Stowage/dependency-track
2
0
Fork 0
mirror of https://github.com/DependencyTrack/dependency-track.git synced 2025-11-01 14:10:57 +00:00
Code Issues Projects Releases Packages Wiki Activity

BOM upload autocreate: Add Team to ACL

Browse source 
Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com>
This commit is contained in:
Valentijn Scholten 2022-04-12 13:33:01 +02:00
parent 77aede074c
commit bdf92a1b0e
4 changed files with 39 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

29
src/main/java/org/dependencytrack/persistence/ProjectQueryManager.java
View file

@ -18,6 +18,7 @@
*/
package org.dependencytrack.persistence;
import alpine.common.logging.Logger;
import alpine.event.framework.Event;
import alpine.model.ApiKey;
import alpine.model.Permission;
@ -53,6 +54,8 @@ import java.util.UUID;
final class ProjectQueryManager extends QueryManager implements IQueryManager {
private static final Logger LOGGER = Logger.getLogger(ProjectQueryManager.class);
/**
* Constructs a new QueryManager.
* @param pm a PersistenceManager object
@ -741,6 +744,32 @@ final class ProjectQueryManager extends QueryManager implements IQueryManager {
}
}
/**
* Updates a Project ACL to add the principals Team to the AccessTeams
* This only happens if Portfolio Access Control is enabled and the @param principal is an ApyKey
* For a UserPrincipal we don't know which Team(s) to add to the ACL,
* See https://github.com/DependencyTrack/dependency-track/issues/1435
* @param project
* @param principal
* @return True if ACL was updated
*/
public boolean updateNewProjectACL(Project project, Principal principal) {
if (isEnabled(ConfigPropertyConstants.ACCESS_MANAGEMENT_ACL_ENABLED) && principal instanceof ApiKey) {
ApiKey apiKey = (ApiKey) principal;
final var apiTeam = apiKey.getTeams().stream().findFirst();
if (apiTeam.isPresent()) {
LOGGER.debug("adding Team to ACL of newly created project");
final Team team = getObjectByUuid(Team.class, apiTeam.get().getUuid());
project.addAccessTeam(team);
persist(project);
return true;
} else {
LOGGER.warn("API Key without a Team, unable to assign team ACL to project.");
}
}
return false;
}
public boolean hasAccessManagementPermission(final UserPrincipal userPrincipal) {
for (Permission permission: getEffectivePermissions(userPrincipal)) {
if (Permissions.ACCESS_MANAGEMENT.name().equals(permission.getName())) {