Commits

Sebastian Sdorra committed 89a5bd7

use shiro api for permission checks in the repository api

Comments (0)

Files changed (1)

scm-core/src/main/java/sonia/scm/repository/api/RepositoryServiceFactory.java

 import com.google.common.base.Preconditions;
 import com.google.common.base.Strings;
 import com.google.inject.Inject;
-import com.google.inject.Provider;
 import com.google.inject.Singleton;
 
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.subject.Subject;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import sonia.scm.repository.BrowserResult;
 import sonia.scm.repository.ChangesetPagingResult;
 import sonia.scm.repository.PermissionType;
-import sonia.scm.repository.PermissionUtil;
 import sonia.scm.repository.PostReceiveRepositoryHook;
 import sonia.scm.repository.PreProcessorUtil;
 import sonia.scm.repository.Repository;
 import sonia.scm.repository.Tags;
 import sonia.scm.repository.spi.RepositoryServiceProvider;
 import sonia.scm.repository.spi.RepositoryServiceResolver;
+import sonia.scm.security.RepositoryPermission;
 import sonia.scm.security.ScmSecurityException;
-import sonia.scm.web.security.WebSecurityContext;
 
 //~--- JDK imports ------------------------------------------------------------
 
   @Inject
   public RepositoryServiceFactory(CacheManager cacheManager,
     RepositoryManager repositoryManager,
-    Provider<WebSecurityContext> securityContextProvider,
     Set<RepositoryServiceResolver> resolvers, PreProcessorUtil preProcessorUtil)
   {
     this.cacheManager = cacheManager;
     this.repositoryManager = repositoryManager;
-    this.securityContextProvider = securityContextProvider;
     this.resolvers = resolvers;
     this.preProcessorUtil = preProcessorUtil;
 
     Preconditions.checkNotNull(repository, "repository is required");
 
     // check for read permissions of current user
-    PermissionUtil.assertPermission(repository, securityContextProvider,
-      PermissionType.READ);
+    Subject subject = SecurityUtils.getSubject();
+
+    if (!subject.isPermitted(new RepositoryPermission(repository,
+      PermissionType.READ)))
+    {
+      throw new ScmSecurityException("read permission are required");
+    }
 
     RepositoryService service = null;
 
 
   /** Field description */
   private Set<RepositoryServiceResolver> resolvers;
-
-  /** Field description */
-  private Provider<WebSecurityContext> securityContextProvider;
 }