diff --git a/gitop.core/src/main/java/com/pmease/gitop/core/gatekeeper/ApprovedByAuthorizedUsers.java b/gitop.core/src/main/java/com/pmease/gitop/core/gatekeeper/ApprovedByAuthorizedUsers.java index 028977f01c..87a01ffb15 100644 --- a/gitop.core/src/main/java/com/pmease/gitop/core/gatekeeper/ApprovedByAuthorizedUsers.java +++ b/gitop.core/src/main/java/com/pmease/gitop/core/gatekeeper/ApprovedByAuthorizedUsers.java @@ -4,14 +4,14 @@ import java.util.Collection; import com.pmease.gitop.core.model.MergeRequest; import com.pmease.gitop.core.model.User; -import com.pmease.gitop.core.permission.operation.Write; +import com.pmease.gitop.core.permission.operation.RepositoryOperation; @SuppressWarnings("serial") public class ApprovedByAuthorizedUsers extends AbstractGateKeeper { @Override public CheckResult check(MergeRequest request) { - Collection authorizedUsers = request.getDestination().getRepository().findAuthorizedUsers(new Write()); + Collection authorizedUsers = request.getDestination().getRepository().findAuthorizedUsers(RepositoryOperation.WRITE); OrGateKeeper or = new OrGateKeeper(); for (User user: authorizedUsers) { ApprovedBySpecifiedUser entry = new ApprovedBySpecifiedUser(); diff --git a/gitop.core/src/main/java/com/pmease/gitop/core/manager/AuthorizationManager.java b/gitop.core/src/main/java/com/pmease/gitop/core/manager/AuthorizationManager.java index 810f315cef..4de0cc377d 100644 --- a/gitop.core/src/main/java/com/pmease/gitop/core/manager/AuthorizationManager.java +++ b/gitop.core/src/main/java/com/pmease/gitop/core/manager/AuthorizationManager.java @@ -3,9 +3,9 @@ package com.pmease.gitop.core.manager; import com.google.inject.ImplementedBy; import com.pmease.commons.hibernate.dao.GenericDao; import com.pmease.gitop.core.manager.impl.DefaultAuthorizationManager; -import com.pmease.gitop.core.model.Authorization; +import com.pmease.gitop.core.model.RepositoryAuthorization; @ImplementedBy(DefaultAuthorizationManager.class) -public interface AuthorizationManager extends GenericDao { +public interface AuthorizationManager extends GenericDao { } diff --git a/gitop.core/src/main/java/com/pmease/gitop/core/manager/impl/DefaultAuthorizationManager.java b/gitop.core/src/main/java/com/pmease/gitop/core/manager/impl/DefaultAuthorizationManager.java index c537a21ded..0cc58b721d 100644 --- a/gitop.core/src/main/java/com/pmease/gitop/core/manager/impl/DefaultAuthorizationManager.java +++ b/gitop.core/src/main/java/com/pmease/gitop/core/manager/impl/DefaultAuthorizationManager.java @@ -6,10 +6,10 @@ import javax.inject.Singleton; import com.pmease.commons.hibernate.dao.DefaultGenericDao; import com.pmease.commons.hibernate.dao.GeneralDao; import com.pmease.gitop.core.manager.AuthorizationManager; -import com.pmease.gitop.core.model.Authorization; +import com.pmease.gitop.core.model.RepositoryAuthorization; @Singleton -public class DefaultAuthorizationManager extends DefaultGenericDao implements AuthorizationManager { +public class DefaultAuthorizationManager extends DefaultGenericDao implements AuthorizationManager { @Inject public DefaultAuthorizationManager(GeneralDao generalDao) { diff --git a/gitop.core/src/main/java/com/pmease/gitop/core/model/Repository.java b/gitop.core/src/main/java/com/pmease/gitop/core/model/Repository.java index 9d3bcbc765..e2a8900148 100644 --- a/gitop.core/src/main/java/com/pmease/gitop/core/model/Repository.java +++ b/gitop.core/src/main/java/com/pmease/gitop/core/model/Repository.java @@ -18,7 +18,7 @@ import com.pmease.commons.hibernate.AbstractEntity; import com.pmease.gitop.core.gatekeeper.GateKeeper; import com.pmease.gitop.core.permission.object.ProtectedObject; import com.pmease.gitop.core.permission.object.UserBelonging; -import com.pmease.gitop.core.permission.operation.PrivilegedOperation; +import com.pmease.gitop.core.permission.operation.RepositoryOperation; @Entity @Table(uniqueConstraints={ @@ -39,7 +39,7 @@ public class Repository extends AbstractEntity implements UserBelonging { private GateKeeper gateKeeper; @OneToMany(mappedBy="repository") - private Collection authorizations = new ArrayList(); + private Collection authorizations = new ArrayList(); public User getOwner() { return owner; @@ -80,11 +80,11 @@ public class Repository extends AbstractEntity implements UserBelonging { return getOwner(); } - public Collection getAuthorizations() { + public Collection getAuthorizations() { return authorizations; } - public void setAuthorizations(Collection authorizations) { + public void setAuthorizations(Collection authorizations) { this.authorizations = authorizations; } @@ -98,10 +98,10 @@ public class Repository extends AbstractEntity implements UserBelonging { } } - public Collection findAuthorizedUsers(PrivilegedOperation operation) { + public Collection findAuthorizedUsers(RepositoryOperation operation) { Map authorizationMap = new HashMap(); - for (Authorization authorization: getAuthorizations()) { - authorizationMap.put(authorization.getTeam().getId(), authorization.getOperation().can(operation)); + for (RepositoryAuthorization authorization: getAuthorizations()) { + authorizationMap.put(authorization.getTeam().getId(), authorization.getAuthorizedOperation().can(operation)); } Collection teams = new HashSet(); @@ -113,7 +113,7 @@ public class Repository extends AbstractEntity implements UserBelonging { else continue; } else { - if (team.getOperation().can(operation)) + if (team.getAuthorizedOperation().can(operation)) teams.add(team); } } diff --git a/gitop.core/src/main/java/com/pmease/gitop/core/model/Authorization.java b/gitop.core/src/main/java/com/pmease/gitop/core/model/RepositoryAuthorization.java similarity index 65% rename from gitop.core/src/main/java/com/pmease/gitop/core/model/Authorization.java rename to gitop.core/src/main/java/com/pmease/gitop/core/model/RepositoryAuthorization.java index 2375ad8ac6..3203e3a43b 100644 --- a/gitop.core/src/main/java/com/pmease/gitop/core/model/Authorization.java +++ b/gitop.core/src/main/java/com/pmease/gitop/core/model/RepositoryAuthorization.java @@ -7,15 +7,14 @@ import javax.persistence.Table; import javax.persistence.UniqueConstraint; import com.pmease.commons.hibernate.AbstractEntity; -import com.pmease.gitop.core.permission.operation.PrivilegedOperation; -import com.pmease.gitop.core.permission.operation.Read; +import com.pmease.gitop.core.permission.operation.RepositoryOperation; @SuppressWarnings("serial") @Entity @Table(uniqueConstraints={ @UniqueConstraint(columnNames={"team", "repository"}) }) -public class Authorization extends AbstractEntity { +public class RepositoryAuthorization extends AbstractEntity { @ManyToOne @JoinColumn(nullable=false) @@ -25,14 +24,14 @@ public class Authorization extends AbstractEntity { @JoinColumn(nullable=false) private Repository repository; - private PrivilegedOperation operation = new Read(); + private RepositoryOperation authorizedOperation = RepositoryOperation.READ; - public PrivilegedOperation getOperation() { - return operation; + public RepositoryOperation getAuthorizedOperation() { + return authorizedOperation; } - public void setOperation(PrivilegedOperation operation) { - this.operation = operation; + public void setAuthorizedOperation(RepositoryOperation authorizedOperation) { + this.authorizedOperation = authorizedOperation; } public Team getTeam() { diff --git a/gitop.core/src/main/java/com/pmease/gitop/core/model/Team.java b/gitop.core/src/main/java/com/pmease/gitop/core/model/Team.java index 778791a431..4a5b5534e9 100644 --- a/gitop.core/src/main/java/com/pmease/gitop/core/model/Team.java +++ b/gitop.core/src/main/java/com/pmease/gitop/core/model/Team.java @@ -15,8 +15,7 @@ import org.apache.shiro.authz.Permission; import com.pmease.commons.hibernate.AbstractEntity; import com.pmease.gitop.core.permission.ObjectPermission; -import com.pmease.gitop.core.permission.operation.PrivilegedOperation; -import com.pmease.gitop.core.permission.operation.Read; +import com.pmease.gitop.core.permission.operation.UserOperation; @Entity @Table(uniqueConstraints={ @@ -39,13 +38,13 @@ public class Team extends AbstractEntity implements Permission { private boolean register; @Column(nullable=false) - private PrivilegedOperation operation = new Read(); + private UserOperation authorizedOperation = UserOperation.READ; @OneToMany(mappedBy="team") private Collection memberships = new ArrayList(); @OneToMany(mappedBy="team") - private Collection authorizations = new ArrayList(); + private Collection repositoryAuthorizations = new ArrayList(); public User getOwner() { return owner; @@ -87,12 +86,12 @@ public class Team extends AbstractEntity implements Permission { this.register = register; } - public PrivilegedOperation getOperation() { - return operation; + public UserOperation getAuthorizedOperation() { + return authorizedOperation; } - public void setOperation(PrivilegedOperation operation) { - this.operation = operation; + public void setAuthorizedOperation(UserOperation authorizedOeration) { + this.authorizedOperation = authorizedOeration; } public Collection getMemberships() { @@ -103,12 +102,12 @@ public class Team extends AbstractEntity implements Permission { this.memberships = memberships; } - public Collection getAuthorizations() { - return authorizations; + public Collection getRepositoryAuthorizations() { + return repositoryAuthorizations; } - public void setAuthorizations(Collection authorizations) { - this.authorizations = authorizations; + public void setAuthorizations(Collection repositoryAuthorizations) { + this.repositoryAuthorizations = repositoryAuthorizations; } @Override @@ -116,13 +115,13 @@ public class Team extends AbstractEntity implements Permission { if (permission instanceof ObjectPermission) { ObjectPermission objectPermission = (ObjectPermission) permission; - for (Authorization each: getAuthorizations()) { + for (RepositoryAuthorization each: getRepositoryAuthorizations()) { if (each.getRepository().has(objectPermission.getObject())) - return each.getOperation().can(objectPermission.getOperation()); + return each.getAuthorizedOperation().can(objectPermission.getOperation()); } if (getOwner().has(objectPermission.getObject())) - return getOperation().can(objectPermission.getOperation()); + return getAuthorizedOperation().can(objectPermission.getOperation()); } return false; diff --git a/gitop.core/src/main/java/com/pmease/gitop/core/permission/ObjectPermission.java b/gitop.core/src/main/java/com/pmease/gitop/core/permission/ObjectPermission.java index 2513656e8a..f1d3b95996 100644 --- a/gitop.core/src/main/java/com/pmease/gitop/core/permission/ObjectPermission.java +++ b/gitop.core/src/main/java/com/pmease/gitop/core/permission/ObjectPermission.java @@ -6,10 +6,10 @@ import com.pmease.gitop.core.model.Repository; import com.pmease.gitop.core.model.User; import com.pmease.gitop.core.permission.object.ProtectedObject; import com.pmease.gitop.core.permission.object.SystemObject; -import com.pmease.gitop.core.permission.operation.Administration; import com.pmease.gitop.core.permission.operation.PrivilegedOperation; -import com.pmease.gitop.core.permission.operation.Read; -import com.pmease.gitop.core.permission.operation.Write; +import com.pmease.gitop.core.permission.operation.RepositoryOperation; +import com.pmease.gitop.core.permission.operation.SystemOperation; +import com.pmease.gitop.core.permission.operation.UserOperation; /** * This class represents permissions to operate an account and its belongings. @@ -56,30 +56,30 @@ public class ObjectPermission implements Permission { } public static ObjectPermission ofUserAdmin(User user) { - return new ObjectPermission(user, new Administration()); + return new ObjectPermission(user, UserOperation.ADMINISTRATION); } public static ObjectPermission ofUserRead(User user) { - return new ObjectPermission(user, new Read()); + return new ObjectPermission(user, UserOperation.READ); } public static ObjectPermission ofUserWrite(User user) { - return new ObjectPermission(user, new Write()); + return new ObjectPermission(user, UserOperation.WRITE); } public static ObjectPermission ofRepositoryAdmin(Repository repository) { - return new ObjectPermission(repository, new Administration()); + return new ObjectPermission(repository, RepositoryOperation.ADMINISTRATION); } public static ObjectPermission ofRepositoryRead(Repository repository) { - return new ObjectPermission(repository, new Read()); + return new ObjectPermission(repository, RepositoryOperation.READ); } public static ObjectPermission ofRepositoryWrite(Repository repository) { - return new ObjectPermission(repository, new Write()); + return new ObjectPermission(repository, RepositoryOperation.WRITE); } - public static ObjectPermission ofSystem(PrivilegedOperation operation) { + public static ObjectPermission ofSystem(SystemOperation operation) { return new ObjectPermission(new SystemObject(), operation); } diff --git a/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/Administration.java b/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/Administration.java deleted file mode 100644 index ecbe9360bf..0000000000 --- a/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/Administration.java +++ /dev/null @@ -1,11 +0,0 @@ -package com.pmease.gitop.core.permission.operation; - -@SuppressWarnings("serial") -public class Administration implements PrivilegedOperation { - - @Override - public boolean can(PrivilegedOperation operation) { - return true; - } - -} diff --git a/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/CreateMergeRequest.java b/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/CreateMergeRequest.java deleted file mode 100644 index b027cf38d5..0000000000 --- a/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/CreateMergeRequest.java +++ /dev/null @@ -1,11 +0,0 @@ -package com.pmease.gitop.core.permission.operation; - -@SuppressWarnings("serial") -public class CreateMergeRequest implements PrivilegedOperation { - - @Override - public boolean can(PrivilegedOperation operation) { - return operation instanceof CreateMergeRequest; - } - -} diff --git a/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/CreateRepository.java b/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/CreateRepository.java deleted file mode 100644 index 93864d8860..0000000000 --- a/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/CreateRepository.java +++ /dev/null @@ -1,11 +0,0 @@ -package com.pmease.gitop.core.permission.operation; - -@SuppressWarnings("serial") -public class CreateRepository implements PrivilegedOperation { - - @Override - public boolean can(PrivilegedOperation operation) { - return operation instanceof CreateRepository; - } - -} diff --git a/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/NoAccess.java b/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/NoAccess.java deleted file mode 100644 index d6b2f0451c..0000000000 --- a/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/NoAccess.java +++ /dev/null @@ -1,11 +0,0 @@ -package com.pmease.gitop.core.permission.operation; - -@SuppressWarnings("serial") -public class NoAccess implements PrivilegedOperation { - - @Override - public boolean can(PrivilegedOperation operation) { - return false; - } - -} diff --git a/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/Read.java b/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/Read.java deleted file mode 100644 index 81e653fae5..0000000000 --- a/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/Read.java +++ /dev/null @@ -1,11 +0,0 @@ -package com.pmease.gitop.core.permission.operation; - -@SuppressWarnings("serial") -public class Read implements PrivilegedOperation { - - @Override - public boolean can(PrivilegedOperation operation) { - return operation instanceof Read; - } - -} diff --git a/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/RepositoryOperation.java b/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/RepositoryOperation.java new file mode 100644 index 0000000000..f8fc53c75c --- /dev/null +++ b/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/RepositoryOperation.java @@ -0,0 +1,36 @@ +package com.pmease.gitop.core.permission.operation; + +public enum RepositoryOperation implements PrivilegedOperation { + NO_ACCESS { + + @Override + public boolean can(PrivilegedOperation operation) { + return false; + } + + }, + READ { + + @Override + public boolean can(PrivilegedOperation operation) { + return operation == READ; + } + + }, + WRITE { + + @Override + public boolean can(PrivilegedOperation operation) { + return operation == WRITE || READ.can(operation); + } + + }, + ADMINISTRATION { + + @Override + public boolean can(PrivilegedOperation operation) { + return true; + } + + } +} diff --git a/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/SystemOperation.java b/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/SystemOperation.java index 0f80c966a0..f794c12c1a 100644 --- a/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/SystemOperation.java +++ b/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/SystemOperation.java @@ -9,19 +9,19 @@ public enum SystemOperation implements PrivilegedOperation { } }, - CREATE_ASSESSMENT { + VOTE { @Override public boolean can(PrivilegedOperation operation) { - return operation == CREATE_ASSESSMENT; + return operation == VOTE; } }, - CREATE_COMMENT { + ADD_COMMENT { @Override public boolean can(PrivilegedOperation operation) { - return operation == CREATE_COMMENT; + return operation == ADD_COMMENT; } }, @@ -45,7 +45,7 @@ public enum SystemOperation implements PrivilegedOperation { @Override public boolean can(PrivilegedOperation operation) { - return operation == READ_ALL_REPOSITORIES; + return operation == READ_ALL_REPOSITORIES || RepositoryOperation.READ.can(operation); } }, @@ -53,7 +53,9 @@ public enum SystemOperation implements PrivilegedOperation { @Override public boolean can(PrivilegedOperation operation) { - return READ_ALL_REPOSITORIES.can(operation); + return operation == WRITE_ALL_REPOSITORIES + || READ_ALL_REPOSITORIES.can(operation) + || RepositoryOperation.WRITE.can(operation); } } diff --git a/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/UserOperation.java b/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/UserOperation.java new file mode 100644 index 0000000000..59d8ea927f --- /dev/null +++ b/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/UserOperation.java @@ -0,0 +1,28 @@ +package com.pmease.gitop.core.permission.operation; + +public enum UserOperation implements PrivilegedOperation { + READ { + + @Override + public boolean can(PrivilegedOperation operation) { + return operation == READ || RepositoryOperation.READ.can(operation); + } + + }, + WRITE { + + @Override + public boolean can(PrivilegedOperation operation) { + return operation == WRITE || READ.can(operation) || RepositoryOperation.WRITE.can(operation); + } + + }, + ADMINISTRATION { + + @Override + public boolean can(PrivilegedOperation operation) { + return true; + } + + } +} diff --git a/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/Write.java b/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/Write.java deleted file mode 100644 index be41921b48..0000000000 --- a/gitop.core/src/main/java/com/pmease/gitop/core/permission/operation/Write.java +++ /dev/null @@ -1,11 +0,0 @@ -package com.pmease.gitop.core.permission.operation; - -@SuppressWarnings("serial") -public class Write implements PrivilegedOperation{ - - @Override - public boolean can(PrivilegedOperation operation) { - return operation instanceof Write || new Read().can(operation); - } - -}