Commits

Sebastian Sdorra  committed 3d03a3c

secure setConfig method

  • Participants
  • Parent commits 76d4868

Comments (0)

Files changed (2)

File scm-core/src/main/java/sonia/scm/util/SecurityUtil.java

    *
    * @param contextProvider
    */
-  public static void assertIsAdmin(Provider<SecurityContext> contextProvider)
+  public static void assertIsAdmin(
+          Provider<? extends SecurityContext> contextProvider)
   {
     assertIsAdmin(contextProvider.get());
   }
    *
    * @return
    */
-  public static User getCurrentUser(Provider<SecurityContext> contextProvider)
+  public static User getCurrentUser(
+          Provider<? extends SecurityContext> contextProvider)
   {
     AssertUtil.assertIsNotNull(contextProvider);
 

File scm-webapp/src/main/java/sonia/scm/api/rest/resources/ConfigurationResource.java

 //~--- non-JDK imports --------------------------------------------------------
 
 import com.google.inject.Inject;
+import com.google.inject.Provider;
 import com.google.inject.Singleton;
 
 import sonia.scm.SCMContext;
 import sonia.scm.config.ScmConfiguration;
 import sonia.scm.util.IOUtil;
+import sonia.scm.util.SecurityUtil;
+import sonia.scm.web.security.WebSecurityContext;
 
 //~--- JDK imports ------------------------------------------------------------
 
    *
    *
    * @param configuration
+   * @param securityContextProvider
    */
   @Inject
-  public ConfigurationResource(ScmConfiguration configuration)
+  public ConfigurationResource(
+          ScmConfiguration configuration,
+          Provider<WebSecurityContext> securityContextProvider)
   {
     this.configuration = configuration;
+    this.securityContextProvider = securityContextProvider;
   }
 
   //~--- get methods ----------------------------------------------------------
   public Response setConfig(@Context UriInfo uriInfo,
                             ScmConfiguration newConfig)
   {
+    SecurityUtil.assertIsAdmin(securityContextProvider);
     configuration.load(newConfig);
 
     synchronized (ScmConfiguration.class)
 
   /** Field description */
   public ScmConfiguration configuration;
+
+  /** Field description */
+  private Provider<WebSecurityContext> securityContextProvider;
 }