diff --git a/core/src/main/kotlin/api/OrganizationsRoute.kt b/core/src/main/kotlin/api/OrganizationsRoute.kt index b2ff57a33..63e758d68 100644 --- a/core/src/main/kotlin/api/OrganizationsRoute.kt +++ b/core/src/main/kotlin/api/OrganizationsRoute.kt @@ -329,7 +329,7 @@ fun Route.organizations() = route("organizations") { // groupId "readers", "writers" or "admins". route("{groupId}") { put(putUserToOrganizationGroup) { - requirePermission(OrganizationPermission.WRITE) + requirePermission(OrganizationPermission.MANAGE_GROUPS) val user = call.receive() val organizationId = call.requireIdParameter("organizationId") @@ -340,7 +340,7 @@ fun Route.organizations() = route("organizations") { } delete(deleteUserFromOrganizationGroup) { - requirePermission(OrganizationPermission.WRITE) + requirePermission(OrganizationPermission.MANAGE_GROUPS) val user = call.receive() val organizationId = call.requireIdParameter("organizationId") diff --git a/core/src/main/kotlin/api/ProductsRoute.kt b/core/src/main/kotlin/api/ProductsRoute.kt index 00806b1f1..870fa9f0b 100644 --- a/core/src/main/kotlin/api/ProductsRoute.kt +++ b/core/src/main/kotlin/api/ProductsRoute.kt @@ -222,7 +222,7 @@ fun Route.products() = route("products/{productId}") { // groupId "readers", "writers" or "admins". route("{groupId}") { put(putUserToProductGroup) { - requirePermission(ProductPermission.WRITE) + requirePermission(ProductPermission.MANAGE_GROUPS) val user = call.receive() val productId = call.requireIdParameter("productId") @@ -233,7 +233,7 @@ fun Route.products() = route("products/{productId}") { } delete(deleteUserFromProductGroup) { - requirePermission(ProductPermission.WRITE) + requirePermission(ProductPermission.MANAGE_GROUPS) val user = call.receive() val productId = call.requireIdParameter("productId") diff --git a/core/src/main/kotlin/api/RepositoriesRoute.kt b/core/src/main/kotlin/api/RepositoriesRoute.kt index 3d4b31921..126195ec3 100644 --- a/core/src/main/kotlin/api/RepositoriesRoute.kt +++ b/core/src/main/kotlin/api/RepositoriesRoute.kt @@ -250,7 +250,7 @@ fun Route.repositories() = route("repositories/{repositoryId}") { // groupId "readers", "writers" or "admins". route("{groupId}") { put(putUserToRepositoryGroup) { - requirePermission(RepositoryPermission.WRITE) + requirePermission(RepositoryPermission.MANAGE_GROUPS) val user = call.receive() val repositoryId = call.requireIdParameter("repositoryId") @@ -261,7 +261,7 @@ fun Route.repositories() = route("repositories/{repositoryId}") { } delete(deleteUserFromRepositoryGroup) { - requirePermission(RepositoryPermission.WRITE) + requirePermission(RepositoryPermission.MANAGE_GROUPS) val user = call.receive() val repositoryId = call.requireIdParameter("repositoryId") diff --git a/core/src/test/kotlin/api/OrganizationsRouteIntegrationTest.kt b/core/src/test/kotlin/api/OrganizationsRouteIntegrationTest.kt index c01842197..4d06b251a 100644 --- a/core/src/test/kotlin/api/OrganizationsRouteIntegrationTest.kt +++ b/core/src/test/kotlin/api/OrganizationsRouteIntegrationTest.kt @@ -1252,12 +1252,12 @@ class OrganizationsRouteIntegrationTest : AbstractIntegrationTest({ row(HttpMethod.Put), row(HttpMethod.Delete) ) { method -> - "require OrganizationPermission.WRITE for method '${method.value}'" { + "require OrganizationPermission.MANAGE_GROUPS for method '${method.value}'" { val createdOrg = createOrganization() val user = Username(TEST_USER.username.value) requestShouldRequireRole( - OrganizationPermission.WRITE.roleName(createdOrg.id), + OrganizationPermission.MANAGE_GROUPS.roleName(createdOrg.id), HttpStatusCode.NoContent ) { when (method) { diff --git a/core/src/test/kotlin/api/ProductsRouteIntegrationTest.kt b/core/src/test/kotlin/api/ProductsRouteIntegrationTest.kt index 44ce6bf8e..7cda9174e 100644 --- a/core/src/test/kotlin/api/ProductsRouteIntegrationTest.kt +++ b/core/src/test/kotlin/api/ProductsRouteIntegrationTest.kt @@ -712,11 +712,11 @@ class ProductsRouteIntegrationTest : AbstractIntegrationTest({ row(HttpMethod.Put), row(HttpMethod.Delete) ) { method -> - "require ProductPermission.WRITE for method '${method.value}'" { + "require ProductPermission.MANAGE_GROUPS for method '${method.value}'" { val createdProd = createProduct() val user = Username(TEST_USER.username.value) requestShouldRequireRole( - ProductPermission.WRITE.roleName(createdProd.id), + ProductPermission.MANAGE_GROUPS.roleName(createdProd.id), HttpStatusCode.NoContent ) { when (method) { diff --git a/core/src/test/kotlin/api/RepositoriesRouteIntegrationTest.kt b/core/src/test/kotlin/api/RepositoriesRouteIntegrationTest.kt index af864e80f..c335547c0 100644 --- a/core/src/test/kotlin/api/RepositoriesRouteIntegrationTest.kt +++ b/core/src/test/kotlin/api/RepositoriesRouteIntegrationTest.kt @@ -980,11 +980,11 @@ class RepositoriesRouteIntegrationTest : AbstractIntegrationTest({ row(HttpMethod.Put), row(HttpMethod.Delete) ) { method -> - "require ProductPermission.WRITE for method '${method.value}'" { + "require ProductPermission.MANAGE_GROUPS for method '${method.value}'" { val createdRepo = createRepository() val user = Username(TEST_USER.username.value) requestShouldRequireRole( - RepositoryPermission.WRITE.roleName(createdRepo.id), + RepositoryPermission.MANAGE_GROUPS.roleName(createdRepo.id), HttpStatusCode.NoContent ) { when (method) { diff --git a/model/src/commonMain/kotlin/authorization/OrganizationPermission.kt b/model/src/commonMain/kotlin/authorization/OrganizationPermission.kt index e1b1657e4..4580bd413 100644 --- a/model/src/commonMain/kotlin/authorization/OrganizationPermission.kt +++ b/model/src/commonMain/kotlin/authorization/OrganizationPermission.kt @@ -38,6 +38,9 @@ enum class OrganizationPermission { /** Permission to write the [Organization] secrets. */ WRITE_SECRETS, + /** Permission to manage [Organization] groups. */ + MANAGE_GROUPS, + /** Permission to read the list of [Product]s of the [Organization]. */ READ_PRODUCTS, diff --git a/model/src/commonMain/kotlin/authorization/ProductPermission.kt b/model/src/commonMain/kotlin/authorization/ProductPermission.kt index 1bc89bb99..8f4314729 100644 --- a/model/src/commonMain/kotlin/authorization/ProductPermission.kt +++ b/model/src/commonMain/kotlin/authorization/ProductPermission.kt @@ -37,6 +37,9 @@ enum class ProductPermission { /** Permission to write the [Product] secrets. */ WRITE_SECRETS, + /** Permission to manage [Product] groups. */ + MANAGE_GROUPS, + /** Permission to read the list of [repositories][Repository] of the [Product]. */ READ_REPOSITORIES, diff --git a/model/src/commonMain/kotlin/authorization/RepositoryPermission.kt b/model/src/commonMain/kotlin/authorization/RepositoryPermission.kt index b1879616e..c94f3877e 100644 --- a/model/src/commonMain/kotlin/authorization/RepositoryPermission.kt +++ b/model/src/commonMain/kotlin/authorization/RepositoryPermission.kt @@ -37,6 +37,9 @@ enum class RepositoryPermission { /** Permission to write the [Repository] secrets. */ WRITE_SECRETS, + /** Permission to manage [Repository] groups. */ + MANAGE_GROUPS, + /** Permission to read the list of [OrtRun]s of the [Repository]. */ READ_ORT_RUNS,