership.getGroup());
return groups;

48
gitop.core/src/main/java/com/pmease/gitop/core/model/Group.java
View File

@ -1,48 +0,0 @@
package com.pmease.gitop.core.model;
import java.util.Collection;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.OneToMany;
import org.apache.shiro.authz.Permission;
import com.pmease.commons.persistence.AbstractEntity;
@Entity
@org.hibernate.annotations.Cache(
usage=org.hibernate.annotations.CacheConcurrencyStrategy.READ_WRITE)
@SuppressWarnings("serial")
public class Group extends AbstractEntity implements Permission {
@Column(nullable=false, unique=true)
private String name;
private String description;
@OneToMany(mappedBy="group")
private Collection<Membership> memberships;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getDescription() {
return description;
}
public void setDescription(String description) {
this.description = description;
}
@Override
public boolean implies(Permission permission) {
return false;
}
}

22
gitop.core/src/main/java/com/pmease/gitop/core/model/InvolvedBranch.java
View File

@ -21,14 +21,22 @@ import com.pmease.commons.persistence.AbstractEntity;
@SuppressWarnings("serial")
public class InvolvedBranch extends AbstractEntity {
@Column(nullable=false)
private String name;
@ManyToOne(fetch=FetchType.EAGER)
@org.hibernate.annotations.Fetch(FetchMode.SELECT)
@JoinColumn(nullable=false)
private Repository repository;
@Column(nullable=false)
private String name;
public Repository getRepository() {
return repository;
}
public void setRepository(Repository repository) {
this.repository = repository;
}
public String getName() {
return name;
}
@ -37,12 +45,4 @@ public class InvolvedBranch extends AbstractEntity {
this.name = name;
}
public Repository getRepository() {
return repository;
}
public void setRepository(Repository repository) {
this.repository = repository;
}
}

47
gitop.core/src/main/java/com/pmease/gitop/core/model/Repository.java
View File

@ -12,29 +12,41 @@ import org.hibernate.annotations.FetchMode;
import com.pmease.commons.persistence.AbstractEntity;
import com.pmease.gitop.core.model.gatekeeper.GateKeeper;
import com.pmease.gitop.core.model.permission.object.ProtectedObject;
import com.pmease.gitop.core.model.permission.object.RepositoryBelonging;
import com.pmease.gitop.core.model.permission.object.UserBelonging;
@Entity
@org.hibernate.annotations.Cache(
usage=org.hibernate.annotations.CacheConcurrencyStrategy.READ_WRITE)
@Table(uniqueConstraints={
@UniqueConstraint(columnNames={"user", "name"})
@UniqueConstraint(columnNames={"owner", "name"})
})
@SuppressWarnings("serial")
public class Repository extends AbstractEntity {
public class Repository extends AbstractEntity implements UserBelonging {
@ManyToOne(fetch=FetchType.EAGER)
@org.hibernate.annotations.Fetch(FetchMode.SELECT)
@JoinColumn(nullable=false)
private User owner;
@Column(nullable=false)
private String name;
private String description;
@ManyToOne(fetch=FetchType.EAGER)
@org.hibernate.annotations.Fetch(FetchMode.SELECT)
@JoinColumn(nullable=false)
private User user;
@Column(nullable=true)
private GateKeeper gateKeeper;
@Override
public User getOwner() {
return owner;
}
public void setOwner(User owner) {
this.owner = owner;
}
public String getName() {
return name;
}
@ -51,14 +63,6 @@ public class Repository extends AbstractEntity {
this.description = description;
}
public User getUser() {
return user;
}
public void setUser(User user) {
this.user = user;
}
public GateKeeper getGateKeeper() {
return gateKeeper;
}
@ -67,4 +71,17 @@ public class Repository extends AbstractEntity {
this.gateKeeper = gateKeeper;
}
@Override
public boolean has(ProtectedObject object) {
if (object instanceof Repository) {
Repository repository = (Repository) object;
return repository.getId().equals(getId());
} else if (object instanceof RepositoryBelonging) {
RepositoryBelonging repositoryBelonging = (RepositoryBelonging) object;
return repositoryBelonging.getOwner().getId().equals(getId());
} else {
return false;
}
}
}

37
gitop.core/src/main/java/com/pmease/gitop/core/model/UserLevelPermissionByGroup.java → gitop.core/src/main/java/com/pmease/gitop/core/model/RepositoryAuthorization.java
View File

@ -1,5 +1,6 @@
package com.pmease.gitop.core.model;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.JoinColumn;
@ -10,40 +11,52 @@ import javax.persistence.UniqueConstraint;
import org.hibernate.annotations.FetchMode;
import com.pmease.commons.persistence.AbstractEntity;
import com.pmease.gitop.core.model.permission.RepositoryOperation;
@SuppressWarnings("serial")
@Entity
@Table(uniqueConstraints={
@UniqueConstraint(columnNames={"who", "what"})
@UniqueConstraint(columnNames={"subject", "object"})
})
@org.hibernate.annotations.Cache(
usage=org.hibernate.annotations.CacheConcurrencyStrategy.READ_WRITE)
public class UserLevelPermissionByGroup extends AbstractEntity {
public class RepositoryAuthorization extends AbstractEntity {
@ManyToOne(fetch=FetchType.EAGER)
@org.hibernate.annotations.Fetch(FetchMode.SELECT)
@JoinColumn(nullable=false)
private Group who;
private Team subject;
@ManyToOne(fetch=FetchType.EAGER)
@org.hibernate.annotations.Fetch(FetchMode.SELECT)
@JoinColumn(nullable=false)
private User what;
private Repository object;
public Group getWho() {
return who;
@Column(nullable=false)
private RepositoryOperation operation;
public Team getSubject() {
return subject;
}
public void setWho(Group who) {
this.who = who;
public void setSubject(Team subject) {
this.subject = subject;
}
public User getWhat() {
return what;
public Repository getObject() {
return object;
}
public void setWhat(User what) {
this.what = what;
public void setObject(Repository object) {
this.object = object;
}
public RepositoryOperation getOperation() {
return operation;
}
public void setOperation(RepositoryOperation operation) {
this.operation = operation;
}
}

49
gitop.core/src/main/java/com/pmease/gitop/core/model/RepositoryLevelPermissionByGroup.java
View File

@ -1,49 +0,0 @@
package com.pmease.gitop.core.model;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.Table;
import javax.persistence.UniqueConstraint;
import org.hibernate.annotations.FetchMode;
import com.pmease.commons.persistence.AbstractEntity;
@SuppressWarnings("serial")
@Entity
@Table(uniqueConstraints={
@UniqueConstraint(columnNames={"who", "what"})
})
@org.hibernate.annotations.Cache(
usage=org.hibernate.annotations.CacheConcurrencyStrategy.READ_WRITE)
public class RepositoryLevelPermissionByGroup extends AbstractEntity {
@ManyToOne(fetch=FetchType.EAGER)
@org.hibernate.annotations.Fetch(FetchMode.SELECT)
@JoinColumn(nullable=false)
private Group who;
@ManyToOne(fetch=FetchType.EAGER)
@org.hibernate.annotations.Fetch(FetchMode.SELECT)
@JoinColumn(nullable=false)
private Repository what;
public Group getWho() {
return who;
}
public void setWho(Group who) {
this.who = who;
}
public Repository getWhat() {
return what;
}
public void setWhat(Repository what) {
this.what = what;
}
}

49
gitop.core/src/main/java/com/pmease/gitop/core/model/RepositoryLevelPermissionByUser.java
View File

@ -1,49 +0,0 @@
package com.pmease.gitop.core.model;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.Table;
import javax.persistence.UniqueConstraint;
import org.hibernate.annotations.FetchMode;
import com.pmease.commons.persistence.AbstractEntity;
@SuppressWarnings("serial")
@Entity
@Table(uniqueConstraints={
@UniqueConstraint(columnNames={"who", "what"})
})
@org.hibernate.annotations.Cache(
usage=org.hibernate.annotations.CacheConcurrencyStrategy.READ_WRITE)
public class RepositoryLevelPermissionByUser extends AbstractEntity {
@ManyToOne(fetch=FetchType.EAGER)
@org.hibernate.annotations.Fetch(FetchMode.SELECT)
@JoinColumn(nullable=false)
private User who;
@ManyToOne(fetch=FetchType.EAGER)
@org.hibernate.annotations.Fetch(FetchMode.SELECT)
@JoinColumn(nullable=false)
private Repository what;
public User getWho() {
return who;
}
public void setWho(User who) {
this.who = who;
}
public Repository getWhat() {
return what;
}
public void setWhat(Repository what) {
this.what = what;
}
}

81
gitop.core/src/main/java/com/pmease/gitop/core/model/Role.java Normal file
View File

@ -0,0 +1,81 @@
package com.pmease.gitop.core.model;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.OneToMany;
import org.apache.shiro.authz.Permission;
import com.pmease.commons.persistence.AbstractEntity;
import com.pmease.gitop.core.model.permission.ObjectPermission;
import com.pmease.gitop.core.model.permission.object.SystemObject;
import com.pmease.gitop.core.model.permission.operation.PrivilegedOperation;
@Entity
@org.hibernate.annotations.Cache(
usage=org.hibernate.annotations.CacheConcurrencyStrategy.READ_WRITE)
@SuppressWarnings("serial")
public class Role extends AbstractEntity implements Permission {
@Column(nullable=false, unique=true)
private String name;
private String description;
@Column(nullable=false)
private List<PrivilegedOperation> operations = new ArrayList<PrivilegedOperation>();
@OneToMany(mappedBy="role")
private Collection<RoleMembership> memberships;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getDescription() {
return description;
}
public void setDescription(String description) {
this.description = description;
}
public Collection<RoleMembership> getMemberships() {
return memberships;
}
public void setMemberships(Collection<RoleMembership> memberships) {
this.memberships = memberships;
}
public List<PrivilegedOperation> getOperations() {
return operations;
}
public void setOperations(List<PrivilegedOperation> operations) {
this.operations = operations;
}
@Override
public boolean implies(Permission permission) {
if (permission instanceof ObjectPermission) {
ObjectPermission objectPermission = (ObjectPermission) permission;
if (new SystemObject().has(objectPermission.getObject())) {
for (PrivilegedOperation each: getOperations()) {
if (each.can(objectPermission.getOperation()))
return true;
}
}
}
return false;
}
}

32
gitop.core/src/main/java/com/pmease/gitop/core/model/UserLevelPermissionByUser.java → gitop.core/src/main/java/com/pmease/gitop/core/model/RoleMembership.java
View File

@ -14,36 +14,36 @@ import com.pmease.commons.persistence.AbstractEntity;
@SuppressWarnings("serial")
@Entity
@Table(uniqueConstraints={
@UniqueConstraint(columnNames={"who", "what"})
@UniqueConstraint(columnNames={"user", "role"})
})
@org.hibernate.annotations.Cache(
usage=org.hibernate.annotations.CacheConcurrencyStrategy.READ_WRITE)
public class UserLevelPermissionByUser extends AbstractEntity {
public class RoleMembership extends AbstractEntity {
@ManyToOne(fetch=FetchType.EAGER)
@org.hibernate.annotations.Fetch(FetchMode.SELECT)
@JoinColumn(nullable=false)
private User who;
@ManyToOne(fetch=FetchType.EAGER)
@org.hibernate.annotations.Fetch(FetchMode.SELECT)
@JoinColumn(nullable=false)
private User what;
private User user;
public User getWhat() {
return what;
@ManyToOne(fetch=FetchType.EAGER)
@org.hibernate.annotations.Fetch(FetchMode.SELECT)
@JoinColumn(nullable=false)
private Role role;
public User getUser() {
return user;
}
public void setWhat(User what) {
this.what = what;
public void setUser(User user) {
this.user = user;
}
public User getWho() {
return who;
public Role getRole() {
return role;
}
public void setWho(User who) {
this.who = who;
public void setRole(Role role) {
this.role = role;
}
}

110
gitop.core/src/main/java/com/pmease/gitop/core/model/Team.java Normal file
View File

@ -0,0 +1,110 @@
package com.pmease.gitop.core.model;
import java.util.Collection;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.persistence.UniqueConstraint;
import org.apache.shiro.authz.Permission;
import com.pmease.commons.persistence.AbstractEntity;
import com.pmease.gitop.core.model.permission.ObjectPermission;
import com.pmease.gitop.core.model.permission.operation.PrivilegedOperation;
@Entity
@org.hibernate.annotations.Cache(
usage=org.hibernate.annotations.CacheConcurrencyStrategy.READ_WRITE)
@Table(uniqueConstraints={
@UniqueConstraint(columnNames={"owner", "name"})
})
@SuppressWarnings("serial")
public class Team extends AbstractEntity implements Permission {
private User owner;
@Column(nullable=false, unique=true)
private String name;
private String description;
private PrivilegedOperation operation;
@OneToMany(mappedBy="team")
private Collection<TeamMembership> memberships;
@OneToMany(mappedBy="subject")
private Collection<RepositoryAuthorization> repositoryAuthorizations;
public User getOwner() {
return owner;
}
public void setOwner(User owner) {
this.owner = owner;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getDescription() {
return description;
}
public void setDescription(String description) {
this.description = description;
}
public PrivilegedOperation getOperation() {
return operation;
}
public void setOperation(PrivilegedOperation operation) {
this.operation = operation;
}
public Collection<TeamMembership> getMemberships() {
return memberships;
}
public void setMemberships(Collection<TeamMembership> memberships) {
this.memberships = memberships;
}
public Collection<RepositoryAuthorization> getRepositoryAuthorizations() {
return repositoryAuthorizations;
}
public void setRepositoryAuthorizations(
Collection<RepositoryAuthorization> repositoryAuthorizations) {
this.repositoryAuthorizations = repositoryAuthorizations;
}
@Override
public boolean implies(Permission permission) {
if (permission instanceof ObjectPermission) {
ObjectPermission objectPermission = (ObjectPermission) permission;
for (RepositoryAuthorization each: getRepositoryAuthorizations()) {
PrivilegedOperation operation = each.getOperation().operationOf(
objectPermission.getObject(), each.getObject());
if (operation != null)
return operation.can(objectPermission.getOperation());
}
if (getOwner().has(objectPermission.getObject()))
return getOperation().can(objectPermission.getOperation());
}
return false;
}
}

8
gitop.core/src/main/java/com/pmease/gitop/core/model/Membership.java → gitop.core/src/main/java/com/pmease/gitop/core/model/TeamMembership.java
View File

@ -18,7 +18,7 @@ import com.pmease.commons.persistence.AbstractEntity;
})
@org.hibernate.annotations.Cache(
usage=org.hibernate.annotations.CacheConcurrencyStrategy.READ_WRITE)
public class Membership extends AbstractEntity {
public class TeamMembership extends AbstractEntity {
@ManyToOne(fetch=FetchType.EAGER)
@org.hibernate.annotations.Fetch(FetchMode.SELECT)
@ -28,7 +28,7 @@ public class Membership extends AbstractEntity {
@ManyToOne(fetch=FetchType.EAGER)
@org.hibernate.annotations.Fetch(FetchMode.SELECT)
@JoinColumn(nullable=false)
private Group group;
private Team group;
public User getUser() {
return user;
@ -38,11 +38,11 @@ public class Membership extends AbstractEntity {
this.user = user;
}
public Group getGroup() {
public Team getGroup() {
return group;
}
public void setGroup(Group group) {
public void setGroup(Team group) {
this.group = group;
}

63
gitop.core/src/main/java/com/pmease/gitop/core/model/User.java
View File

@ -5,7 +5,11 @@ import java.util.Collection;
import javax.persistence.Entity;
import javax.persistence.OneToMany;
import org.apache.shiro.authz.Permission;
import com.pmease.commons.security.AbstractUser;
import com.pmease.gitop.core.model.permission.object.ProtectedObject;
import com.pmease.gitop.core.model.permission.object.UserBelonging;
/**
* This class represents either a project or an user in the system.
@ -21,28 +25,73 @@ import com.pmease.commons.security.AbstractUser;
@Entity
@org.hibernate.annotations.Cache(
usage=org.hibernate.annotations.CacheConcurrencyStrategy.READ_WRITE)
public class User extends AbstractUser {
public class User extends AbstractUser implements ProtectedObject, Permission {
@OneToMany(mappedBy="user")
private Collection<Membership> memberships;
private Collection<TeamMembership> memberships;
@OneToMany(mappedBy="user")
private Collection<Membership> mergeRequests;
private Collection<MergeRequest> mergeRequests;
@OneToMany(mappedBy="owner")
private Collection<Repository> repositories;
public Collection<Membership> getMemberships() {
@OneToMany(mappedBy="owner")
private Collection<Team> teams;
public Collection<TeamMembership> getMemberships() {
return memberships;
}
public void setMemberships(Collection<Membership> memberships) {
public void setMemberships(Collection<TeamMembership> memberships) {
this.memberships = memberships;
}
public Collection<Membership> getMergeRequests() {
public Collection<Repository> getRepositories() {
return repositories;
}
public void setRepositories(Collection<Repository> repositories) {
this.repositories = repositories;
}
public Collection<Team> getTeams() {
return teams;
}
public void setTeams(Collection<Team> teams) {
this.teams = teams;
}
public Collection<MergeRequest> getMergeRequests() {
return mergeRequests;
}
public void setMergeRequests(Collection<Membership> mergeRequests) {
public void setMergeRequests(Collection<MergeRequest> mergeRequests) {
this.mergeRequests = mergeRequests;
}
@Override
public boolean has(ProtectedObject object) {
if (object instanceof User) {
User user = (User) object;
return user.getId().equals(getId());
} else if (object instanceof UserBelonging) {
UserBelonging userBelonging = (UserBelonging) object;
return userBelonging.getOwner().getId().equals(getId());
} else {
return false;
}
}
@Override
public boolean implies(Permission permission) {
for (TeamMembership each: getMemberships()) {
if (each.getGroup().implies(permission))
return true;
}
return false;
}
}

27
gitop.core/src/main/java/com/pmease/gitop/core/model/permission/BranchPermission.java Normal file
View File

@ -0,0 +1,27 @@
package com.pmease.gitop.core.model.permission;
import com.pmease.gitop.core.model.permission.operation.PrivilegedOperation;
public class BranchPermission {
private String branchNames;
private PrivilegedOperation branchOperation;
public String getBranchNames() {
return branchNames;
}
public void setBranchNames(String branchNames) {
this.branchNames = branchNames;
}
public PrivilegedOperation getBranchOperation() {
return branchOperation;
}
public void setBranchOperation(PrivilegedOperation branchOperation) {
this.branchOperation = branchOperation;
}
}

52
gitop.core/src/main/java/com/pmease/gitop/core/model/permission/ObjectPermission.java Normal file
View File

@ -0,0 +1,52 @@
package com.pmease.gitop.core.model.permission;
import org.apache.shiro.authz.Permission;
import com.pmease.gitop.core.model.permission.object.ProtectedObject;
import com.pmease.gitop.core.model.permission.operation.PrivilegedOperation;
/**
* This class represents permissions to operate an account and its belongings.
*
* @author robin
*
*/
public class ObjectPermission implements Permission {
private ProtectedObject object;
private PrivilegedOperation operation;
public ObjectPermission(ProtectedObject object, PrivilegedOperation operation) {
this.object = object;
this.operation = operation;
}
public ProtectedObject getObject() {
return object;
}
public PrivilegedOperation getOperation() {
return operation;
}
public void setOperation(PrivilegedOperation operation) {
this.operation = operation;
}
public void setObject(ProtectedObject object) {
this.object = object;
}
@Override
public boolean implies(Permission permission) {
if (permission instanceof ObjectPermission) {
ObjectPermission objectPermission = (ObjectPermission) permission;
return getObject().has(objectPermission.getObject())
&& getOperation().can(objectPermission.getOperation());
} else {
return false;
}
}
}

45
gitop.core/src/main/java/com/pmease/gitop/core/model/permission/RepositoryOperation.java Normal file
View File

@ -0,0 +1,45 @@
package com.pmease.gitop.core.model.permission;
import java.util.ArrayList;
import java.util.List;
import com.pmease.gitop.core.model.Repository;
import com.pmease.gitop.core.model.permission.object.ProtectedBranches;
import com.pmease.gitop.core.model.permission.object.ProtectedObject;
import com.pmease.gitop.core.model.permission.operation.PrivilegedOperation;
public class RepositoryOperation {
private PrivilegedOperation repositoryLevel;
private List<BranchPermission> branchLevel = new ArrayList<BranchPermission>();
public PrivilegedOperation getRepositoryWide() {
return repositoryLevel;
}
public void setRepositoryLevel(PrivilegedOperation repositoryLevel) {
this.repositoryLevel = repositoryLevel;
}
public List<BranchPermission> getBranchLevel() {
return branchLevel;
}
public void setBranchLevel(List<BranchPermission> branchLevel) {
this.branchLevel = branchLevel;
}
public PrivilegedOperation operationOf(ProtectedObject object, Repository repository) {
for (BranchPermission each: getBranchLevel()) {
if (new ProtectedBranches(repository, each.getBranchNames()).has(object))
return each.getBranchOperation();
}
if (repository.has(object))
return getRepositoryWide();
else
return null;
}
}

36
gitop.core/src/main/java/com/pmease/gitop/core/model/permission/object/ProtectedBranches.java Normal file
View File

@ -0,0 +1,36 @@
package com.pmease.gitop.core.model.permission.object;
import com.pmease.commons.util.pattern.WildcardUtils;
import com.pmease.gitop.core.model.Repository;
public class ProtectedBranches implements RepositoryBelonging {
private final Repository repository;
private final String branchNames;
public ProtectedBranches(Repository repository, String branchNames) {
this.repository = repository;
this.branchNames = branchNames;
}
public String getBranchNames() {
return branchNames;
}
@Override
public boolean has(ProtectedObject object) {
if (object instanceof ProtectedBranches) {
ProtectedBranches branches = (ProtectedBranches) object;
return WildcardUtils.matchPath(getBranchNames(), branches.getBranchNames());
} else {
return false;
}
}
@Override
public Repository getOwner() {
return repository;
}
}

5
gitop.core/src/main/java/com/pmease/gitop/core/model/permission/object/ProtectedObject.java Normal file
View File

@ -0,0 +1,5 @@
package com.pmease.gitop.core.model.permission.object;
public interface ProtectedObject {
boolean has(ProtectedObject object);
}

7
gitop.core/src/main/java/com/pmease/gitop/core/model/permission/object/RepositoryBelonging.java Normal file
View File

@ -0,0 +1,7 @@
package com.pmease.gitop.core.model.permission.object;
import com.pmease.gitop.core.model.Repository;
public interface RepositoryBelonging extends ProtectedObject {
Repository getOwner();
}

10
gitop.core/src/main/java/com/pmease/gitop/core/model/permission/object/SystemObject.java Normal file
View File

@ -0,0 +1,10 @@
package com.pmease.gitop.core.model.permission.object;
public class SystemObject implements ProtectedObject {
@Override
public boolean has(ProtectedObject object) {
return true;
}
}

7
gitop.core/src/main/java/com/pmease/gitop/core/model/permission/object/UserBelonging.java Normal file
View File

@ -0,0 +1,7 @@
package com.pmease.gitop.core.model.permission.object;
import com.pmease.gitop.core.model.User;
public interface UserBelonging extends ProtectedObject {
User getOwner();
}

10
gitop.core/src/main/java/com/pmease/gitop/core/model/permission/operation/Administration.java Normal file
View File

@ -0,0 +1,10 @@
package com.pmease.gitop.core.model.permission.operation;
public class Administration implements PrivilegedOperation {
@Override
public boolean can(PrivilegedOperation operation) {
return true;
}
}

10
gitop.core/src/main/java/com/pmease/gitop/core/model/permission/operation/CreateAssessment.java Normal file
View File

@ -0,0 +1,10 @@
package com.pmease.gitop.core.model.permission.operation;
public class CreateAssessment implements PrivilegedOperation {
@Override
public boolean can(PrivilegedOperation operation) {
return operation instanceof CreateAssessment;
}
}

10
gitop.core/src/main/java/com/pmease/gitop/core/model/permission/operation/CreateComment.java Normal file
View File

@ -0,0 +1,10 @@
package com.pmease.gitop.core.model.permission.operation;
public class CreateComment implements PrivilegedOperation {
@Override
public boolean can(PrivilegedOperation operation) {
return operation instanceof CreateComment;
}
}

10
gitop.core/src/main/java/com/pmease/gitop/core/model/permission/operation/CreateMergeRequest.java Normal file
View File

@ -0,0 +1,10 @@
package com.pmease.gitop.core.model.permission.operation;
public class CreateMergeRequest implements PrivilegedOperation {
@Override
public boolean can(PrivilegedOperation operation) {
return operation instanceof CreateMergeRequest;
}
}

10
gitop.core/src/main/java/com/pmease/gitop/core/model/permission/operation/CreateRepository.java Normal file
View File

@ -0,0 +1,10 @@
package com.pmease.gitop.core.model.permission.operation;
public class CreateRepository implements PrivilegedOperation {
@Override
public boolean can(PrivilegedOperation operation) {
return operation instanceof CreateRepository;
}
}

2
gitop.core/src/main/java/com/pmease/gitop/core/model/permission/PrivilegedOperation.java → gitop.core/src/main/java/com/pmease/gitop/core/model/permission/operation/PrivilegedOperation.java
View File

@ -1,4 +1,4 @@
package com.pmease.gitop.core.model.permission;
package com.pmease.gitop.core.model.permission.operation;
public interface PrivilegedOperation {
boolean can(PrivilegedOperation operation);

10
gitop.core/src/main/java/com/pmease/gitop/core/model/permission/operation/Read.java Normal file
View File

@ -0,0 +1,10 @@
package com.pmease.gitop.core.model.permission.operation;
public class Read implements PrivilegedOperation {
@Override
public boolean can(PrivilegedOperation operation) {
return operation instanceof Read;
}
}

60
gitop.core/src/main/java/com/pmease/gitop/core/model/permission/operation/SystemOperation.java Normal file
View File

@ -0,0 +1,60 @@
package com.pmease.gitop.core.model.permission.operation;
public enum SystemOperation implements PrivilegedOperation {
ADMINISTRATION {
@Override
public boolean can(PrivilegedOperation operation) {
return true;
}
},
CREATE_ASSESSMENT {
@Override
public boolean can(PrivilegedOperation operation) {
return operation == CREATE_ASSESSMENT;
}
},
CREATE_COMMENT {
@Override
public boolean can(PrivilegedOperation operation) {
return operation == CREATE_COMMENT;
}
},
CREATE_MERGE_REQUEST {
@Override
public boolean can(PrivilegedOperation operation) {
return operation == CREATE_MERGE_REQUEST;
}
},
CREATE_REPOSITORY {
@Override
public boolean can(PrivilegedOperation operation) {
return operation == CREATE_REPOSITORY;
}
},
READ_ALL_REPOSITORIES {
@Override
public boolean can(PrivilegedOperation operation) {
return operation == READ_ALL_REPOSITORIES;
}
},
WRITE_ALL_REPOSITORIES {
@Override
public boolean can(PrivilegedOperation operation) {
return READ_ALL_REPOSITORIES.can(operation);
}
}
}

10
gitop.core/src/main/java/com/pmease/gitop/core/model/permission/operation/Write.java Normal file
View File

@ -0,0 +1,10 @@
package com.pmease.gitop.core.model.permission.operation;
public class Write implements PrivilegedOperation{
@Override
public boolean can(PrivilegedOperation operation) {
return operation instanceof Write || new Read().can(operation);
}
}

27
gitop.core/src/main/java/com/pmease/gitop/core/model/permission/operation/WriteToBranch.java Normal file
View File

@ -0,0 +1,27 @@
package com.pmease.gitop.core.model.permission.operation;
import com.pmease.commons.util.pattern.WildcardUtils;
public class WriteToBranch implements PrivilegedOperation {
private String filePaths = "**";
public String getFilePaths() {
return filePaths;
}
public void setFilePaths(String filePaths) {
this.filePaths = filePaths;
}
@Override
public boolean can(PrivilegedOperation operation) {
if (operation instanceof WriteToBranch) {
WriteToBranch writeToBranch = (WriteToBranch) operation;
return WildcardUtils.matchPath(getFilePaths(), writeToBranch.getFilePaths());
} else {
return new Read().can(operation);
}
}
}