Skip to content

filtering the xref of '/' based on authorization #1618

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jun 29, 2017
Merged

filtering the xref of '/' based on authorization #1618

merged 3 commits into from
Jun 29, 2017

Conversation

tulinkry
Copy link
Contributor

fixes #1610

@tulinkry tulinkry added this to the 1.1 milestone May 29, 2017
@tulinkry tulinkry self-assigned this May 29, 2017
vladak
vladak reviewed May 29, 2017
View reviewed changes
src/org/opensolaris/opengrok/web/PageConfig.java Outdated
* remove all which aren't among the filtered set of
* projects.
*/
list = new ArrayList<>(list);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd rather have the list variable named differently than the original, will make it easier to debug.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I changed that

vladak
vladak reviewed May 29, 2017
View reviewed changes
src/org/opensolaris/opengrok/web/PageConfig.java Outdated
*/
list = new ArrayList<>(list);
list.removeIf((t) -> {
return !getProjectHelper().getAllProjects().stream().anyMatch((p) -> {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what happens if projects are disabled ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that's a good question also for the whole auth framework

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed here

vladak
vladak reviewed May 29, 2017
View reviewed changes
src/org/opensolaris/opengrok/web/PageConfig.java Outdated
if (getPath().isEmpty()) {
/**
* This denotes the source root directory, we need to filter
* projects which aren't allowed by the authorization. E. g.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

adjust the comment explaining what method called below actually performs the authorization check

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

vladak
vladak reviewed May 30, 2017
View reviewed changes
src/org/opensolaris/opengrok/web/PageConfig.java Outdated
List<String> list = Arrays.asList(files);
if (getPath().isEmpty()) {
/**
* This denotes the source root directory, we need to filter
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pls explain in the comment why this only has to be done for the root dir

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

vladak
vladak reviewed May 30, 2017
View reviewed changes
src/org/opensolaris/opengrok/web/PageConfig.java Outdated
@@ -377,7 +377,8 @@ public String canProcess() {
*
* @return an empty list, if the resource does not exist, is not a directory
* or an error occurred when reading it, otherwise a list of filenames in
* that directory, sorted alphabetically
* that directory, sorted alphabetically and filtered based on authorization
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not precise I think as the authorization is performed only for root dir

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changed

vladak
vladak reviewed May 31, 2017
View reviewed changes
src/org/opensolaris/opengrok/web/PageConfig.java Outdated
*
* <p>
* For the root directory (/xref/) an authorization is performed for each of
* the project in case that projects are used in OpenGrok.</p>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

'each project' or 'each of the projects'

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

'in OpenGrok' is redundant

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

@vladak
Copy link
Member

vladak commented May 31, 2017
edited
Loading

Is it possible to unit test this ?

@tulinkry
Copy link
Contributor Author

I added a simple test case for this

@vladak vladak merged commit ca9a887 into oracle:master Jun 29, 2017
@tulinkry tulinkry deleted the auth-xref-fix branch July 3, 2017 09:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vladak vladak vladak left review comments

Assignees

@tulinkry tulinkry

Labels
authorization
Projects
None yet
Milestone
1.1
Development

Successfully merging this pull request may close these issues.

can see unauthorized projects in /source/xref
2 participants
@tulinkry @vladak