Apache
/
archiva-redback-core
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adding additional role fields

This commit is contained in:
Martin Stockhammer 2020-11-16 11:08:14 +01:00
parent f8c739739d
commit 9830759dbb
6 changed files with 470 additions and 165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/RoleManagementService.java → redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/RoleService.java
View File

@ -18,18 +18,29 @@ package org.apache.archiva.redback.rest.api.services.v2;
* under the License.
*/
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import io.swagger.v3.oas.annotations.tags.Tag;
import org.apache.archiva.redback.authorization.RedbackAuthorization;
import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants;
import org.apache.archiva.redback.rest.api.model.ActionStatus;
import org.apache.archiva.redback.rest.api.model.Application;
import org.apache.archiva.redback.rest.api.model.ApplicationRoles;
import org.apache.archiva.redback.rest.api.model.RedbackRestError;
import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
import org.apache.archiva.redback.rest.api.model.Role;
import org.apache.archiva.redback.rest.api.model.User;
import org.apache.archiva.redback.rest.api.model.VerificationStatus;
import org.apache.archiva.redback.rest.api.model.v2.PagedResult;
import org.apache.archiva.redback.rest.api.model.v2.RoleInfo;
import org.apache.archiva.redback.rest.api.services.RedbackServiceException;
import javax.ws.rs.Consumes;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
@ -39,13 +50,55 @@ import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
import java.util.List;
import static javax.ws.rs.core.MediaType.APPLICATION_JSON;
import static org.apache.archiva.redback.rest.api.Constants.DEFAULT_PAGE_LIMIT;
/**
* @author Olivier Lamy
*/
@Path( "/roleManagementService/" )
@Path( "/roles" )
@Tag(name = "v2")
@Tag(name = "v2/Roles")
@SecurityRequirement(name = "BearerAuth")
public interface RoleManagementService
{
/**
* @since 2.0
*/
@Path( "" )
@GET
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_RBAC_ADMIN_OPERATION )
@Operation( summary = "Returns all roles defined. The result is paged.",
parameters = {
@Parameter(name = "q", description = "Search term"),
@Parameter(name = "offset", description = "The offset of the first element returned"),
@Parameter(name = "limit", description = "Maximum number of items to return in the response"),
@Parameter(name = "orderBy", description = "List of attribute used for sorting (user_id, fullName, email, created"),
@Parameter(name = "order", description = "The sort order. Either ascending (asc) or descending (desc)")
},
security = {
@SecurityRequirement(
name = RedbackRoleConstants.USER_MANAGEMENT_RBAC_ADMIN_OPERATION
)
},
responses = {
@ApiResponse( responseCode = "200",
description = "If the list could be returned",
content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = PagedResult.class))
),
@ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to gather the information",
content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = RedbackRestError.class )) )
}
)
PagedResult<RoleInfo> getAllRoles( @QueryParam("q") @DefaultValue( "" ) String searchTerm,
@QueryParam( "offset" ) @DefaultValue( "0" ) Integer offset,
@QueryParam( "limit" ) @DefaultValue( value = DEFAULT_PAGE_LIMIT ) Integer limit,
@QueryParam( "orderBy") @DefaultValue( "id" ) List<String> orderBy,
@QueryParam("order") @DefaultValue( "asc" ) String order)
throws RedbackServiceException;
@Path( "createTemplatedRole" )
@GET
@Produces( { MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML, MediaType.TEXT_PLAIN } )
@ -220,15 +273,7 @@ public interface RoleManagementService
throws RedbackServiceException;
/**
* @since 2.0
*/
@Path( "allRoles" )
@GET
@Produces( { MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML, MediaType.TEXT_PLAIN } )
@RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_RBAC_ADMIN_OPERATION )
List<Role> getAllRoles()
throws RedbackServiceException;
/**
* @since 2.0

1
redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/AbstractRole.java
View File

@ -26,6 +26,7 @@ public abstract class AbstractRole
implements Role
{
@Override
public boolean hasChildRoles()
{
return ( getChildRoleNames() != null ) && !getChildRoleNames().isEmpty();

121
redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/Role.java
View File

@ -16,6 +16,8 @@ package org.apache.archiva.redback.rbac;
* limitations under the License.
*/
import org.apache.commons.lang3.StringUtils;
import java.util.List;
/**
@ -31,32 +33,33 @@ import java.util.List;
*
* @author Jesse McConnell
* @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
* @author Martin Stockhammer <martin_s@apache.org>
*
*/
public interface Role
{
/**
* Method addPermission
* Adds a permission to the list
*
* @param permission
* @param permission the permission to add to the list
*/
void addPermission( Permission permission );
/**
* Method addChildRoleName
* Adds a role to the list of child roles
*
* @param name the name of the child role.
*/
void addChildRoleName( String name );
/**
* Method getChildRoleNames
* Returns the list of child roles
*/
List<String> getChildRoleNames();
/**
* Convienence method to see if Role has Child Roles.
* Convenience method to see if Role has Child Roles.
*
* @return true if child roles exists and has any roles being tracked.
*/
@ -64,74 +67,80 @@ public interface Role
/**
* Long description of the role.
* @return the role description
*/
String getDescription();
/**
* Get the name.
* Get the name. Must be unique.
*
* NOTE: This field is considered the Primary Key for this object.
* @return the name of the role
*/
String getName();
/**
* Method getPermissions
* Returns the list of permissions assigned to this role.
* @return the list of permissions assigned to this role
*/
List<? extends Permission> getPermissions();
/**
* true if this role is available to be assigned to a user
* <code>True</code>, if this role is available to be assigned to a user, otherwise <code>false</code>.
*
* @return <code>true</code>, if this role can be assigned to users, otherwise <code>false</code>
*/
boolean isAssignable();
/**
* Method removePermission
* Removes the given permission from the list. If the permission does not exist in the list of assigned
* permissions, nothing happens.
*
* @param permission
* @param permission the permission to remove.
*/
void removePermission( Permission permission );
/**
* true if this role is available to be assigned to a user
* Set to <code>true</code>, if this role should available to be assigned to a user
*
* @param assignable
* @param assignable the assignable flag
*/
void setAssignable( boolean assignable );
/**
* The names of the roles that will inherit the permissions of this role
* Sets the names of children roles. Children roles inherit the permissions of the parent role.
*
* @param names the list of names of other roles.
* @param names the list of names of child roles.
*/
void setChildRoleNames( List<String> names );
/**
* Set the Description
*
* @param description
* @param description the role description
*/
void setDescription( String description );
/**
* Set Name
* Set the role name
*
* NOTE: This field is considered the Primary Key for this object.
*
* @param name
* @param name the role name
*/
void setName( String name );
/**
* Set Permissions
* Set role permissions. The list of assigned permissions is replaced by this list.
*
* @param permissions
* @param permissions the permissions to set
*/
void setPermissions( List<Permission> permissions );
/**
* Test to see if the object is a permanent object or not.
*
* @return true if the object is permanent.
* @return <code>true</code>, if the object is permanent.
*/
boolean isPermanent();
@ -141,4 +150,76 @@ public interface Role
* @param permanent true if the object is permanent.
*/
void setPermanent( boolean permanent );
/**
* The role identifier. Should be built from the modelId and the resource. And must be unique.
*
* @since 3.0
* @return the role identifier
*/
default String getId() {
return StringUtils.isEmpty( getModelId() )?getName():(isTemplateInstance()?getModelId()+"."+getResource():getModelId());
}
/**
* Sets the role id
*
* @since 3.0
* @param id the identifier of the role, should not be null or empty.
*/
void setId(String id);
/**
* Returns the model the role is derived from.
*
* @since 3.0
* @return The model id or empty string, if this role was not created from a model
*/
default String getModelId( ) {
return "";
}
/**
* Sets the model id.
*
* @param modelId the identifier of the model, or empty string. Should not be null.
*/
void setModelId(String modelId);
/**
* Returns <code>true</code>, if this role is a instance of a template role, otherwise <code>false</code>.
* Templated roles are built from a template together with a resource identifier.
*
* @since 3.0
* @return <code>true</code>, if this role is a templated role, otherwise <code>false</code>
*/
default boolean isTemplateInstance( ) {
return StringUtils.isEmpty( getResource() );
}
/**
* Sets the template instance flag.
*
* @since 3.0
* @param templateInstanceFlag Set to <code>true</code>, if this is a template instance, otherwise <code>false</code>
*/
void setTemplateInstance(boolean templateInstanceFlag);
/**
* Returns the resource that is used to build this role from a template. If this is not a templated
* role, a empty string should be returned.
*
* @since 3.0
* @return the resource identifier, used to build this role or a empty string, if this role is not templated
*/
default String getResource() {
return "";
}
/**
* Sets the resource, this template instance is attached to.
*
* @param resource the resource identifier. Must not be null.
*/
void setResource( String resource );
}

98
redback-rbac/redback-rbac-providers/redback-rbac-jpa/src/main/java/org/apache/archiva/redback/rbac/jpa/model/JpaRole.java
View File

@ -21,6 +21,8 @@ package org.apache.archiva.redback.rbac.jpa.model;
import org.apache.archiva.redback.rbac.AbstractRole;
import org.apache.archiva.redback.rbac.Permission;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.annotation.Order;
import javax.persistence.*;
@ -37,9 +39,13 @@ import java.util.List;
)
public class JpaRole extends AbstractRole implements Serializable {
private static final Logger log = LoggerFactory.getLogger( JpaRole.class );
@Id
@Column(name="NAME")
private String name;
@Column(name="ID", unique = true)
private String id;
@Column(name="DESCRIPTION")
private String description;
@Column(name="ASSIGNABLE",nullable = false)
@ -68,7 +74,14 @@ public class JpaRole extends AbstractRole implements Serializable {
)
List<String> childRoleNames = new ArrayList<String>();
@Column(name="TEMPLATE_INSTANCE",nullable = false)
private Boolean templateInstance = false;
@Column(name="MODEL_ID",nullable = false)
private String modelId = "";
@Column(name="RESOURCE",nullable = false)
private String resource = "";
@Override
public void addPermission(Permission permission) {
@ -157,19 +170,82 @@ public class JpaRole extends AbstractRole implements Serializable {
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
if (!super.equals(o)) return false;
JpaRole jpaRole = (JpaRole) o;
return name.equals(jpaRole.name);
public void setId( String id )
{
if (id==null) {
log.error( "Null value for role id" );
throw new NullPointerException( "ID may not be null" );
}
this.id = id;
}
@Override
public int hashCode() {
return name.hashCode();
public String getId( )
{
return id;
}
@Override
public void setModelId( String modelId )
{
if (modelId==null) {
this.modelId = "";
} else
{
this.modelId = modelId;
}
}
@Override
public String getModelId( )
{
return modelId;
}
@Override
public void setTemplateInstance( boolean templateInstanceFlag )
{
this.templateInstance = templateInstanceFlag;
}
@Override
public boolean isTemplateInstance( )
{
return this.templateInstance;
}
@Override
public void setResource( String resource )
{
if (resource==null) {
this.resource = "";
} else
{
this.resource = resource;
}
}
@Override
public String getResource( )
{
return resource;
}
@Override
public boolean equals( Object o )
{
if ( this == o ) return true;
if ( o == null || getClass( ) != o.getClass( ) ) return false;
if ( !super.equals( o ) ) return false;
JpaRole jpaRole = (JpaRole) o;
return name.equals( jpaRole.name );
}
@Override
public int hashCode( )
{
return name.hashCode( );
}
}

153
redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java
View File

@ -63,7 +63,10 @@ import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
/**
* LdapRbacManager will read datas from ldap for mapping groups to role.
@ -220,19 +223,14 @@ public class LdapRbacManager
{
try
{
Collection<Collection<String>> roleNames = ldapRoleMapperConfiguration.getLdapGroupMappings().values();
Set<Role> roles = new HashSet<Role>();
for ( Collection<String> names : roleNames )
{
for ( String name : names )
return ldapRoleMapperConfiguration.getLdapGroupMappings( ).entrySet( ).stream( ).flatMap( entry ->{
if (entry.getValue()==null) {
return Stream.empty( );
} else
{
roles.add( new RoleImpl( name ) );
return entry.getValue( ).stream( ).map( role -> new RoleImpl( entry.getKey( ) + role, role ) );
}
}
return new ArrayList<Role>( roles );
} ).collect( Collectors.toList( ) );
}
catch ( MappingException e )
{
@ -373,45 +371,38 @@ public class LdapRbacManager
{
return Collections.emptyList();
}
List<Role> roles = new ArrayList<Role>( groups.size() );
Map<String, Collection<String>> mappedGroups = ldapRoleMapperConfiguration.getLdapGroupMappings();
for ( String group : groups )
final Map<String, Collection<String>> mappedGroups = ldapRoleMapperConfiguration.getLdapGroupMappings();
try
{
Collection<String> roleNames = mappedGroups.get( group );
if ( roleNames != null )
return groups.stream( ).flatMap( group -> mappedGroups.get( group ) == null ?
( this.ldapRoleMapper.isUseDefaultRoleName( ) ? Stream.of( this.buildRole( group, group ) ) : Stream.empty( ) )
: mappedGroups.get( group ).stream( ).map( roleName -> this.buildRole( group + roleName, roleName ) ) ).collect( Collectors.toList( ) );
} catch (RuntimeException e) {
if (e.getCause() instanceof RbacManagerException)
{
for ( String roleName : roleNames )
{
Role role = buildRole( roleName );
roles.add( role );
}
}
else if ( this.ldapRoleMapper.isUseDefaultRoleName() )
{
Role role = buildRole( group );
roles.add( role );
throw ( (RbacManagerException) e.getCause( ) );
} else {
throw new MappingException( e.getMessage(), e );
}
}
return roles;
}
private Role buildRole( String group )
throws RbacManagerException
private Role buildRole( String groupId, String roleName )
{
Role role = null;
try
{
role = this.rbacImpl.getRole( group );
role = this.rbacImpl.getRole( roleName );
}
catch ( RbacObjectNotFoundException e )
{
// if it's mapped role to a group it doesn't exist in jpa
}
role = ( role == null ) ? new RoleImpl( group ) : role;
catch ( RbacManagerException e )
{
throw new RuntimeException( e );
}
role = ( role == null ) ? new RoleImpl( groupId, roleName ) : role;
if ( role != null )
{
rolesCache.put( role.getName(), role );
@ -574,10 +565,22 @@ public class LdapRbacManager
throw new RbacManagerException( e.getMessage(), e );
}
role = this.rbacImpl.getRole( roleName );
if (role==null)
{
try
{
String groupName = ldapRoleMapperConfiguration.getLdapGroupMappings( ).entrySet( ).stream( )
.filter( entry -> entry.getValue( ).contains( roleName ) )
.map( entry -> entry.getKey( ) ).findFirst( ).orElseGet( String::new );
role = new RoleImpl( groupName + roleName, roleName );
}
catch ( MappingException e )
{
role = new RoleImpl( roleName );
}
};
role = ( role == null ) ? new RoleImpl( roleName ) : role;
rolesCache.put( roleName, role );
return role;
}
@ -1191,6 +1194,10 @@ public class LdapRbacManager
private String name;
private String description;
private String id="";
private String modelId="";
private boolean isTemplateInstance=false;
private String resource="";
private List<Permission> permissions = new ArrayList<Permission>();
@ -1199,6 +1206,12 @@ public class LdapRbacManager
private RoleImpl( String name )
{
this.name = name;
this.id = name;
}
private RoleImpl(String id, String name) {
this.id = id;
this.name = name;
}
private RoleImpl( String name, List<Permission> permissions )
@ -1334,6 +1347,72 @@ public class LdapRbacManager
{
return name != null ? name.hashCode() : 0;
}
@Override
public String getId( )
{
return id;
}
@Override
public void setId( String id )
{
if (id==null) {
this.id = "";
} else
{
this.id = id;
}
}
@Override
public String getModelId( )
{
return modelId;
}
@Override
public void setModelId( String modelId )
{
if (modelId==null) {
this.modelId = "";
} else
{
this.modelId = modelId;
}
}
@Override
public boolean isTemplateInstance( )
{
return isTemplateInstance;
}
@Override
public void setTemplateInstance( boolean templateInstance )
{
isTemplateInstance = templateInstance;
}
@Override
public String getResource( )
{
return resource;
}
@Override
public void setResource( String resource )
{
if (resource==null) {
this.resource = "";
} else
{
this.resource = resource;
}
}
}
private static class UserAssignmentImpl

197
redback-rbac/redback-rbac-providers/redback-rbac-memory/src/main/java/org/apache/archiva/redback/rbac/memory/MemoryRole.java
View File

@ -30,6 +30,7 @@ import java.util.List;
* MemoryRole
*
* @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
* @author Martin Stockhammer <martin_s@apache.org>
*
*/
public class MemoryRole
@ -37,11 +38,14 @@ public class MemoryRole
implements Role, java.io.Serializable
{
private static final long serialVersionUID = -2784061560950152088L;
/**
* Field name
*/
private String name;
private String id;
/**
* Field description
*/
@ -55,23 +59,23 @@ public class MemoryRole
/**
* Field childRoleNames
*/
private List<String> childRoleNames = new ArrayList<String>( 0 );
private List<String> childRoleNames = new ArrayList<>( 0 );
/**
* Field permissions
*/
private List<Permission> permissions = new ArrayList<Permission>( 0 );
private List<Permission> permissions = new ArrayList<>( 0 );
/**
* Field permanent
*/
private boolean permanent = false;
/**
* Method addPermission
*
* @param memoryPermission
*/
private String modelId = "";
private String resource = "";
private boolean isTemplateInstance;
@Override
public void addPermission( Permission memoryPermission )
{
if ( !( memoryPermission instanceof MemoryPermission ) )
@ -82,86 +86,55 @@ public class MemoryRole
getPermissions().add( memoryPermission );
}
/**
* Method equals
*
* @param other
*/
public boolean equals( Object other )
@Override
public boolean equals( Object o )
{
if ( this == other )
{
return true;
}
if ( this == o ) return true;
if ( o == null || getClass( ) != o.getClass( ) ) return false;
if ( !super.equals( o ) ) return false;
if ( !( other instanceof MemoryRole ) )
{
return false;
}
MemoryRole that = (MemoryRole) o;
MemoryRole that = (MemoryRole) other;
boolean result = true;
result = result && ( getName() == null ? that.getName() == null : getName().equals( that.getName() ) );
return result;
return name.equals( that.name );
}
/**
* Method getChildRoles
*/
@Override
public int hashCode( )
{
return name.hashCode( );
}
@Override
public List<String> getChildRoleNames()
{
return this.childRoleNames;
}
/**
* Get null
*/
@Override
public String getDescription()
{
return this.description;
}
/**
* Get null
*/
@Override
public String getName()
{
return this.name;
}
/**
* Method getPermissions
*/
@Override
public List<Permission> getPermissions()
{
return this.permissions;
}
/**
* Method hashCode
*/
public int hashCode()
{
int result = 17;
result = 37 * result + ( name != null ? name.hashCode() : 0 );
return result;
}
/**
* Get
* true if this role is available to be assigned to
* a user
*/
@Override
public boolean isAssignable()
{
return this.assignable;
}
/**
* Method removePermission
*
* @param memoryPermission
*/
@Override
public void removePermission( Permission memoryPermission )
{
if ( !( memoryPermission instanceof MemoryPermission ) )
@ -172,64 +145,47 @@ public class MemoryRole
getPermissions().remove( memoryPermission );
}
/**
* Set
* true if this role is available to be assigned to
* a user
*
* @param assignable
*/
@Override
public void setAssignable( boolean assignable )
{
this.assignable = assignable;
}
/**
* Set null
*
* @param description
*/
@Override
public void setDescription( String description )
{
this.description = description;
}
/**
* Set null
*
* @param name
*/
@Override
public void setName( String name )
{
this.name = name;
}
/**
* Set null
*
* @param permissions
*/
@Override
public void setPermissions( List<Permission> permissions )
{
this.permissions = permissions;
}
/**
* Method toString
*/
public java.lang.String toString()
@Override
public String toString( )
{
StringBuilder buf = new StringBuilder();
buf.append( "name = '" );
buf.append( getName() + "'" );
return buf.toString();
final StringBuilder sb = new StringBuilder( "MemoryRole{" );
sb.append( "name='" ).append( name ).append( '\'' );
sb.append( ", id='" ).append( id ).append( '\'' );
sb.append( '}' );
return sb.toString( );
}
@Override
public void addChildRoleName( String name )
{
this.childRoleNames.add( name );
}
@Override
public void setChildRoleNames( List<String> names )
{
if ( names == null )
@ -242,13 +198,80 @@ public class MemoryRole
}
}
@Override
public boolean isPermanent()
{
return permanent;
}
@Override
public void setPermanent( boolean permanent )
{
this.permanent = permanent;
}
@Override
public String getId( )
{
return id;
}
@Override
public void setId( String id )
{
if (id==null) {
this.id = "";
} else
{
this.id = id;
}
}
@Override
public String getModelId( )
{
return modelId;
}
@Override
public void setModelId( String modelId )
{
if (modelId==null) {
this.modelId = "";
} else
{
this.modelId = modelId;
}
}
@Override
public String getResource( )
{
return resource;
}
@Override
public void setResource( String resource )
{
if (resource==null) {
this.resource = "";
} else
{
this.resource = resource;
}
}
@Override
public boolean isTemplateInstance( )
{
return isTemplateInstance;
}
@Override
public void setTemplateInstance( boolean templateInstance )
{
isTemplateInstance = templateInstance;
}
}