mirror of
https://github.com/theonedev/onedev.git
synced 2025-12-08 18:26:30 +00:00
Use enum class to group repository/user operations.
This commit is contained in:
robin shine
parent
cae54c3288
commit
e2b33f6adf
@ -4,14 +4,14 @@ import java.util.Collection;
|
||||
|
||||
import com.pmease.gitop.core.model.MergeRequest;
|
||||
import com.pmease.gitop.core.model.User;
|
||||
import com.pmease.gitop.core.permission.operation.Write;
|
||||
import com.pmease.gitop.core.permission.operation.RepositoryOperation;
|
||||
|
||||
@SuppressWarnings("serial")
|
||||
public class ApprovedByAuthorizedUsers extends AbstractGateKeeper {
|
||||
|
||||
@Override
|
||||
public CheckResult check(MergeRequest request) {
|
||||
Collection<User> authorizedUsers = request.getDestination().getRepository().findAuthorizedUsers(new Write());
|
||||
Collection<User> authorizedUsers = request.getDestination().getRepository().findAuthorizedUsers(RepositoryOperation.WRITE);
|
||||
OrGateKeeper or = new OrGateKeeper();
|
||||
for (User user: authorizedUsers) {
|
||||
ApprovedBySpecifiedUser entry = new ApprovedBySpecifiedUser();
|
||||
|
||||
@ -3,9 +3,9 @@ package com.pmease.gitop.core.manager;
|
||||
import com.google.inject.ImplementedBy;
|
||||
import com.pmease.commons.hibernate.dao.GenericDao;
|
||||
import com.pmease.gitop.core.manager.impl.DefaultAuthorizationManager;
|
||||
import com.pmease.gitop.core.model.Authorization;
|
||||
import com.pmease.gitop.core.model.RepositoryAuthorization;
|
||||
|
||||
@ImplementedBy(DefaultAuthorizationManager.class)
|
||||
public interface AuthorizationManager extends GenericDao<Authorization> {
|
||||
public interface AuthorizationManager extends GenericDao<RepositoryAuthorization> {
|
||||
|
||||
}
|
||||
|
||||
@ -6,10 +6,10 @@ import javax.inject.Singleton;
|
||||
import com.pmease.commons.hibernate.dao.DefaultGenericDao;
|
||||
import com.pmease.commons.hibernate.dao.GeneralDao;
|
||||
import com.pmease.gitop.core.manager.AuthorizationManager;
|
||||
import com.pmease.gitop.core.model.Authorization;
|
||||
import com.pmease.gitop.core.model.RepositoryAuthorization;
|
||||
|
||||
@Singleton
|
||||
public class DefaultAuthorizationManager extends DefaultGenericDao<Authorization> implements AuthorizationManager {
|
||||
public class DefaultAuthorizationManager extends DefaultGenericDao<RepositoryAuthorization> implements AuthorizationManager {
|
||||
|
||||
@Inject
|
||||
public DefaultAuthorizationManager(GeneralDao generalDao) {
|
||||
|
||||
@ -18,7 +18,7 @@ import com.pmease.commons.hibernate.AbstractEntity;
|
||||
import com.pmease.gitop.core.gatekeeper.GateKeeper;
|
||||
import com.pmease.gitop.core.permission.object.ProtectedObject;
|
||||
import com.pmease.gitop.core.permission.object.UserBelonging;
|
||||
import com.pmease.gitop.core.permission.operation.PrivilegedOperation;
|
||||
import com.pmease.gitop.core.permission.operation.RepositoryOperation;
|
||||
|
||||
@Entity
|
||||
@Table(uniqueConstraints={
|
||||
@ -39,7 +39,7 @@ public class Repository extends AbstractEntity implements UserBelonging {
|
||||
private GateKeeper gateKeeper;
|
||||
|
||||
@OneToMany(mappedBy="repository")
|
||||
private Collection<Authorization> authorizations = new ArrayList<Authorization>();
|
||||
private Collection<RepositoryAuthorization> authorizations = new ArrayList<RepositoryAuthorization>();
|
||||
|
||||
public User getOwner() {
|
||||
return owner;
|
||||
@ -80,11 +80,11 @@ public class Repository extends AbstractEntity implements UserBelonging {
|
||||
return getOwner();
|
||||
}
|
||||
|
||||
public Collection<Authorization> getAuthorizations() {
|
||||
public Collection<RepositoryAuthorization> getAuthorizations() {
|
||||
return authorizations;
|
||||
}
|
||||
|
||||
public void setAuthorizations(Collection<Authorization> authorizations) {
|
||||
public void setAuthorizations(Collection<RepositoryAuthorization> authorizations) {
|
||||
this.authorizations = authorizations;
|
||||
}
|
||||
|
||||
@ -98,10 +98,10 @@ public class Repository extends AbstractEntity implements UserBelonging {
|
||||
}
|
||||
}
|
||||
|
||||
public Collection<User> findAuthorizedUsers(PrivilegedOperation operation) {
|
||||
public Collection<User> findAuthorizedUsers(RepositoryOperation operation) {
|
||||
Map<Long, Boolean> authorizationMap = new HashMap<Long, Boolean>();
|
||||
for (Authorization authorization: getAuthorizations()) {
|
||||
authorizationMap.put(authorization.getTeam().getId(), authorization.getOperation().can(operation));
|
||||
for (RepositoryAuthorization authorization: getAuthorizations()) {
|
||||
authorizationMap.put(authorization.getTeam().getId(), authorization.getAuthorizedOperation().can(operation));
|
||||
}
|
||||
|
||||
Collection<Team> teams = new HashSet<Team>();
|
||||
@ -113,7 +113,7 @@ public class Repository extends AbstractEntity implements UserBelonging {
|
||||
else
|
||||
continue;
|
||||
} else {
|
||||
if (team.getOperation().can(operation))
|
||||
if (team.getAuthorizedOperation().can(operation))
|
||||
teams.add(team);
|
||||
}
|
||||
}
|
||||
|
||||
@ -7,15 +7,14 @@ import javax.persistence.Table;
|
||||
import javax.persistence.UniqueConstraint;
|
||||
|
||||
import com.pmease.commons.hibernate.AbstractEntity;
|
||||
import com.pmease.gitop.core.permission.operation.PrivilegedOperation;
|
||||
import com.pmease.gitop.core.permission.operation.Read;
|
||||
import com.pmease.gitop.core.permission.operation.RepositoryOperation;
|
||||
|
||||
@SuppressWarnings("serial")
|
||||
@Entity
|
||||
@Table(uniqueConstraints={
|
||||
@UniqueConstraint(columnNames={"team", "repository"})
|
||||
})
|
||||
public class Authorization extends AbstractEntity {
|
||||
public class RepositoryAuthorization extends AbstractEntity {
|
||||
|
||||
@ManyToOne
|
||||
@JoinColumn(nullable=false)
|
||||
@ -25,14 +24,14 @@ public class Authorization extends AbstractEntity {
|
||||
@JoinColumn(nullable=false)
|
||||
private Repository repository;
|
||||
|
||||
private PrivilegedOperation operation = new Read();
|
||||
private RepositoryOperation authorizedOperation = RepositoryOperation.READ;
|
||||
|
||||
public PrivilegedOperation getOperation() {
|
||||
return operation;
|
||||
public RepositoryOperation getAuthorizedOperation() {
|
||||
return authorizedOperation;
|
||||
}
|
||||
|
||||
public void setOperation(PrivilegedOperation operation) {
|
||||
this.operation = operation;
|
||||
public void setAuthorizedOperation(RepositoryOperation authorizedOperation) {
|
||||
this.authorizedOperation = authorizedOperation;
|
||||
}
|
||||
|
||||
public Team getTeam() {
|
||||
@ -15,8 +15,7 @@ import org.apache.shiro.authz.Permission;
|
||||
|
||||
import com.pmease.commons.hibernate.AbstractEntity;
|
||||
import com.pmease.gitop.core.permission.ObjectPermission;
|
||||
import com.pmease.gitop.core.permission.operation.PrivilegedOperation;
|
||||
import com.pmease.gitop.core.permission.operation.Read;
|
||||
import com.pmease.gitop.core.permission.operation.UserOperation;
|
||||
|
||||
@Entity
|
||||
@Table(uniqueConstraints={
|
||||
@ -39,13 +38,13 @@ public class Team extends AbstractEntity implements Permission {
|
||||
private boolean register;
|
||||
|
||||
@Column(nullable=false)
|
||||
private PrivilegedOperation operation = new Read();
|
||||
private UserOperation authorizedOperation = UserOperation.READ;
|
||||
|
||||
@OneToMany(mappedBy="team")
|
||||
private Collection<TeamMembership> memberships = new ArrayList<TeamMembership>();
|
||||
|
||||
@OneToMany(mappedBy="team")
|
||||
private Collection<Authorization> authorizations = new ArrayList<Authorization>();
|
||||
private Collection<RepositoryAuthorization> repositoryAuthorizations = new ArrayList<RepositoryAuthorization>();
|
||||
|
||||
public User getOwner() {
|
||||
return owner;
|
||||
@ -87,12 +86,12 @@ public class Team extends AbstractEntity implements Permission {
|
||||
this.register = register;
|
||||
}
|
||||
|
||||
public PrivilegedOperation getOperation() {
|
||||
return operation;
|
||||
public UserOperation getAuthorizedOperation() {
|
||||
return authorizedOperation;
|
||||
}
|
||||
|
||||
public void setOperation(PrivilegedOperation operation) {
|
||||
this.operation = operation;
|
||||
public void setAuthorizedOperation(UserOperation authorizedOeration) {
|
||||
this.authorizedOperation = authorizedOeration;
|
||||
}
|
||||
|
||||
public Collection<TeamMembership> getMemberships() {
|
||||
@ -103,12 +102,12 @@ public class Team extends AbstractEntity implements Permission {
|
||||
this.memberships = memberships;
|
||||
}
|
||||
|
||||
public Collection<Authorization> getAuthorizations() {
|
||||
return authorizations;
|
||||
public Collection<RepositoryAuthorization> getRepositoryAuthorizations() {
|
||||
return repositoryAuthorizations;
|
||||
}
|
||||
|
||||
public void setAuthorizations(Collection<Authorization> authorizations) {
|
||||
this.authorizations = authorizations;
|
||||
public void setAuthorizations(Collection<RepositoryAuthorization> repositoryAuthorizations) {
|
||||
this.repositoryAuthorizations = repositoryAuthorizations;
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -116,13 +115,13 @@ public class Team extends AbstractEntity implements Permission {
|
||||
if (permission instanceof ObjectPermission) {
|
||||
ObjectPermission objectPermission = (ObjectPermission) permission;
|
||||
|
||||
for (Authorization each: getAuthorizations()) {
|
||||
for (RepositoryAuthorization each: getRepositoryAuthorizations()) {
|
||||
if (each.getRepository().has(objectPermission.getObject()))
|
||||
return each.getOperation().can(objectPermission.getOperation());
|
||||
return each.getAuthorizedOperation().can(objectPermission.getOperation());
|
||||
}
|
||||
|
||||
if (getOwner().has(objectPermission.getObject()))
|
||||
return getOperation().can(objectPermission.getOperation());
|
||||
return getAuthorizedOperation().can(objectPermission.getOperation());
|
||||
}
|
||||
|
||||
return false;
|
||||
|
||||
@ -6,10 +6,10 @@ import com.pmease.gitop.core.model.Repository;
|
||||
import com.pmease.gitop.core.model.User;
|
||||
import com.pmease.gitop.core.permission.object.ProtectedObject;
|
||||
import com.pmease.gitop.core.permission.object.SystemObject;
|
||||
import com.pmease.gitop.core.permission.operation.Administration;
|
||||
import com.pmease.gitop.core.permission.operation.PrivilegedOperation;
|
||||
import com.pmease.gitop.core.permission.operation.Read;
|
||||
import com.pmease.gitop.core.permission.operation.Write;
|
||||
import com.pmease.gitop.core.permission.operation.RepositoryOperation;
|
||||
import com.pmease.gitop.core.permission.operation.SystemOperation;
|
||||
import com.pmease.gitop.core.permission.operation.UserOperation;
|
||||
|
||||
/**
|
||||
* This class represents permissions to operate an account and its belongings.
|
||||
@ -56,30 +56,30 @@ public class ObjectPermission implements Permission {
|
||||
}
|
||||
|
||||
public static ObjectPermission ofUserAdmin(User user) {
|
||||
return new ObjectPermission(user, new Administration());
|
||||
return new ObjectPermission(user, UserOperation.ADMINISTRATION);
|
||||
}
|
||||
|
||||
public static ObjectPermission ofUserRead(User user) {
|
||||
return new ObjectPermission(user, new Read());
|
||||
return new ObjectPermission(user, UserOperation.READ);
|
||||
}
|
||||
|
||||
public static ObjectPermission ofUserWrite(User user) {
|
||||
return new ObjectPermission(user, new Write());
|
||||
return new ObjectPermission(user, UserOperation.WRITE);
|
||||
}
|
||||
|
||||
public static ObjectPermission ofRepositoryAdmin(Repository repository) {
|
||||
return new ObjectPermission(repository, new Administration());
|
||||
return new ObjectPermission(repository, RepositoryOperation.ADMINISTRATION);
|
||||
}
|
||||
|
||||
public static ObjectPermission ofRepositoryRead(Repository repository) {
|
||||
return new ObjectPermission(repository, new Read());
|
||||
return new ObjectPermission(repository, RepositoryOperation.READ);
|
||||
}
|
||||
|
||||
public static ObjectPermission ofRepositoryWrite(Repository repository) {
|
||||
return new ObjectPermission(repository, new Write());
|
||||
return new ObjectPermission(repository, RepositoryOperation.WRITE);
|
||||
}
|
||||
|
||||
public static ObjectPermission ofSystem(PrivilegedOperation operation) {
|
||||
public static ObjectPermission ofSystem(SystemOperation operation) {
|
||||
return new ObjectPermission(new SystemObject(), operation);
|
||||
}
|
||||
|
||||
|
||||
@ -1,11 +0,0 @@
|
||||
package com.pmease.gitop.core.permission.operation;
|
||||
|
||||
@SuppressWarnings("serial")
|
||||
public class Administration implements PrivilegedOperation {
|
||||
|
||||
@Override
|
||||
public boolean can(PrivilegedOperation operation) {
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
@ -1,11 +0,0 @@
|
||||
package com.pmease.gitop.core.permission.operation;
|
||||
|
||||
@SuppressWarnings("serial")
|
||||
public class CreateMergeRequest implements PrivilegedOperation {
|
||||
|
||||
@Override
|
||||
public boolean can(PrivilegedOperation operation) {
|
||||
return operation instanceof CreateMergeRequest;
|
||||
}
|
||||
|
||||
}
|
||||
@ -1,11 +0,0 @@
|
||||
package com.pmease.gitop.core.permission.operation;
|
||||
|
||||
@SuppressWarnings("serial")
|
||||
public class CreateRepository implements PrivilegedOperation {
|
||||
|
||||
@Override
|
||||
public boolean can(PrivilegedOperation operation) {
|
||||
return operation instanceof CreateRepository;
|
||||
}
|
||||
|
||||
}
|
||||
@ -1,11 +0,0 @@
|
||||
package com.pmease.gitop.core.permission.operation;
|
||||
|
||||
@SuppressWarnings("serial")
|
||||
public class NoAccess implements PrivilegedOperation {
|
||||
|
||||
@Override
|
||||
public boolean can(PrivilegedOperation operation) {
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
@ -1,11 +0,0 @@
|
||||
package com.pmease.gitop.core.permission.operation;
|
||||
|
||||
@SuppressWarnings("serial")
|
||||
public class Read implements PrivilegedOperation {
|
||||
|
||||
@Override
|
||||
public boolean can(PrivilegedOperation operation) {
|
||||
return operation instanceof Read;
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,36 @@
|
||||
package com.pmease.gitop.core.permission.operation;
|
||||
|
||||
public enum RepositoryOperation implements PrivilegedOperation {
|
||||
NO_ACCESS {
|
||||
|
||||
@Override
|
||||
public boolean can(PrivilegedOperation operation) {
|
||||
return false;
|
||||
}
|
||||
|
||||
},
|
||||
READ {
|
||||
|
||||
@Override
|
||||
public boolean can(PrivilegedOperation operation) {
|
||||
return operation == READ;
|
||||
}
|
||||
|
||||
},
|
||||
WRITE {
|
||||
|
||||
@Override
|
||||
public boolean can(PrivilegedOperation operation) {
|
||||
return operation == WRITE || READ.can(operation);
|
||||
}
|
||||
|
||||
},
|
||||
ADMINISTRATION {
|
||||
|
||||
@Override
|
||||
public boolean can(PrivilegedOperation operation) {
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
@ -9,19 +9,19 @@ public enum SystemOperation implements PrivilegedOperation {
|
||||
}
|
||||
|
||||
},
|
||||
CREATE_ASSESSMENT {
|
||||
VOTE {
|
||||
|
||||
@Override
|
||||
public boolean can(PrivilegedOperation operation) {
|
||||
return operation == CREATE_ASSESSMENT;
|
||||
return operation == VOTE;
|
||||
}
|
||||
|
||||
},
|
||||
CREATE_COMMENT {
|
||||
ADD_COMMENT {
|
||||
|
||||
@Override
|
||||
public boolean can(PrivilegedOperation operation) {
|
||||
return operation == CREATE_COMMENT;
|
||||
return operation == ADD_COMMENT;
|
||||
}
|
||||
|
||||
},
|
||||
@ -45,7 +45,7 @@ public enum SystemOperation implements PrivilegedOperation {
|
||||
|
||||
@Override
|
||||
public boolean can(PrivilegedOperation operation) {
|
||||
return operation == READ_ALL_REPOSITORIES;
|
||||
return operation == READ_ALL_REPOSITORIES || RepositoryOperation.READ.can(operation);
|
||||
}
|
||||
|
||||
},
|
||||
@ -53,7 +53,9 @@ public enum SystemOperation implements PrivilegedOperation {
|
||||
|
||||
@Override
|
||||
public boolean can(PrivilegedOperation operation) {
|
||||
return READ_ALL_REPOSITORIES.can(operation);
|
||||
return operation == WRITE_ALL_REPOSITORIES
|
||||
|| READ_ALL_REPOSITORIES.can(operation)
|
||||
|| RepositoryOperation.WRITE.can(operation);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -0,0 +1,28 @@
|
||||
package com.pmease.gitop.core.permission.operation;
|
||||
|
||||
public enum UserOperation implements PrivilegedOperation {
|
||||
READ {
|
||||
|
||||
@Override
|
||||
public boolean can(PrivilegedOperation operation) {
|
||||
return operation == READ || RepositoryOperation.READ.can(operation);
|
||||
}
|
||||
|
||||
},
|
||||
WRITE {
|
||||
|
||||
@Override
|
||||
public boolean can(PrivilegedOperation operation) {
|
||||
return operation == WRITE || READ.can(operation) || RepositoryOperation.WRITE.can(operation);
|
||||
}
|
||||
|
||||
},
|
||||
ADMINISTRATION {
|
||||
|
||||
@Override
|
||||
public boolean can(PrivilegedOperation operation) {
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
@ -1,11 +0,0 @@
|
||||
package com.pmease.gitop.core.permission.operation;
|
||||
|
||||
@SuppressWarnings("serial")
|
||||
public class Write implements PrivilegedOperation{
|
||||
|
||||
@Override
|
||||
public boolean can(PrivilegedOperation operation) {
|
||||
return operation instanceof Write || new Read().can(operation);
|
||||
}
|
||||
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user