Apache
/
archiva-redback-core
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Switching to role id for userassignment

This commit is contained in:
Martin Stockhammer 2020-11-26 22:20:10 +01:00
parent 1ce5d0be47
commit f86d739624
23 changed files with 368 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
redback-integrations/redback-common-integrations/src/main/java/org/apache/archiva/redback/integration/checks/security/LockedAdminEnvironmentCheck.java
View File

@ -74,7 +74,7 @@ public class LockedAdminEnvironmentCheck
if ( !checked && !userManager.isReadOnly() )
{
List<String> roles = new ArrayList<String>();
roles.add( RedbackRoleConstants.SYSTEM_ADMINISTRATOR_ROLE );
roles.add( RedbackRoleConstants.SYSTEM_ADMINISTRATOR_ROLE_ID );
List<? extends UserAssignment> systemAdminstrators;
try

1
redback-integrations/redback-integrations-security/src/main/java/org/apache/archiva/redback/integration/security/role/RedbackRoleConstants.java
View File

@ -31,6 +31,7 @@ public interface RedbackRoleConstants
// roles
public static final String SYSTEM_ADMINISTRATOR_ROLE = "System Administrator";
public static final String SYSTEM_ADMINISTRATOR_ROLE_ID = "system-administrator";
public static final String USER_ADMINISTRATOR_ROLE = "User Administrator";

35
redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/DefaultRoleManagementService.java
View File

@ -60,7 +60,9 @@ import java.util.Comparator;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
/**
* @author Olivier Lamy
@ -390,13 +392,14 @@ public class DefaultRoleManagementService
org.apache.archiva.redback.rbac.Role rbacRole = rbacManager.getRole( roleName );
Role role = new Role( rbacRole );
Map<String, ? extends org.apache.archiva.redback.rbac.Role> parentRoles = rbacManager.getParentRoleNames( rbacRole );
for ( String parentRoleName : parentRoles.keySet() )
Map<String, ? extends org.apache.archiva.redback.rbac.Role> parentRoleIds = rbacManager.getParentRoleIds( rbacRole );
for ( String parentRoleId : parentRoleIds.keySet() )
{
role.getParentRoleNames().add( parentRoleName );
org.apache.archiva.redback.rbac.Role rbacParentRole = rbacManager.getRoleById( parentRoleId );
role.getParentRoleNames().add( rbacParentRole.getName() );
}
List<? extends UserAssignment> userAssignments = rbacManager.getUserAssignmentsForRoles( Arrays.asList( roleName ) );
List<? extends UserAssignment> userAssignments = rbacManager.getUserAssignmentsForRoles( Arrays.asList( rbacRole.getId() ) );
if ( userAssignments != null )
{
@ -417,7 +420,7 @@ public class DefaultRoleManagementService
if ( !role.getParentRoleNames().isEmpty() )
{
List<? extends UserAssignment> userParentAssignments =
rbacManager.getUserAssignmentsForRoles( parentRoles.keySet() );
rbacManager.getUserAssignmentsForRoles( parentRoleIds.keySet() );
if ( userParentAssignments != null )
{
for ( UserAssignment userAssignment : userParentAssignments )
@ -507,7 +510,8 @@ public class DefaultRoleManagementService
assignment = rbacManager.createUserAssignment( username );
}
assignment.addRoleName( role.getName() );
org.apache.archiva.redback.rbac.Role rbacRole = rbacManager.getRole( role.getName( ) );
assignment.addRoleId( rbacRole.getId() );
assignment = rbacManager.saveUserAssignment( assignment );
log.info( "{} role assigned to {}", role.getName(), username );
}
@ -548,7 +552,8 @@ public class DefaultRoleManagementService
assignment = rbacManager.createUserAssignment( username );
}
assignment.removeRoleName( role.getName() );
org.apache.archiva.redback.rbac.Role rbacRole = rbacManager.getRole( role.getName( ) );
assignment.removeRoleId( rbacRole.getId() );
assignment = rbacManager.saveUserAssignment( assignment );
log.info( "{} role unassigned to {}", role.getName(), username );
}
@ -724,10 +729,18 @@ public class DefaultRoleManagementService
{
assignment = rbacManager.createUserAssignment( username );
}
assignment.setRoleNames( user.getAssignedRoles() );
assignment = rbacManager.saveUserAssignment( assignment );
List<String> assignedRoleIds = user.getAssignedRoles().stream().map(roleName -> {
try
{
return Optional.of( rbacManager.getRole( roleName ).getId( ) );
}
catch ( RbacManagerException e )
{
return Optional.<String>empty( );
}
} ).filter( Optional::isPresent ).map(Optional::get).collect( Collectors.toList());
assignment.setRoleIds( assignedRoleIds );
rbacManager.saveUserAssignment( assignment );
}
catch ( RbacManagerException e )

2
redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/BaseRedbackService.java
View File

@ -86,7 +86,7 @@ public class BaseRedbackService
{
try
{
return rbacManager.getUserAssignmentsForRoles( recurseRoles( rbacRole ).map( role -> role.getName( ) ).collect( Collectors.toList( ) ) )
return rbacManager.getUserAssignmentsForRoles( recurseRoles( rbacRole ).map( role -> role.getId( ) ).collect( Collectors.toList( ) ) )
.stream( ).map( assignment -> getUserInfo( assignment.getPrincipal( ) ) ).collect( Collectors.toList( ) );
}
catch ( RuntimeException e )

14
redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
View File

@ -984,20 +984,20 @@ public class DefaultUserService extends BaseRedbackService
try
{
final Set<String> assignedRoleNames = new HashSet( rbacManager.getUserAssignment( username ).getRoleNames( ) );
final Set<String> assignedRoleIds = new HashSet( rbacManager.getUserAssignment( username ).getRoleIds( ) );
// We have to reuse the BaseRoleInfo objects, because the roles are not returned starting from the roots
final Map<String, BaseRoleInfo> roleNameCache = new HashMap<>( );
final Map<String, BaseRoleInfo> roleIdCache = new HashMap<>( );
List<BaseRoleInfo> roleList = rbacManager.getAllRoles( ).stream( ).flatMap( this::flattenRole ).map( role ->
{
BaseRoleInfo roleInfo = roleNameCache.computeIfAbsent( role.getName( ), s -> new BaseRoleInfo( ) );
BaseRoleInfo roleInfo = roleIdCache.computeIfAbsent( role.getId( ), s -> new BaseRoleInfo( ) );
// Setting the role data, as there may be child role objects that are not completely initialized
roleInfo = BaseRoleInfo.of( role, roleInfo );
roleInfo.setApplicationId( roleApplicationMap.get( role.getId( ) ) );
roleInfo.setAssigned( assignedRoleNames.contains( role.getName( ) ) );
roleInfo.setChildren( role.getChildRoleNames( ).stream( )
.map( roleName ->
roleInfo.setAssigned( assignedRoleIds.contains( role.getId( ) ) );
roleInfo.setChildren( role.getChildRoleIds( ).stream( )
.map( roleId ->
{
BaseRoleInfo childRoleInfo = roleNameCache.computeIfAbsent( roleName, s -> BaseRoleInfo.ofName( roleName ) );
BaseRoleInfo childRoleInfo = roleIdCache.computeIfAbsent( roleId, s -> BaseRoleInfo.ofId( roleId ) );
childRoleInfo.setChild( true );
return childRoleInfo;
} )

5
redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeGroupServiceTest.java
View File

@ -22,6 +22,7 @@ import io.restassured.filter.log.UrlDecoder;
import io.restassured.http.ContentType;
import io.restassured.response.Response;
import org.apache.archiva.components.apacheds.ApacheDs;
import org.apache.archiva.redback.rest.api.Constants;
import org.apache.archiva.redback.rest.api.model.Group;
import org.apache.archiva.redback.rest.api.model.v2.GroupMapping;
import org.apache.archiva.redback.rest.services.BaseSetup;
@ -323,7 +324,7 @@ public class NativeGroupServiceTest extends AbstractNativeRestServices
List<Group> data = response.body( ).jsonPath( ).getList( "data", Group.class );
assertNotNull( data );
assertEquals( Integer.valueOf( 0 ), response.body( ).jsonPath( ).get( "pagination.offset" ) );
assertEquals( Integer.valueOf( 1000 ), response.body( ).jsonPath( ).get( "pagination.limit" ) );
assertEquals( Integer.valueOf( Constants.DEFAULT_PAGE_LIMIT ), response.body( ).jsonPath( ).get( "pagination.limit" ) );
assertEquals( Integer.valueOf( 6 ), response.body( ).jsonPath( ).get( "pagination.total_count" ) );
assertEquals( 6, data.size( ) );
String[] values = data.stream( ).map( ldapInfo -> ldapInfo.getName( ) ).sorted( ).collect( Collectors.toList( ) ).toArray( new String[0] );
@ -363,7 +364,7 @@ public class NativeGroupServiceTest extends AbstractNativeRestServices
List<Group> data = response.body( ).jsonPath( ).getList( "data", Group.class );
assertNotNull( data );
assertEquals( Integer.valueOf( 2 ), response.body( ).jsonPath( ).get( "pagination.offset" ) );
assertEquals( Integer.valueOf( 1000 ), response.body( ).jsonPath( ).get( "pagination.limit" ) );
assertEquals( Integer.valueOf( Constants.DEFAULT_PAGE_LIMIT ), response.body( ).jsonPath( ).get( "pagination.limit" ) );
assertEquals( Integer.valueOf( 6 ), response.body( ).jsonPath( ).get( "pagination.total_count" ) );
assertEquals( 4, data.size( ) );
String[] values = data.stream( ).map( ldapInfo -> ldapInfo.getName( ) ).sorted( ).collect( Collectors.toList( ) ).toArray( new String[0] );

56
redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeRoleServiceTest.java
View File

@ -664,5 +664,61 @@ public class NativeRoleServiceTest extends AbstractNativeRestServices
}
}
@Test
void unAssignTemplatedRole( )
{
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "aragorn" );
jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
jsonAsMap.put( "full_name", "Aragorn King of Gondor " );
jsonAsMap.put( "password", "pAssw0rD" );
try
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.when( )
.put( "template/archiva-repository-manager/repository12" )
.then( ).statusCode( 201 );
given( ).spec( getRequestSpec( token, getUserServicePath( ) ) ).contentType( JSON )
.body( jsonAsMap )
.when( )
.post( )
.then( ).statusCode( 201 );
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.when( )
.put( "template/archiva-repository-manager/repository12/user/aragorn" )
.then( ).statusCode( 200 );
Response response = given( ).spec( getRequestSpec( token, getUserServicePath( ) ) ).contentType( JSON )
.when( )
.get( "aragorn/roles" )
.then( ).statusCode( 200 ).extract( ).response( );
List<RoleInfo> roles = response.getBody( ).jsonPath( ).getList( "", RoleInfo.class );
assertTrue( roles.stream( ).filter( role -> "archiva-repository-manager.repository12".equals( role.getId( ) ) ).findAny( ).isPresent( ) );
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.when( )
.delete( "archiva-repository-manager.repository12/user/aragorn" )
.then( ).statusCode( 200 );
response = given( ).spec( getRequestSpec( token, getUserServicePath( ) ) ).contentType( JSON )
.when( )
.get( "aragorn/roles" )
.then( ).statusCode( 200 ).extract( ).response( );
roles = response.getBody( ).jsonPath( ).getList( "", RoleInfo.class );
assertFalse( roles.stream( ).filter( role -> "archiva-repository-manager.repository12".equals( role.getId( ) ) ).findAny( ).isPresent( ) );
}
finally
{
given( ).spec( getRequestSpec( token, getUserServicePath( ) ) ).contentType( JSON )
.when( )
.delete( "aragorn" ).then().statusCode( 200 );
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.when( )
.delete( "template/archiva-repository-manager/repository12" ).then().statusCode( 200 );
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.when( )
.delete( "template/archiva-repository-observer/repository12" ).then().statusCode( 200 );
}
}
}

24
redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/AbstractRBACManager.java
View File

@ -432,17 +432,17 @@ public abstract class AbstractRBACManager
Set<Permission> permissionSet = new HashSet<Permission>();
if ( ua.getRoleNames() != null )
if ( ua.getRoleIds() != null )
{
boolean childRoleNamesUpdated = false;
Iterator<String> it = ua.getRoleNames().listIterator();
Iterator<String> it = ua.getRoleIds().listIterator();
while ( it.hasNext() )
{
String roleName = it.next();
String roleId = it.next();
try
{
Role role = getRole( roleName );
Role role = getRoleById( roleId );
gatherUniquePermissions( role, permissionSet );
}
catch ( RbacObjectNotFoundException e )
@ -563,17 +563,17 @@ public abstract class AbstractRBACManager
{
Set<Role> roleSet = new HashSet<Role>();
if ( ua.getRoleNames() != null )
if ( ua.getRoleIds() != null )
{
boolean childRoleNamesUpdated = false;
Iterator<String> it = ua.getRoleNames().listIterator();
Iterator<String> it = ua.getRoleIds().listIterator();
while ( it.hasNext() )
{
String roleName = it.next();
String roleId = it.next();
try
{
Role role = getRole( roleName );
Role role = getRoleById( roleId );
if ( !roleSet.contains( role ) )
{
@ -650,17 +650,17 @@ public abstract class AbstractRBACManager
{
Set<Role> roleSet = new HashSet<Role>();
if ( ua != null && ua.getRoleNames() != null )
if ( ua != null && ua.getRoleIds() != null )
{
boolean childRoleNamesUpdated = false;
Iterator<String> it = ua.getRoleNames().listIterator();
Iterator<String> it = ua.getRoleIds().listIterator();
while ( it.hasNext() )
{
String roleName = it.next();
String roleId = it.next();
try
{
Role role = getRole( roleName );
Role role = getRoleById( roleId );
gatherEffectiveRoles( role, roleSet );
}

28
redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/AbstractUserAssignment.java
View File

@ -33,6 +33,12 @@ public abstract class AbstractUserAssignment
addRoleName( role.getName() );
}
@Override
public void addRoleId( Role role )
{
addRoleId( role.getId( ) );
}
public void addRoleName( String roleName )
{
List<String> names = getRoleNames();
@ -43,6 +49,16 @@ public abstract class AbstractUserAssignment
setRoleNames( names );
}
@Override
public void addRoleId( String roleId )
{
final List<String> ids = getRoleIds( );
if (!ids.contains( roleId )) {
ids.add( roleId );
}
setRoleIds( ids );
}
public void removeRoleName( Role role )
{
removeRoleName( role.getName() );
@ -52,4 +68,16 @@ public abstract class AbstractUserAssignment
{
getRoleNames().remove( roleName );
}
@Override
public void removeRoleId( Role role )
{
removeRoleId( role.getId() );
}
@Override
public void removeRoleId( String roleId )
{
getRoleIds( ).remove( roleId );
}
}

4
redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/RBACManager.java
View File

@ -433,10 +433,10 @@ public interface RBACManager
/**
* Returns the assignments for the given roles
* @param roleNames collection of role names
* @param roleIds collection of role names
* @throws RbacManagerException if the access to the backend datastore failed
*/
List<? extends UserAssignment> getUserAssignmentsForRoles( Collection<String> roleNames )
List<? extends UserAssignment> getUserAssignmentsForRoles( Collection<String> roleIds )
throws RbacManagerException;
/**

6
redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/RBACObjectAssertions.java
View File

@ -140,7 +140,7 @@ public class RBACObjectAssertions
throw new RbacObjectInvalidException( scope, "UserAssigment.principal cannot be empty." );
}
if ( assignment.getRoleNames() == null )
if ( assignment.getRoleIds() == null )
{
throw new RbacObjectInvalidException( scope, "UserAssignment.roles cannot be null." );
}
@ -153,11 +153,11 @@ public class RBACObjectAssertions
}
*/
int i = 0;
for ( String name : assignment.getRoleNames() )
for ( String name : assignment.getRoleIds() )
{
if ( StringUtils.isEmpty( name ) )
{
throw new RbacObjectInvalidException( scope, "UserAssignment.rolename[" + i + "] cannot be empty." );
throw new RbacObjectInvalidException( scope, "UserAssignment.roleid[" + i + "] cannot be empty." );
}
i++;
}

17
redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/UserAssignment.java
View File

@ -48,7 +48,9 @@ public interface UserAssignment
* @return List of &lt;{@link String}&gt; objects representing the Role Names.
*/
List<String> getRoleNames();
List<String> getRoleIds();
/**
* Add a rolename to this assignment.
*
@ -62,6 +64,13 @@ public interface UserAssignment
* @param roleName the role name.
*/
void addRoleName( String roleName );
void addRoleId( Role role );
/**
* Adds a role id to this assignment
* @param roleId
*/
void addRoleId( String roleId );
/**
* Remove a rolename from this assignment.
@ -77,6 +86,10 @@ public interface UserAssignment
*/
void removeRoleName( String roleName );
void removeRoleId( Role role );
void removeRoleId( String roleId );
/**
* Set the user principal object for this association.
*
@ -92,6 +105,8 @@ public interface UserAssignment
* @param roles the List of &lt;{@link String}&gt; objects representing the Role Names.
*/
void setRoleNames( List<String> roles );
void setRoleIds( List<String> roles );
/**
* Test to see if the object is a permanent object or not.

4
redback-rbac/redback-rbac-providers/redback-rbac-cached/src/main/java/org/apache/archiva/redback/rbac/cached/CachedRbacManager.java
View File

@ -479,11 +479,11 @@ public class CachedRbacManager
}
@Override
public List<? extends UserAssignment> getUserAssignmentsForRoles( Collection<String> roleNames )
public List<? extends UserAssignment> getUserAssignmentsForRoles( Collection<String> roleIds )
throws RbacManagerException
{
log.debug( "NOT CACHED - .getUserAssignmentsForRoles(Collection)" );
return this.rbacImpl.getUserAssignmentsForRoles( roleNames );
return this.rbacImpl.getUserAssignmentsForRoles( roleIds );
}
@Override

6
redback-rbac/redback-rbac-providers/redback-rbac-jpa/src/main/java/org/apache/archiva/redback/rbac/jpa/JpaRbacManager.java
View File

@ -466,11 +466,11 @@ public class JpaRbacManager extends AbstractRBACManager {
}
@Override
public List<? extends UserAssignment> getUserAssignmentsForRoles(Collection<String> roleNames) throws RbacManagerException {
public List<? extends UserAssignment> getUserAssignmentsForRoles(Collection<String> roleIds ) throws RbacManagerException {
try {
final EntityManager em = getEm();
TypedQuery<JpaUserAssignment> q = em.createQuery("SELECT ua FROM JpaUserAssignment ua WHERE ua.roleNames IN :roles", JpaUserAssignment.class);
q.setParameter("roles", roleNames);
TypedQuery<JpaUserAssignment> q = em.createQuery("SELECT ua FROM JpaUserAssignment ua WHERE ua.roleIds IN :roles", JpaUserAssignment.class);
q.setParameter("roles", roleIds );
return q.getResultList();
} catch (Exception ex) {
log.error("Query failed: {}",ex.getMessage(),ex);

23
redback-rbac/redback-rbac-providers/redback-rbac-jpa/src/main/java/org/apache/archiva/redback/rbac/jpa/model/JpaUserAssignment.java
View File

@ -56,7 +56,8 @@ public class JpaUserAssignment extends AbstractUserAssignment implements UserAss
@JoinColumn(name = "PRINCIPAL_OID", referencedColumnName = "PRINCIPAL", nullable = false)
}
)
private List<String> roleNames = new ArrayList<String>();
private List<String> roleIds = new ArrayList<>( );
@Column(name="PERMANENT", nullable = false)
private Boolean permanent = false;
@ -68,19 +69,31 @@ public class JpaUserAssignment extends AbstractUserAssignment implements UserAss
return principal;
}
@Override
public List<String> getRoleNames( )
{
return roleIds;
}
@Override
public void setPrincipal(String principal) {
this.principal = principal;
}
@Override
public List<String> getRoleNames() {
return roleNames;
public void setRoleNames( List<String> roles )
{
this.roleIds = roles;
}
@Override
public void setRoleNames(List<String> roleNames) {
this.roleNames = roleNames;
public List<String> getRoleIds() {
return roleIds;
}
@Override
public void setRoleIds( List<String> roleIds ) {
this.roleIds = roleIds;
}
@Override

127
redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java
View File

@ -62,6 +62,7 @@ import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
@ -688,7 +689,17 @@ public class LdapRbacManager
{
ldapConnection = ldapConnectionFactory.getConnection();
context = ldapConnection.getDirContext();
List<String> roles = ldapRoleMapper.getRoles( username, context, getRealRoles() );
List<String> roles = ldapRoleMapper.getRoles( username, context, getRealRoles() )
.stream( ).map( roleName -> {
try
{
return Optional.of( rbacImpl.getRole( roleName ).getId() );
}
catch ( RbacManagerException e )
{
return Optional.<String>empty( );
}
} ).filter( Optional::isPresent ).map( Optional::get ).collect( Collectors.toList() );
ua = new UserAssignmentImpl( username, roles );
@ -714,11 +725,11 @@ public class LdapRbacManager
}
@Override
public List<? extends UserAssignment> getUserAssignmentsForRoles( Collection<String> roleNames )
public List<? extends UserAssignment> getUserAssignmentsForRoles( Collection<String> roleIds )
throws RbacManagerException
{
// TODO from ldap
return this.rbacImpl.getUserAssignmentsForRoles( roleNames );
return this.rbacImpl.getUserAssignmentsForRoles( roleIds );
}
@Override
@ -1114,27 +1125,41 @@ public class LdapRbacManager
List<String> currentUserRoles =
ldapRoleMapper.getRoles( userAssignment.getPrincipal(), context, getRealRoles() );
Map<String, String> currentUserIds = currentUserRoles.stream( ).map( roleName -> {
try
{
return Optional.of( rbacImpl.getRole( roleName ) );
}
catch ( RbacManagerException e )
{
return Optional.<Role>empty( );
}
} ).filter( Optional::isPresent ).map(Optional::get)
.collect( Collectors.toMap( Role::getName, Role::getId ) );
for ( String role : userAssignment.getRoleNames() )
for ( String roleId : userAssignment.getRoleIds() )
{
if ( !currentUserRoles.contains( role ) && writableLdap )
Role rbacRole = rbacImpl.getRoleById( roleId );
String roleName = rbacRole.getName( );
if ( !currentUserRoles.contains( roleName ) && writableLdap )
{
// role exists in ldap ?
if ( !allRoles.contains( role ) )
if ( !allRoles.contains( roleName ) )
{
ldapRoleMapper.saveRole( role, context );
allRoles.add( role );
ldapRoleMapper.saveRole( roleName, context );
allRoles.add( roleName );
}
ldapRoleMapper.saveUserRole( role, userAssignment.getPrincipal(), context );
currentUserRoles.add( role );
ldapRoleMapper.saveUserRole( roleName, userAssignment.getPrincipal(), context );
currentUserRoles.add( roleName );
currentUserIds.put( roleName, rbacRole.getId( ) );
}
}
for ( String role : currentUserRoles )
for ( String roleName : currentUserRoles )
{
if ( !userAssignment.getRoleNames().contains( role ) && writableLdap )
if ( !userAssignment.getRoleIds().contains( currentUserIds.get(roleName) ) && writableLdap )
{
ldapRoleMapper.removeUserRole( role, userAssignment.getPrincipal(), context );
ldapRoleMapper.removeUserRole( roleName, userAssignment.getPrincipal(), context );
}
}
@ -1491,21 +1516,21 @@ public class LdapRbacManager
{
private String username;
private List<String> roleNames;
private List<String> roleIds;
private boolean permanent;
private UserAssignmentImpl( String username, Collection<String> roleNames )
private UserAssignmentImpl( String username, Collection<String> roleIds )
{
this.username = username;
if ( roleNames == null )
if ( roleIds == null )
{
this.roleNames = new ArrayList<String>();
this.roleIds = new ArrayList<>( );
}
else
{
this.roleNames = new ArrayList<String>( roleNames );
this.roleIds = new ArrayList<>( roleIds );
}
}
@ -1518,7 +1543,13 @@ public class LdapRbacManager
@Override
public List<String> getRoleNames()
{
return this.roleNames;
return this.roleIds;
}
@Override
public List<String> getRoleIds( )
{
return this.roleIds;
}
@Override
@ -1528,7 +1559,7 @@ public class LdapRbacManager
{
return;
}
this.roleNames.add( role.getName() );
this.roleIds.add( role.getName() );
}
@Override
@ -1538,7 +1569,27 @@ public class LdapRbacManager
{
return;
}
this.roleNames.add( roleName );
this.roleIds.add( roleName );
}
@Override
public void addRoleId( Role role )
{
if ( role == null )
{
return;
}
this.roleIds.add( role.getId() );
}
@Override
public void addRoleId( String roleId )
{
if ( roleId == null )
{
return;
}
this.roleIds.add( roleId );
}
@Override
@ -1548,7 +1599,7 @@ public class LdapRbacManager
{
return;
}
this.roleNames.remove( role.getName() );
this.roleIds.remove( role.getName() );
}
@Override
@ -1558,7 +1609,27 @@ public class LdapRbacManager
{
return;
}
this.roleNames.remove( roleName );
this.roleIds.remove( roleName );
}
@Override
public void removeRoleId( Role role )
{
if ( role == null )
{
return;
}
this.roleIds.remove( role.getId() );
}
@Override
public void removeRoleId( String roleId )
{
if ( roleId == null )
{
return;
}
this.roleIds.remove( roleId );
}
@Override
@ -1570,7 +1641,13 @@ public class LdapRbacManager
@Override
public void setRoleNames( List<String> roles )
{
this.roleNames = roles;
this.roleIds = roles;
}
@Override
public void setRoleIds( List<String> roles )
{
this.roleIds = roles;
}
@Override
@ -1591,7 +1668,7 @@ public class LdapRbacManager
final StringBuilder sb = new StringBuilder();
sb.append( "UserAssignmentImpl" );
sb.append( "{username='" ).append( username ).append( '\'' );
sb.append( ", roleNames=" ).append( roleNames );
sb.append( ", roleNames=" ).append( roleIds );
sb.append( ", permanent=" ).append( permanent );
sb.append( '}' );
return sb.toString();

8
redback-rbac/redback-rbac-providers/redback-rbac-memory/src/main/java/org/apache/archiva/redback/rbac/memory/MemoryRbacManager.java
View File

@ -515,18 +515,18 @@ public class MemoryRbacManager
}
@Override
public List<UserAssignment> getUserAssignmentsForRoles( Collection<String> roleNames )
public List<UserAssignment> getUserAssignmentsForRoles( Collection<String> roleIds )
throws RbacManagerException
{
List<UserAssignment> allUserAssignments = getAllUserAssignments();
List<UserAssignment> userAssignments = new ArrayList<UserAssignment>( allUserAssignments.size() );
List<UserAssignment> userAssignments = new ArrayList<>( allUserAssignments.size( ) );
for ( UserAssignment ua : allUserAssignments )
{
for ( String roleName : roleNames )
for ( String roleId : roleIds )
{
if ( ua.getRoleNames().contains( roleName ) )
if ( ua.getRoleIds().contains( roleId ) )
{
userAssignments.add( ua );
break;

17
redback-rbac/redback-rbac-providers/redback-rbac-memory/src/main/java/org/apache/archiva/redback/rbac/memory/MemoryUserAssignment.java
View File

@ -97,6 +97,17 @@ public class MemoryUserAssignment
return this.roles;
}
@Override
public List<String> getRoleIds( )
{
if ( this.roles == null )
{
this.roles = new ArrayList<String>( 0 );
}
return this.roles;
}
/**
* Method hashCode
*/
@ -127,6 +138,12 @@ public class MemoryUserAssignment
this.roles = roles;
}
@Override
public void setRoleIds( List<String> roles )
{
this.roles = roles;
}
/**
* Method toString
*/

35
redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/DefaultRoleManager.java
View File

@ -205,9 +205,9 @@ public class DefaultRoleManager
Role role = rbacManager.getRoleById( roleId );
for ( UserAssignment assignment : rbacManager.getUserAssignmentsForRoles(
Arrays.asList( role.getName() ) ) )
Arrays.asList( role.getId() ) ) )
{
assignment.removeRoleName( role );
assignment.removeRoleId( role );
rbacManager.saveUserAssignment( assignment );
}
@ -240,16 +240,19 @@ public class DefaultRoleManager
String oldRoleName = template.getNamePrefix() + template.getDelimiter() + oldResource;
String newRoleName = template.getNamePrefix() + template.getDelimiter() + newResource;
String oldRoleId = RoleModelUtils.getRoleId( templateId, oldResource );
String newRoleId = RoleModelUtils.getRoleId( templateId, newResource );
try
{
Role role = rbacManager.getRole( oldRoleName );
// remove the user assignments
for ( UserAssignment assignment : rbacManager.getUserAssignmentsForRoles(
Arrays.asList( role.getName() ) ) )
Arrays.asList( role.getId() ) ) )
{
assignment.removeRoleName( oldRoleName );
assignment.addRoleName( newRoleName );
assignment.removeRoleId( oldRoleId );
assignment.addRoleId( newRoleId );
rbacManager.saveUserAssignment( assignment );
}
}
@ -286,7 +289,7 @@ public class DefaultRoleManager
userAssignment = rbacManager.createUserAssignment( principal );
}
userAssignment.addRoleName( modelRole.getName() );
userAssignment.addRoleId( modelRole.getId() );
rbacManager.saveUserAssignment( userAssignment );
}
catch ( RbacManagerException e )
@ -301,6 +304,7 @@ public class DefaultRoleManager
{
try
{
Role role = rbacManager.getRole( roleName );
UserAssignment userAssignment;
if ( rbacManager.userAssignmentExists( principal ) )
@ -317,7 +321,7 @@ public class DefaultRoleManager
throw new RoleManagerException( "Unable to assign role: " + roleName + " does not exist." );
}
userAssignment.addRoleName( roleName );
userAssignment.addRoleId( role.getId() );
rbacManager.saveUserAssignment( userAssignment );
}
catch ( RbacManagerException e )
@ -355,7 +359,7 @@ public class DefaultRoleManager
userAssignment = rbacManager.createUserAssignment( principal );
}
userAssignment.addRoleName( modelTemplate.getNamePrefix() + modelTemplate.getDelimiter() + resource );
userAssignment.addRoleId( RoleModelUtils.getRoleId( modelTemplate.getId(), resource ) );
rbacManager.saveUserAssignment( userAssignment );
}
catch ( RbacManagerException e )
@ -368,15 +372,10 @@ public class DefaultRoleManager
public void unassignRole( String roleId, String principal )
throws RoleManagerException
{
ModelRole modelRole = RoleModelUtils.getModelRole( blessedModel, roleId );
if ( modelRole == null )
{
throw new RoleNotFoundException( "Unable to assign role: " + roleId + " does not exist." );
}
try
{
rbacManager.getRoleById( roleId );
UserAssignment userAssignment;
if ( rbacManager.userAssignmentExists( principal ) )
@ -389,9 +388,12 @@ public class DefaultRoleManager
"UserAssignment for principal " + principal + "does not exist, can't unassign role." );
}
userAssignment.removeRoleName( modelRole.getName() );
userAssignment.removeRoleId( roleId );
rbacManager.saveUserAssignment( userAssignment );
}
catch (RoleNotFoundException e) {
throw new RoleNotFoundException( "Unable to unassign role: " + roleId + " does not exist." );
}
catch ( RbacManagerException e )
{
throw new RoleManagerException( "Unable to unassign role: unable to manage user assignment", e );
@ -421,7 +423,8 @@ public class DefaultRoleManager
throw new RoleManagerException( "Unable to unassign role: " + roleName + " does not exist." );
}
userAssignment.removeRoleName( roleName );
Role rbacRole = rbacManager.getRole( roleName );
userAssignment.removeRoleId( rbacRole.getId() );
rbacManager.saveUserAssignment( userAssignment );
}
catch ( RbacManagerException e )

8
redback-rbac/redback-rbac-role-manager/src/test/java/org/apache/archiva/redback/role/AbstractRoleManagerTest.java
View File

@ -110,14 +110,14 @@ public abstract class AbstractRoleManagerTest
UserAssignment assignment = rbacManager.getUserAssignment( principal );
List<String> assignments = assignment.getRoleNames();
List<String> assignments = assignment.getRoleIds();
assertEquals( 3, assignments.size() );
for ( String roleName : assignments )
for ( String roleId : assignments )
{
logger.info( roleName );
assertTrue( "Test Role".equals( roleName ) || "Foo 2 - frigid".equals( roleName ) || "Test Role 1".equals( roleName ) );
logger.info( roleId );
assertTrue( "test-role".equals( roleId ) || "test-template-2.frigid".equals( roleId ) || "test-role-1".equals( roleId ) );
}
}

12
redback-rbac/redback-rbac-tests/src/main/java/org/apache/archiva/redback/tests/AbstractRbacManagerPerformanceTestCase.java
View File

@ -176,7 +176,7 @@ public class AbstractRbacManagerPerformanceTestCase
// Setup User / Assignment with 1 role.
String username = "bob";
UserAssignment assignment = manager.createUserAssignment( username );
assignment.addRoleName( devRole );
assignment.addRoleId( devRole );
assignment = manager.saveUserAssignment( assignment );
assertEquals( 1, manager.getAllUserAssignments().size() );
@ -187,11 +187,11 @@ public class AbstractRbacManagerPerformanceTestCase
assertEquals( 2, manager.getAllRoles().size() );
// assign the same role again to the same user
assignment.addRoleName( devRole.getName() );
assignment.addRoleId( devRole.getId() );
manager.saveUserAssignment( assignment );
// we certainly shouldn't have 2 roles here now
assertEquals( 1, assignment.getRoleNames().size() );
assertEquals( 1, assignment.getRoleIds().size() );
String bobId = assignment.getPrincipal();
@ -203,7 +203,7 @@ public class AbstractRbacManagerPerformanceTestCase
manager.saveRole( devPlusRole );
assignment = manager.createUserAssignment( username );
assignment.addRoleName( devRole );
assignment.addRoleId( devRole );
assignment = manager.saveUserAssignment( assignment );
assertEquals( 2, manager.getAllUserAssignments().size() );
@ -214,11 +214,11 @@ public class AbstractRbacManagerPerformanceTestCase
assertEquals( 2, manager.getAllRoles().size() );
// assign the same role again to the same user
assignment.addRoleName( devRole.getName() );
assignment.addRoleId( devRole.getId() );
manager.saveUserAssignment( assignment );
// we certainly shouldn't have 2 roles here now
assertEquals( 1, assignment.getRoleNames().size() );
assertEquals( 1, assignment.getRoleIds().size() );
String janetId = assignment.getPrincipal();

69
redback-rbac/redback-rbac-tests/src/main/java/org/apache/archiva/redback/tests/AbstractRbacManagerTestCase.java
View File

@ -104,7 +104,7 @@ public abstract class AbstractRbacManagerTestCase
private Role getDeveloperRole()
throws RbacManagerException
{
Role role = rbacManager.createRole( "DEVELOPER" );
Role role = rbacManager.createRole( "developer","DEVELOPER" );
role.setAssignable( true );
Permission perm = rbacManager.createPermission( "EDIT_MY_USER", "EDIT", "User:Self" );
@ -117,7 +117,7 @@ public abstract class AbstractRbacManagerTestCase
private Role getProjectAdminRole()
throws RbacManagerException
{
Role role = rbacManager.createRole( "PROJECT_ADMIN" );
Role role = rbacManager.createRole( "project-admin","PROJECT_ADMIN" );
role.setAssignable( true );
Permission perm = rbacManager.createPermission( "EDIT_PROJECT", "EDIT", "Project:Foo" );
@ -129,7 +129,8 @@ public abstract class AbstractRbacManagerTestCase
private Role getSuperDeveloperRole()
{
Role role = rbacManager.createRole( "SUPER_DEVELOPER" );
Role role = rbacManager.createRole( "super-developer","SUPER_DEVELOPER" );
role.setId( "super-developer" );
role.setAssignable( true );
return role;
@ -402,7 +403,7 @@ public abstract class AbstractRbacManagerTestCase
UserAssignment assignment = manager.createUserAssignment( adminPrincipal );
assignment.addRoleName( adminRole );
assignment.addRoleId( adminRole );
manager.saveUserAssignment( assignment );
@ -436,10 +437,10 @@ public abstract class AbstractRbacManagerTestCase
// don't use admin as ldap group need at least one member
String adminPrincipal = "theadmin";
UserAssignment assignment = manager.createUserAssignment( adminPrincipal );
assignment.addRoleName( adminRole );
assignment.addRoleId( adminRole );
assignment = manager.saveUserAssignment( assignment );
assertEquals( 1, assignment.getRoleNames().size() );
assertEquals( 1, assignment.getRoleIds().size() );
assertEquals( 1, manager.getAssignedRoles( adminPrincipal ).size() );
}
@ -462,7 +463,7 @@ public abstract class AbstractRbacManagerTestCase
UserAssignment ua = manager.createUserAssignment( adminPrincipal );
ua.addRoleName( admin );
ua.addRoleId( admin );
manager.saveUserAssignment( ua );
@ -536,7 +537,7 @@ public abstract class AbstractRbacManagerTestCase
// Setup User / Assignment with 1 role.
String username = "bob";
UserAssignment assignment = manager.createUserAssignment( username );
assignment.addRoleName( developerRole );
assignment.addRoleId( developerRole );
manager.saveUserAssignment( assignment );
assertEquals( incAssignements( 1 ), manager.getAllUserAssignments().size() );
@ -544,41 +545,41 @@ public abstract class AbstractRbacManagerTestCase
// Create another role add it to manager.
Role projectAdmin = getProjectAdminRole();
String projectAdminRoleName = projectAdmin.getName();
String projectAdminRoleId = projectAdmin.getId();
manager.saveRole( projectAdmin );
// Get User Assignment, add a second role
UserAssignment bob = manager.getUserAssignment( username );
bob.addRoleName( projectAdminRoleName );
bob.addRoleId( projectAdminRoleId );
bob = manager.saveUserAssignment( bob );
assertEquals( incAssignements( 1 ), manager.getAllUserAssignments().size() );
assertEquals( 2, manager.getAllRoles().size() );
assertEquals( 2, bob.getRoleNames().size() );
assertEquals( 2, bob.getRoleIds().size() );
assertEquals( 0, manager.getUnassignedRoles( bob.getPrincipal() ).size() );
List<String> roles = bob.getRoleNames();
List<String> roles = bob.getRoleIds();
assertEquals( 2, roles.size() );
// Remove 1 role from bob, end up with 1 role for bob.
roles.remove( projectAdminRoleName );
roles.remove( projectAdminRoleId );
assertEquals( 1, roles.size() );
bob.setRoleNames( roles );
bob.setRoleIds( roles );
bob = manager.saveUserAssignment( bob );
assertEquals( "Should only have 1 role under bob now.", 1, bob.getRoleNames().size() );
assertEquals( "Should only have 1 role under bob now.", 1, bob.getRoleIds().size() );
assertEquals( "Should have 2 total roles still.", 2, manager.getAllRoles().size() );
assertEquals( "Should have 1 assignable role", 1, manager.getUnassignedRoles( bob.getPrincipal() ).size() );
// Fetch bob again. see if role is missing.
UserAssignment cousin = manager.getUserAssignment( username );
assertEquals( 1, cousin.getRoleNames().size() );
assertEquals( 1, cousin.getRoleIds().size() );
assertEquals( "Should only have 1 role under bob now.", 1, cousin.getRoleNames().size() );
assertEquals( "Should only have 1 role under bob now.", 1, cousin.getRoleIds().size() );
assertEquals( "Should have 2 total roles still.", 2, manager.getAllRoles().size() );
// remove the last role
roles.remove( developerRole.getName() );
bob.setRoleNames( roles );
roles.remove( developerRole.getId() );
bob.setRoleIds( roles );
bob = manager.saveUserAssignment( bob );
assertEquals( "Should have 2 assignable roles.", 2, manager.getUnassignedRoles( bob.getPrincipal() ).size() );
@ -602,18 +603,18 @@ public abstract class AbstractRbacManagerTestCase
// Setup User / Assignment with 1 role.
String username = "bob";
UserAssignment assignment = manager.createUserAssignment( username );
assignment.addRoleName( devRole );
assignment.addRoleId( devRole );
assignment = manager.saveUserAssignment( assignment );
assertEquals( incAssignements( 1 ), manager.getAllUserAssignments().size() );
assertEquals( 1, manager.getAllRoles().size() );
// assign the same role again to the same user
assignment.addRoleName( devRole.getName() );
assignment.addRoleId( devRole.getId() );
manager.saveUserAssignment( assignment );
// we certainly shouldn't have 2 roles here now
assertEquals( 1, assignment.getRoleNames().size() );
assertEquals( 1, assignment.getRoleIds().size() );
/* Assert some event tracker stuff */
assertEventTracker( 1, 0, 1, 0, true, true );
@ -639,7 +640,7 @@ public abstract class AbstractRbacManagerTestCase
// Setup User / Assignment with 1 role.
String username = "bob";
UserAssignment assignment = manager.createUserAssignment( username );
assignment.addRoleName( devRole );
assignment.addRoleId( devRole );
assignment = manager.saveUserAssignment( assignment );
assertEquals( incAssignements( 1 ), manager.getAllUserAssignments().size() );
@ -650,11 +651,11 @@ public abstract class AbstractRbacManagerTestCase
assertEquals( 2, manager.getAllRoles().size() );
// assign the same role again to the same user
assignment.addRoleName( devRole.getName() );
assignment.addRoleId( devRole.getId() );
manager.saveUserAssignment( assignment );
// we certainly shouldn't have 2 roles here now
assertEquals( 1, assignment.getRoleNames().size() );
assertEquals( 1, assignment.getRoleIds().size() );
/* Assert some event tracker stuff */
assertEventTracker( 2, 0, 1, 0, true, true );
@ -678,12 +679,12 @@ public abstract class AbstractRbacManagerTestCase
String username = "bob";
UserAssignment assignment = manager.createUserAssignment( username );
assignment.addRoleName( developerRole.getName() );
assignment.addRoleName( projectAdminRole.getName() );
assignment.addRoleName( adminRole.getName() );
assignment.addRoleId( developerRole.getId() );
assignment.addRoleId( projectAdminRole.getId() );
assignment.addRoleId( adminRole.getId() );
assignment = manager.saveUserAssignment( assignment );
assertThat( assignment.getRoleNames() ).isNotNull().isNotEmpty().hasSize( 3 );
assertThat( assignment.getRoleIds() ).isNotNull().isNotEmpty().hasSize( 3 );
assertThat( manager.getAllUserAssignments() ).isNotNull().isNotEmpty().hasSize( incAssignements( 1 ) );
assertThat( manager.getAllRoles() ).isNotNull().isNotEmpty().hasSize( 3 );
@ -718,7 +719,7 @@ public abstract class AbstractRbacManagerTestCase
manager.saveRole( getAdminRole() );
manager.saveRole( getProjectAdminRole() );
Role added = manager.saveRole( getDeveloperRole() );
String roleName = added.getName();
String roleId = added.getId();
assertThat( manager.getAllRoles() ).isNotNull().isNotEmpty().hasSize( 3 );
assertThat( manager.getAllPermissions() ).isNotNull().isNotEmpty().hasSize( 3 );
@ -727,7 +728,7 @@ public abstract class AbstractRbacManagerTestCase
String username = "bob";
UserAssignment assignment = manager.createUserAssignment( username );
assignment.addRoleName( roleName );
assignment.addRoleId( roleId );
manager.saveUserAssignment( assignment );
assertThat( manager.getAllUserAssignments() ).isNotNull().isNotEmpty().hasSize( incAssignements( 1 ) );
@ -816,7 +817,7 @@ public abstract class AbstractRbacManagerTestCase
String username = "bob";
UserAssignment assignment = rbacManager.createUserAssignment( username );
assignment.addRoleName( "Developer" );
assignment.addRoleId( "developer" );
rbacManager.saveUserAssignment( assignment );
assertEquals( incAssignements( 1 ), rbacManager.getAllUserAssignments().size() );
@ -824,7 +825,7 @@ public abstract class AbstractRbacManagerTestCase
assertEquals( 6, rbacManager.getAllPermissions().size() );
// Get the List of Assigned Roles for user bob.
Role devel = rbacManager.getRole( "Developer" );
Role devel = rbacManager.getRoleById( "developer" );
assertNotNull( devel );
// First Depth.
@ -850,7 +851,7 @@ public abstract class AbstractRbacManagerTestCase
String username = "bob";
UserAssignment assignment = rbacManager.createUserAssignment( username );
assignment.addRoleName( "Developer" );
assignment.addRoleId( "developer" );
rbacManager.saveUserAssignment( assignment );
assertEquals( incAssignements( 1 ), rbacManager.getAllUserAssignments().size() );

4
redback-rbac/redback-rbac-tests/src/main/java/org/apache/archiva/redback/tests/utils/RBACDefaults.java
View File

@ -149,6 +149,7 @@ public class RBACDefaults
if ( !manager.roleExists( "User Administrator" ) )
{
Role userAdmin = manager.createRole( "User Administrator" );
userAdmin.setId( "user-administrator" );
userAdmin.addPermission( manager.getPermission( "Edit All Users" ) );
userAdmin.addPermission( manager.getPermission( "Remove Roles" ) );
userAdmin.setAssignable( true );
@ -158,6 +159,7 @@ public class RBACDefaults
if ( !manager.roleExists( "System Administrator" ) )
{
Role admin = manager.createRole( "System Administrator" );
admin.setId( "system-administrator" );
admin.addChildRoleName( "User Administrator" );
admin.addChildRoleId( "user-administrator" );
admin.addPermission( manager.getPermission( "Edit Configuration" ) );
@ -171,6 +173,7 @@ public class RBACDefaults
if ( !manager.roleExists( "Trusted Developer" ) )
{
Role developer = manager.createRole( "Trusted Developer" );
developer.setId( "trusted-developer" );
developer.addChildRoleName( "System Administrator" );
developer.addChildRoleId( "system-administrator" );
developer.addPermission( manager.getPermission( "Run Indexer" ) );
@ -181,6 +184,7 @@ public class RBACDefaults
if ( !manager.roleExists( "Developer" ) )
{
Role developer = manager.createRole( "Developer" );
developer.setId( "developer" );
developer.addChildRoleName( "Trusted Developer" );
developer.addChildRoleId( "trusted-developer" );
developer.addPermission( manager.getPermission( "Run Indexer" ) );