feat: use new permissions model (#546)

olenagerasimova · web-flow · commit c53e2395ac93 · 2023-03-07T16:00:51.000+03:00
* feat: use new permissions model

* feat: use new permissions model
diff --git a/pom.xml b/pom.xml
@@ -101,7 +101,7 @@ SOFTWARE.
     <dependency>
       <groupId>com.artipie</groupId>
       <artifactId>http</artifactId>
-      <version>v1.1.4</version>
+      <version>v1.2.3</version>
     </dependency>
     <dependency>
       <groupId>javax.xml.bind</groupId>
@@ -111,7 +111,7 @@ SOFTWARE.
     <dependency>
       <groupId>com.artipie</groupId>
       <artifactId>asto-core</artifactId>
-      <version>v1.15.0</version>
+      <version>v1.15.4</version>
     </dependency>
     <dependency>
       <groupId>commons-cli</groupId>
diff --git a/src/main/java/com/artipie/rpm/CliArguments.java b/src/main/java/com/artipie/rpm/CliArguments.java
@@ -157,5 +157,10 @@ public Optional<String> cron() {
                 this.cli.getOptionValue(RpmOptions.UPDATE.option().getOpt())
             );
         }
+
+        @Override
+        public String name() {
+            throw new UnsupportedOperationException("Method name() is not supported");
+        }
     }
 }
diff --git a/src/main/java/com/artipie/rpm/RepoConfig.java b/src/main/java/com/artipie/rpm/RepoConfig.java
@@ -50,6 +50,12 @@ public interface RepoConfig {
      */
     Optional<String> cron();
 
+    /**
+     * Repository name.
+     * @return String name
+     */
+    String name();
+
     /**
      * Rpm repository update mode.
      * @since 1.9
@@ -89,20 +95,28 @@ final class FromYaml implements RepoConfig {
          */
         private final YamlMapping yaml;
 
+        /**
+         * Repository name.
+         */
+        private final String name;
+
         /**
          * Ctor.
          * @param yaml Yaml settings
+         * @param name Repository name
          */
-        public FromYaml(final YamlMapping yaml) {
+        public FromYaml(final YamlMapping yaml, final String name) {
             this.yaml = yaml;
+            this.name = name;
         }
 
         /**
          * Ctor.
          * @param yaml Yaml settings
+         * @param name Repository name
          */
-        public FromYaml(final Optional<YamlMapping> yaml) {
-            this(yaml.orElse(Yaml.createYamlMappingBuilder().build()));
+        public FromYaml(final Optional<YamlMapping> yaml, final String name) {
+            this(yaml.orElse(Yaml.createYamlMappingBuilder().build()), name);
         }
 
         @Override
@@ -156,6 +170,11 @@ public Optional<String> cron() {
             }
             return res;
         }
+
+        @Override
+        public String name() {
+            return this.name;
+        }
     }
 
     /**
@@ -249,5 +268,10 @@ public UpdateMode mode() {
         public Optional<String> cron() {
             return Optional.empty();
         }
+
+        @Override
+        public String name() {
+            return "test";
+        }
     }
 }
diff --git a/src/main/java/com/artipie/rpm/http/RpmSlice.java b/src/main/java/com/artipie/rpm/http/RpmSlice.java
@@ -6,11 +6,9 @@
 
 import com.artipie.asto.Storage;
 import com.artipie.http.Slice;
-import com.artipie.http.auth.Action;
 import com.artipie.http.auth.Authentication;
-import com.artipie.http.auth.BasicAuthSlice;
-import com.artipie.http.auth.Permission;
-import com.artipie.http.auth.Permissions;
+import com.artipie.http.auth.BasicAuthzSlice;
+import com.artipie.http.auth.OperationControl;
 import com.artipie.http.rq.RqMethod;
 import com.artipie.http.rs.StandardRs;
 import com.artipie.http.rt.ByMethodsRule;
@@ -20,6 +18,9 @@
 import com.artipie.http.slice.SliceDownload;
 import com.artipie.http.slice.SliceSimple;
 import com.artipie.rpm.RepoConfig;
+import com.artipie.security.perms.Action;
+import com.artipie.security.perms.AdapterBasicPermission;
+import com.artipie.security.policy.Policy;
 
 /**
  * Artipie {@link Slice} for RPM repository HTTP API.
@@ -33,47 +34,53 @@ public final class RpmSlice extends Slice.Wrap {
      * @param storage The storage.
      */
     public RpmSlice(final Storage storage) {
-        this(storage, Permissions.FREE, Authentication.ANONYMOUS, new RepoConfig.Simple());
+        this(storage, Policy.FREE, Authentication.ANONYMOUS, new RepoConfig.Simple());
     }
 
     /**
      * Ctor.
      * @param storage Storage
-     * @param perms Access permissions.
+     * @param policy Access policy.
      * @param auth Auth details.
      * @param config Repository configuration.
      * @checkstyle ParameterNumberCheck (10 lines)
      */
     public RpmSlice(
         final Storage storage,
-        final Permissions perms,
+        final Policy<?> policy,
         final Authentication auth,
         final RepoConfig config
     ) {
         super(
             new SliceRoute(
                 new RtRulePath(
                     new ByMethodsRule(RqMethod.GET),
-                    new BasicAuthSlice(
+                    new BasicAuthzSlice(
                         new SliceDownload(storage),
                         auth,
-                        new Permission.ByName(perms, Action.Standard.READ)
+                        new OperationControl(
+                            policy, new AdapterBasicPermission(config.name(), Action.Standard.READ)
+                        )
                     )
                 ),
                 new RtRulePath(
                     new ByMethodsRule(RqMethod.PUT),
-                    new BasicAuthSlice(
+                    new BasicAuthzSlice(
                         new RpmUpload(storage, config),
                         auth,
-                        new Permission.ByName(perms, Action.Standard.WRITE)
+                        new OperationControl(
+                            policy, new AdapterBasicPermission(config.name(), Action.Standard.WRITE)
+                        )
                     )
                 ),
                 new RtRulePath(
                     new ByMethodsRule(RqMethod.DELETE),
-                    new BasicAuthSlice(
+                    new BasicAuthzSlice(
                         new RpmRemove(storage, config),
                         auth,
-                        new Permission.ByName(perms, Action.Standard.WRITE)
+                        new OperationControl(
+                            policy, new AdapterBasicPermission(config.name(), Action.Standard.READ)
+                        )
                     )
                 ),
                 new RtRulePath(RtRule.FALLBACK, new SliceSimple(StandardRs.NOT_FOUND))
diff --git a/src/test/java/com/artipie/rpm/RepoConfigFromYamlTest.java b/src/test/java/com/artipie/rpm/RepoConfigFromYamlTest.java
@@ -22,19 +22,22 @@ public final class RepoConfigFromYamlTest {
 
     @Test
     void readsSettings() {
+        final String name = "any";
         MatcherAssert.assertThat(
             new RepoConfig.FromYaml(
                 Yaml.createYamlMappingBuilder().add("digest", "sha1")
                 .add("naming-policy", "sha256").add("filelists", "false")
-                .add("update", Yaml.createYamlMappingBuilder().add("on", "upload").build()).build()
+                .add("update", Yaml.createYamlMappingBuilder().add("on", "upload").build()).build(),
+                name
             ),
             new AllOf<>(
                 new ListOf<Matcher<? super RepoConfig>>(
                     new Satisfies<>(cfg -> cfg.digest() == Digest.SHA1),
                     new Satisfies<>(cfg -> cfg.naming() == StandardNamingPolicy.SHA256),
                     new Satisfies<>(fromYaml -> !fromYaml.filelists()),
                     new Satisfies<>(cfg -> cfg.mode() == RepoConfig.UpdateMode.UPLOAD),
-                    new Satisfies<>(cfg -> !cfg.cron().isPresent())
+                    new Satisfies<>(cfg -> !cfg.cron().isPresent()),
+                    new Satisfies<>(cfg -> name.equals(cfg.name()))
                 )
             )
         );
@@ -43,6 +46,7 @@ void readsSettings() {
     @Test
     void readsSettingsWithCron() {
         final String cron = "0 * * * *";
+        final String name = "repo1";
         MatcherAssert.assertThat(
             new RepoConfig.FromYaml(
                 Yaml.createYamlMappingBuilder()
@@ -52,28 +56,32 @@ void readsSettingsWithCron() {
                             "on",
                             Yaml.createYamlMappingBuilder().add("cron", cron).build()
                         ).build()
-                    ).build()
+                    ).build(),
+                name
             ),
             new AllOf<>(
                 new ListOf<Matcher<? super RepoConfig>>(
                     new Satisfies<>(cfg -> cfg.mode() == RepoConfig.UpdateMode.CRON),
-                    new Satisfies<>(cfg -> cfg.cron().get().equals(cron))
+                    new Satisfies<>(cfg -> cfg.cron().get().equals(cron)),
+                    new Satisfies<>(cfg -> name.equals(cfg.name()))
                 )
             )
         );
     }
 
     @Test
     void returnsDefaults() {
+        final String name = "test";
         MatcherAssert.assertThat(
-            new RepoConfig.FromYaml(Optional.empty()),
+            new RepoConfig.FromYaml(Optional.empty(), name),
             new AllOf<>(
                 new ListOf<Matcher<? super RepoConfig>>(
                     new Satisfies<>(cfg -> cfg.digest() == Digest.SHA256),
                     new Satisfies<>(cfg -> cfg.naming() == StandardNamingPolicy.SHA256),
                     new Satisfies<>(RepoConfig::filelists),
                     new Satisfies<>(cfg -> cfg.mode() == RepoConfig.UpdateMode.UPLOAD),
-                    new Satisfies<>(cfg -> !cfg.cron().isPresent())
+                    new Satisfies<>(cfg -> !cfg.cron().isPresent()),
+                    new Satisfies<>(cfg -> cfg.name().equals(name))
                 )
             )
         );
diff --git a/src/test/java/com/artipie/rpm/http/RpmSliceDownloadITCase.java b/src/test/java/com/artipie/rpm/http/RpmSliceDownloadITCase.java
@@ -9,13 +9,14 @@
 import com.artipie.asto.SubStorage;
 import com.artipie.asto.memory.InMemoryStorage;
 import com.artipie.http.auth.Authentication;
-import com.artipie.http.auth.Permissions;
 import com.artipie.http.slice.LoggingSlice;
 import com.artipie.rpm.Digest;
 import com.artipie.rpm.NamingPolicy;
 import com.artipie.rpm.RepoConfig;
 import com.artipie.rpm.Rpm;
 import com.artipie.rpm.TestRpm;
+import com.artipie.security.policy.Policy;
+import com.artipie.security.policy.PolicyByUsername;
 import com.artipie.vertx.VertxSliceServer;
 import io.vertx.reactivex.core.Vertx;
 import java.io.IOException;
@@ -92,7 +93,7 @@ void init() {
     void installsByUrl() throws Exception {
         final TestRpm rpm = new TestRpm.Time();
         rpm.put(this.asto);
-        this.start(Permissions.FREE, Authentication.ANONYMOUS);
+        this.start(Policy.FREE, Authentication.ANONYMOUS);
         MatcherAssert.assertThat(
             this.yumInstall(
                 String.format(
@@ -111,7 +112,7 @@ void installsByUrlWithAuth() throws Exception {
         final TestRpm rpm = new TestRpm.Time();
         rpm.put(this.asto);
         this.start(
-            new Permissions.Single(john, "download"),
+            new PolicyByUsername(john),
             new Authentication.Single(john, pswd)
         );
         MatcherAssert.assertThat(
@@ -130,7 +131,7 @@ void installsFromRepoWithSubDirs() throws IOException, InterruptedException {
         new TestRpm.Aspell().put(new SubStorage(new Key.From("spelling"), this.asto));
         new TestRpm.Time().put(this.asto);
         new Rpm(this.asto, RpmSliceDownloadITCase.CONFIG).batchUpdate(Key.ROOT).blockingAwait();
-        this.start(Permissions.FREE, Authentication.ANONYMOUS);
+        this.start(Policy.FREE, Authentication.ANONYMOUS);
         final Path setting = this.tmp.resolve("example.repo");
         this.tmp.resolve("example.repo").toFile().createNewFile();
         Files.write(
@@ -174,7 +175,7 @@ private String yumInstall(final String url) throws IOException, InterruptedExcep
         ).getStdout();
     }
 
-    private void start(final Permissions perms, final Authentication auth) {
+    private void start(final Policy<?> perms, final Authentication auth) {
         this.server = new VertxSliceServer(
             RpmSliceDownloadITCase.VERTX,
             new LoggingSlice(new RpmSlice(this.asto, perms, auth, RpmSliceDownloadITCase.CONFIG))
diff --git a/src/test/java/com/artipie/rpm/http/RpmSliceITCase.java b/src/test/java/com/artipie/rpm/http/RpmSliceITCase.java
@@ -8,13 +8,14 @@
 import com.artipie.asto.Storage;
 import com.artipie.asto.memory.InMemoryStorage;
 import com.artipie.http.auth.Authentication;
-import com.artipie.http.auth.Permissions;
 import com.artipie.http.slice.LoggingSlice;
 import com.artipie.rpm.Digest;
 import com.artipie.rpm.NamingPolicy;
 import com.artipie.rpm.RepoConfig;
 import com.artipie.rpm.Rpm;
 import com.artipie.rpm.TestRpm;
+import com.artipie.security.policy.Policy;
+import com.artipie.security.policy.PolicyByUsername;
 import com.artipie.vertx.VertxSliceServer;
 import com.jcabi.log.Logger;
 import io.vertx.reactivex.core.Vertx;
@@ -87,7 +88,7 @@ public final class RpmSliceITCase {
     })
     void canListAndInstallFromArtipieRepo(final String linux,
         final String mngr, final String rey) throws Exception {
-        this.start(Permissions.FREE, Authentication.ANONYMOUS, "", linux);
+        this.start(Policy.FREE, Authentication.ANONYMOUS, "", linux);
         MatcherAssert.assertThat(
             "Lists 'time' package",
             this.exec(mngr, rey, "list"),
@@ -110,7 +111,7 @@ void canListAndInstallFromArtipieRepoWithAuth(final String linux,
         final String mark = "mark";
         final String pswd = "abc";
         this.start(
-            new Permissions.Single(mark, "download"),
+            new PolicyByUsername(mark),
             new Authentication.Single(mark, pswd),
             String.format("%s:%s@", mark, pswd),
             linux
@@ -156,15 +157,15 @@ private String exec(final String mngr, final String key, final String action) th
 
     /**
      * Starts VertxSliceServer and docker container.
-     * @param perms Permissions
+     * @param policy Permissions
      * @param auth Authentication
      * @param cred String with user name and password to add in url, uname:pswd@
      * @param linux Linux distribution name and version
      * @throws Exception On error
      * @checkstyle ParameterNumberCheck (10 lines)
      * @checkstyle ExecutableStatementCountCheck (100 lines)
      */
-    private void start(final Permissions perms, final Authentication auth, final String cred,
+    private void start(final Policy<?> policy, final Authentication auth, final String cred,
         final String linux) throws Exception {
         final Storage storage = new InMemoryStorage();
         new TestRpm.Time().put(storage);
@@ -174,7 +175,7 @@ private void start(final Permissions perms, final Authentication auth, final Str
         new Rpm(storage, config).batchUpdate(Key.ROOT).blockingAwait();
         this.server = new VertxSliceServer(
             RpmSliceITCase.VERTX,
-            new LoggingSlice(new RpmSlice(storage, perms, auth, config))
+            new LoggingSlice(new RpmSlice(storage, policy, auth, config))
         );
         final int port = this.server.start();
         Testcontainers.exposeHostPorts(port);

Original file line number	Diff line number	Diff line change
`@@ -157,5 +157,10 @@ public Optional<String> cron() {`
`157`	`157`	`this.cli.getOptionValue(RpmOptions.UPDATE.option().getOpt())`
`158`	`158`	`);`
`159`	`159`	`}`
	`160`	`+`
	`161`	`+ @Override`
	`162`	`+ public String name() {`
	`163`	`+ throw new UnsupportedOperationException("Method name() is not supported");`
	`164`	`+ }`
`160`	`165`	`}`
`161`	`166`	`}`