From f86d7396248a1d467d1047a0217778b50311b0b6 Mon Sep 17 00:00:00 2001 From: Martin Stockhammer Date: Thu, 26 Nov 2020 22:20:10 +0100 Subject: [PATCH] Switching to role id for userassignment --- .../security/LockedAdminEnvironmentCheck.java | 2 +- .../security/role/RedbackRoleConstants.java | 1 + .../DefaultRoleManagementService.java | 35 +++-- .../rest/services/v2/BaseRedbackService.java | 2 +- .../rest/services/v2/DefaultUserService.java | 14 +- .../services/v2/NativeGroupServiceTest.java | 5 +- .../services/v2/NativeRoleServiceTest.java | 56 ++++++++ .../redback/rbac/AbstractRBACManager.java | 24 ++-- .../redback/rbac/AbstractUserAssignment.java | 28 ++++ .../archiva/redback/rbac/RBACManager.java | 4 +- .../redback/rbac/RBACObjectAssertions.java | 6 +- .../archiva/redback/rbac/UserAssignment.java | 17 ++- .../rbac/cached/CachedRbacManager.java | 4 +- .../redback/rbac/jpa/JpaRbacManager.java | 6 +- .../rbac/jpa/model/JpaUserAssignment.java | 23 +++- .../redback/rbac/ldap/LdapRbacManager.java | 127 ++++++++++++++---- .../rbac/memory/MemoryRbacManager.java | 8 +- .../rbac/memory/MemoryUserAssignment.java | 17 +++ .../redback/role/DefaultRoleManager.java | 35 ++--- .../redback/role/AbstractRoleManagerTest.java | 8 +- ...bstractRbacManagerPerformanceTestCase.java | 12 +- .../tests/AbstractRbacManagerTestCase.java | 69 +++++----- .../redback/tests/utils/RBACDefaults.java | 4 + 23 files changed, 368 insertions(+), 139 deletions(-) diff --git a/redback-integrations/redback-common-integrations/src/main/java/org/apache/archiva/redback/integration/checks/security/LockedAdminEnvironmentCheck.java b/redback-integrations/redback-common-integrations/src/main/java/org/apache/archiva/redback/integration/checks/security/LockedAdminEnvironmentCheck.java index 35806375..34948230 100644 --- a/redback-integrations/redback-common-integrations/src/main/java/org/apache/archiva/redback/integration/checks/security/LockedAdminEnvironmentCheck.java +++ b/redback-integrations/redback-common-integrations/src/main/java/org/apache/archiva/redback/integration/checks/security/LockedAdminEnvironmentCheck.java @@ -74,7 +74,7 @@ public class LockedAdminEnvironmentCheck if ( !checked && !userManager.isReadOnly() ) { List roles = new ArrayList(); - roles.add( RedbackRoleConstants.SYSTEM_ADMINISTRATOR_ROLE ); + roles.add( RedbackRoleConstants.SYSTEM_ADMINISTRATOR_ROLE_ID ); List systemAdminstrators; try diff --git a/redback-integrations/redback-integrations-security/src/main/java/org/apache/archiva/redback/integration/security/role/RedbackRoleConstants.java b/redback-integrations/redback-integrations-security/src/main/java/org/apache/archiva/redback/integration/security/role/RedbackRoleConstants.java index 44c9fd21..7ffb1a80 100644 --- a/redback-integrations/redback-integrations-security/src/main/java/org/apache/archiva/redback/integration/security/role/RedbackRoleConstants.java +++ b/redback-integrations/redback-integrations-security/src/main/java/org/apache/archiva/redback/integration/security/role/RedbackRoleConstants.java @@ -31,6 +31,7 @@ public interface RedbackRoleConstants // roles public static final String SYSTEM_ADMINISTRATOR_ROLE = "System Administrator"; + public static final String SYSTEM_ADMINISTRATOR_ROLE_ID = "system-administrator"; public static final String USER_ADMINISTRATOR_ROLE = "User Administrator"; diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/DefaultRoleManagementService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/DefaultRoleManagementService.java index 40ec9a3b..6f936f6c 100644 --- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/DefaultRoleManagementService.java +++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/DefaultRoleManagementService.java @@ -60,7 +60,9 @@ import java.util.Comparator; import java.util.HashSet; import java.util.List; import java.util.Map; +import java.util.Optional; import java.util.Set; +import java.util.stream.Collectors; /** * @author Olivier Lamy @@ -390,13 +392,14 @@ public class DefaultRoleManagementService org.apache.archiva.redback.rbac.Role rbacRole = rbacManager.getRole( roleName ); Role role = new Role( rbacRole ); - Map parentRoles = rbacManager.getParentRoleNames( rbacRole ); - for ( String parentRoleName : parentRoles.keySet() ) + Map parentRoleIds = rbacManager.getParentRoleIds( rbacRole ); + for ( String parentRoleId : parentRoleIds.keySet() ) { - role.getParentRoleNames().add( parentRoleName ); + org.apache.archiva.redback.rbac.Role rbacParentRole = rbacManager.getRoleById( parentRoleId ); + role.getParentRoleNames().add( rbacParentRole.getName() ); } - List userAssignments = rbacManager.getUserAssignmentsForRoles( Arrays.asList( roleName ) ); + List userAssignments = rbacManager.getUserAssignmentsForRoles( Arrays.asList( rbacRole.getId() ) ); if ( userAssignments != null ) { @@ -417,7 +420,7 @@ public class DefaultRoleManagementService if ( !role.getParentRoleNames().isEmpty() ) { List userParentAssignments = - rbacManager.getUserAssignmentsForRoles( parentRoles.keySet() ); + rbacManager.getUserAssignmentsForRoles( parentRoleIds.keySet() ); if ( userParentAssignments != null ) { for ( UserAssignment userAssignment : userParentAssignments ) @@ -507,7 +510,8 @@ public class DefaultRoleManagementService assignment = rbacManager.createUserAssignment( username ); } - assignment.addRoleName( role.getName() ); + org.apache.archiva.redback.rbac.Role rbacRole = rbacManager.getRole( role.getName( ) ); + assignment.addRoleId( rbacRole.getId() ); assignment = rbacManager.saveUserAssignment( assignment ); log.info( "{} role assigned to {}", role.getName(), username ); } @@ -548,7 +552,8 @@ public class DefaultRoleManagementService assignment = rbacManager.createUserAssignment( username ); } - assignment.removeRoleName( role.getName() ); + org.apache.archiva.redback.rbac.Role rbacRole = rbacManager.getRole( role.getName( ) ); + assignment.removeRoleId( rbacRole.getId() ); assignment = rbacManager.saveUserAssignment( assignment ); log.info( "{} role unassigned to {}", role.getName(), username ); } @@ -724,10 +729,18 @@ public class DefaultRoleManagementService { assignment = rbacManager.createUserAssignment( username ); } - - assignment.setRoleNames( user.getAssignedRoles() ); - - assignment = rbacManager.saveUserAssignment( assignment ); + List assignedRoleIds = user.getAssignedRoles().stream().map(roleName -> { + try + { + return Optional.of( rbacManager.getRole( roleName ).getId( ) ); + } + catch ( RbacManagerException e ) + { + return Optional.empty( ); + } + } ).filter( Optional::isPresent ).map(Optional::get).collect( Collectors.toList()); + assignment.setRoleIds( assignedRoleIds ); + rbacManager.saveUserAssignment( assignment ); } catch ( RbacManagerException e ) diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/BaseRedbackService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/BaseRedbackService.java index 63318bb5..4dc9ab38 100644 --- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/BaseRedbackService.java +++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/BaseRedbackService.java @@ -86,7 +86,7 @@ public class BaseRedbackService { try { - return rbacManager.getUserAssignmentsForRoles( recurseRoles( rbacRole ).map( role -> role.getName( ) ).collect( Collectors.toList( ) ) ) + return rbacManager.getUserAssignmentsForRoles( recurseRoles( rbacRole ).map( role -> role.getId( ) ).collect( Collectors.toList( ) ) ) .stream( ).map( assignment -> getUserInfo( assignment.getPrincipal( ) ) ).collect( Collectors.toList( ) ); } catch ( RuntimeException e ) diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java index 5561d5c6..f32d5957 100644 --- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java +++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java @@ -984,20 +984,20 @@ public class DefaultUserService extends BaseRedbackService try { - final Set assignedRoleNames = new HashSet( rbacManager.getUserAssignment( username ).getRoleNames( ) ); + final Set assignedRoleIds = new HashSet( rbacManager.getUserAssignment( username ).getRoleIds( ) ); // We have to reuse the BaseRoleInfo objects, because the roles are not returned starting from the roots - final Map roleNameCache = new HashMap<>( ); + final Map roleIdCache = new HashMap<>( ); List roleList = rbacManager.getAllRoles( ).stream( ).flatMap( this::flattenRole ).map( role -> { - BaseRoleInfo roleInfo = roleNameCache.computeIfAbsent( role.getName( ), s -> new BaseRoleInfo( ) ); + BaseRoleInfo roleInfo = roleIdCache.computeIfAbsent( role.getId( ), s -> new BaseRoleInfo( ) ); // Setting the role data, as there may be child role objects that are not completely initialized roleInfo = BaseRoleInfo.of( role, roleInfo ); roleInfo.setApplicationId( roleApplicationMap.get( role.getId( ) ) ); - roleInfo.setAssigned( assignedRoleNames.contains( role.getName( ) ) ); - roleInfo.setChildren( role.getChildRoleNames( ).stream( ) - .map( roleName -> + roleInfo.setAssigned( assignedRoleIds.contains( role.getId( ) ) ); + roleInfo.setChildren( role.getChildRoleIds( ).stream( ) + .map( roleId -> { - BaseRoleInfo childRoleInfo = roleNameCache.computeIfAbsent( roleName, s -> BaseRoleInfo.ofName( roleName ) ); + BaseRoleInfo childRoleInfo = roleIdCache.computeIfAbsent( roleId, s -> BaseRoleInfo.ofId( roleId ) ); childRoleInfo.setChild( true ); return childRoleInfo; } ) diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeGroupServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeGroupServiceTest.java index 96d25dd0..5e8e855f 100644 --- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeGroupServiceTest.java +++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeGroupServiceTest.java @@ -22,6 +22,7 @@ import io.restassured.filter.log.UrlDecoder; import io.restassured.http.ContentType; import io.restassured.response.Response; import org.apache.archiva.components.apacheds.ApacheDs; +import org.apache.archiva.redback.rest.api.Constants; import org.apache.archiva.redback.rest.api.model.Group; import org.apache.archiva.redback.rest.api.model.v2.GroupMapping; import org.apache.archiva.redback.rest.services.BaseSetup; @@ -323,7 +324,7 @@ public class NativeGroupServiceTest extends AbstractNativeRestServices List data = response.body( ).jsonPath( ).getList( "data", Group.class ); assertNotNull( data ); assertEquals( Integer.valueOf( 0 ), response.body( ).jsonPath( ).get( "pagination.offset" ) ); - assertEquals( Integer.valueOf( 1000 ), response.body( ).jsonPath( ).get( "pagination.limit" ) ); + assertEquals( Integer.valueOf( Constants.DEFAULT_PAGE_LIMIT ), response.body( ).jsonPath( ).get( "pagination.limit" ) ); assertEquals( Integer.valueOf( 6 ), response.body( ).jsonPath( ).get( "pagination.total_count" ) ); assertEquals( 6, data.size( ) ); String[] values = data.stream( ).map( ldapInfo -> ldapInfo.getName( ) ).sorted( ).collect( Collectors.toList( ) ).toArray( new String[0] ); @@ -363,7 +364,7 @@ public class NativeGroupServiceTest extends AbstractNativeRestServices List data = response.body( ).jsonPath( ).getList( "data", Group.class ); assertNotNull( data ); assertEquals( Integer.valueOf( 2 ), response.body( ).jsonPath( ).get( "pagination.offset" ) ); - assertEquals( Integer.valueOf( 1000 ), response.body( ).jsonPath( ).get( "pagination.limit" ) ); + assertEquals( Integer.valueOf( Constants.DEFAULT_PAGE_LIMIT ), response.body( ).jsonPath( ).get( "pagination.limit" ) ); assertEquals( Integer.valueOf( 6 ), response.body( ).jsonPath( ).get( "pagination.total_count" ) ); assertEquals( 4, data.size( ) ); String[] values = data.stream( ).map( ldapInfo -> ldapInfo.getName( ) ).sorted( ).collect( Collectors.toList( ) ).toArray( new String[0] ); diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeRoleServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeRoleServiceTest.java index 863b871c..b62b4fa1 100644 --- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeRoleServiceTest.java +++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeRoleServiceTest.java @@ -664,5 +664,61 @@ public class NativeRoleServiceTest extends AbstractNativeRestServices } } + @Test + void unAssignTemplatedRole( ) + { + String token = getAdminToken( ); + Map jsonAsMap = new HashMap<>( ); + jsonAsMap.put( "user_id", "aragorn" ); + jsonAsMap.put( "email", "aragorn@lordoftherings.org" ); + jsonAsMap.put( "full_name", "Aragorn King of Gondor " ); + jsonAsMap.put( "password", "pAssw0rD" ); + + try + { + given( ).spec( getRequestSpec( token ) ).contentType( JSON ) + .when( ) + .put( "template/archiva-repository-manager/repository12" ) + .then( ).statusCode( 201 ); + given( ).spec( getRequestSpec( token, getUserServicePath( ) ) ).contentType( JSON ) + .body( jsonAsMap ) + .when( ) + .post( ) + .then( ).statusCode( 201 ); + given( ).spec( getRequestSpec( token ) ).contentType( JSON ) + .when( ) + .put( "template/archiva-repository-manager/repository12/user/aragorn" ) + .then( ).statusCode( 200 ); + Response response = given( ).spec( getRequestSpec( token, getUserServicePath( ) ) ).contentType( JSON ) + .when( ) + .get( "aragorn/roles" ) + .then( ).statusCode( 200 ).extract( ).response( ); + List roles = response.getBody( ).jsonPath( ).getList( "", RoleInfo.class ); + assertTrue( roles.stream( ).filter( role -> "archiva-repository-manager.repository12".equals( role.getId( ) ) ).findAny( ).isPresent( ) ); + given( ).spec( getRequestSpec( token ) ).contentType( JSON ) + .when( ) + .delete( "archiva-repository-manager.repository12/user/aragorn" ) + .then( ).statusCode( 200 ); + response = given( ).spec( getRequestSpec( token, getUserServicePath( ) ) ).contentType( JSON ) + .when( ) + .get( "aragorn/roles" ) + .then( ).statusCode( 200 ).extract( ).response( ); + roles = response.getBody( ).jsonPath( ).getList( "", RoleInfo.class ); + assertFalse( roles.stream( ).filter( role -> "archiva-repository-manager.repository12".equals( role.getId( ) ) ).findAny( ).isPresent( ) ); + } + finally + { + given( ).spec( getRequestSpec( token, getUserServicePath( ) ) ).contentType( JSON ) + .when( ) + .delete( "aragorn" ).then().statusCode( 200 ); + given( ).spec( getRequestSpec( token ) ).contentType( JSON ) + .when( ) + .delete( "template/archiva-repository-manager/repository12" ).then().statusCode( 200 ); + given( ).spec( getRequestSpec( token ) ).contentType( JSON ) + .when( ) + .delete( "template/archiva-repository-observer/repository12" ).then().statusCode( 200 ); + + } + } } diff --git a/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/AbstractRBACManager.java b/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/AbstractRBACManager.java index bdecd29d..656a05b4 100644 --- a/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/AbstractRBACManager.java +++ b/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/AbstractRBACManager.java @@ -432,17 +432,17 @@ public abstract class AbstractRBACManager Set permissionSet = new HashSet(); - if ( ua.getRoleNames() != null ) + if ( ua.getRoleIds() != null ) { boolean childRoleNamesUpdated = false; - Iterator it = ua.getRoleNames().listIterator(); + Iterator it = ua.getRoleIds().listIterator(); while ( it.hasNext() ) { - String roleName = it.next(); + String roleId = it.next(); try { - Role role = getRole( roleName ); + Role role = getRoleById( roleId ); gatherUniquePermissions( role, permissionSet ); } catch ( RbacObjectNotFoundException e ) @@ -563,17 +563,17 @@ public abstract class AbstractRBACManager { Set roleSet = new HashSet(); - if ( ua.getRoleNames() != null ) + if ( ua.getRoleIds() != null ) { boolean childRoleNamesUpdated = false; - Iterator it = ua.getRoleNames().listIterator(); + Iterator it = ua.getRoleIds().listIterator(); while ( it.hasNext() ) { - String roleName = it.next(); + String roleId = it.next(); try { - Role role = getRole( roleName ); + Role role = getRoleById( roleId ); if ( !roleSet.contains( role ) ) { @@ -650,17 +650,17 @@ public abstract class AbstractRBACManager { Set roleSet = new HashSet(); - if ( ua != null && ua.getRoleNames() != null ) + if ( ua != null && ua.getRoleIds() != null ) { boolean childRoleNamesUpdated = false; - Iterator it = ua.getRoleNames().listIterator(); + Iterator it = ua.getRoleIds().listIterator(); while ( it.hasNext() ) { - String roleName = it.next(); + String roleId = it.next(); try { - Role role = getRole( roleName ); + Role role = getRoleById( roleId ); gatherEffectiveRoles( role, roleSet ); } diff --git a/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/AbstractUserAssignment.java b/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/AbstractUserAssignment.java index 80dabf0e..8b8d1945 100644 --- a/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/AbstractUserAssignment.java +++ b/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/AbstractUserAssignment.java @@ -33,6 +33,12 @@ public abstract class AbstractUserAssignment addRoleName( role.getName() ); } + @Override + public void addRoleId( Role role ) + { + addRoleId( role.getId( ) ); + } + public void addRoleName( String roleName ) { List names = getRoleNames(); @@ -43,6 +49,16 @@ public abstract class AbstractUserAssignment setRoleNames( names ); } + @Override + public void addRoleId( String roleId ) + { + final List ids = getRoleIds( ); + if (!ids.contains( roleId )) { + ids.add( roleId ); + } + setRoleIds( ids ); + } + public void removeRoleName( Role role ) { removeRoleName( role.getName() ); @@ -52,4 +68,16 @@ public abstract class AbstractUserAssignment { getRoleNames().remove( roleName ); } + + @Override + public void removeRoleId( Role role ) + { + removeRoleId( role.getId() ); + } + + @Override + public void removeRoleId( String roleId ) + { + getRoleIds( ).remove( roleId ); + } } diff --git a/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/RBACManager.java b/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/RBACManager.java index 16ac43d8..289371b7 100644 --- a/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/RBACManager.java +++ b/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/RBACManager.java @@ -433,10 +433,10 @@ public interface RBACManager /** * Returns the assignments for the given roles - * @param roleNames collection of role names + * @param roleIds collection of role names * @throws RbacManagerException if the access to the backend datastore failed */ - List getUserAssignmentsForRoles( Collection roleNames ) + List getUserAssignmentsForRoles( Collection roleIds ) throws RbacManagerException; /** diff --git a/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/RBACObjectAssertions.java b/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/RBACObjectAssertions.java index 560b0f17..16bb7808 100644 --- a/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/RBACObjectAssertions.java +++ b/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/RBACObjectAssertions.java @@ -140,7 +140,7 @@ public class RBACObjectAssertions throw new RbacObjectInvalidException( scope, "UserAssigment.principal cannot be empty." ); } - if ( assignment.getRoleNames() == null ) + if ( assignment.getRoleIds() == null ) { throw new RbacObjectInvalidException( scope, "UserAssignment.roles cannot be null." ); } @@ -153,11 +153,11 @@ public class RBACObjectAssertions } */ int i = 0; - for ( String name : assignment.getRoleNames() ) + for ( String name : assignment.getRoleIds() ) { if ( StringUtils.isEmpty( name ) ) { - throw new RbacObjectInvalidException( scope, "UserAssignment.rolename[" + i + "] cannot be empty." ); + throw new RbacObjectInvalidException( scope, "UserAssignment.roleid[" + i + "] cannot be empty." ); } i++; } diff --git a/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/UserAssignment.java b/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/UserAssignment.java index 6d68c0a4..5d1b9741 100644 --- a/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/UserAssignment.java +++ b/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/UserAssignment.java @@ -48,7 +48,9 @@ public interface UserAssignment * @return List of <{@link String}> objects representing the Role Names. */ List getRoleNames(); - + + List getRoleIds(); + /** * Add a rolename to this assignment. * @@ -62,6 +64,13 @@ public interface UserAssignment * @param roleName the role name. */ void addRoleName( String roleName ); + + void addRoleId( Role role ); + /** + * Adds a role id to this assignment + * @param roleId + */ + void addRoleId( String roleId ); /** * Remove a rolename from this assignment. @@ -77,6 +86,10 @@ public interface UserAssignment */ void removeRoleName( String roleName ); + void removeRoleId( Role role ); + + void removeRoleId( String roleId ); + /** * Set the user principal object for this association. * @@ -92,6 +105,8 @@ public interface UserAssignment * @param roles the List of <{@link String}> objects representing the Role Names. */ void setRoleNames( List roles ); + + void setRoleIds( List roles ); /** * Test to see if the object is a permanent object or not. diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-cached/src/main/java/org/apache/archiva/redback/rbac/cached/CachedRbacManager.java b/redback-rbac/redback-rbac-providers/redback-rbac-cached/src/main/java/org/apache/archiva/redback/rbac/cached/CachedRbacManager.java index 7fbbcddf..9a6258ce 100644 --- a/redback-rbac/redback-rbac-providers/redback-rbac-cached/src/main/java/org/apache/archiva/redback/rbac/cached/CachedRbacManager.java +++ b/redback-rbac/redback-rbac-providers/redback-rbac-cached/src/main/java/org/apache/archiva/redback/rbac/cached/CachedRbacManager.java @@ -479,11 +479,11 @@ public class CachedRbacManager } @Override - public List getUserAssignmentsForRoles( Collection roleNames ) + public List getUserAssignmentsForRoles( Collection roleIds ) throws RbacManagerException { log.debug( "NOT CACHED - .getUserAssignmentsForRoles(Collection)" ); - return this.rbacImpl.getUserAssignmentsForRoles( roleNames ); + return this.rbacImpl.getUserAssignmentsForRoles( roleIds ); } @Override diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-jpa/src/main/java/org/apache/archiva/redback/rbac/jpa/JpaRbacManager.java b/redback-rbac/redback-rbac-providers/redback-rbac-jpa/src/main/java/org/apache/archiva/redback/rbac/jpa/JpaRbacManager.java index 8bd32128..92538675 100644 --- a/redback-rbac/redback-rbac-providers/redback-rbac-jpa/src/main/java/org/apache/archiva/redback/rbac/jpa/JpaRbacManager.java +++ b/redback-rbac/redback-rbac-providers/redback-rbac-jpa/src/main/java/org/apache/archiva/redback/rbac/jpa/JpaRbacManager.java @@ -466,11 +466,11 @@ public class JpaRbacManager extends AbstractRBACManager { } @Override - public List getUserAssignmentsForRoles(Collection roleNames) throws RbacManagerException { + public List getUserAssignmentsForRoles(Collection roleIds ) throws RbacManagerException { try { final EntityManager em = getEm(); - TypedQuery q = em.createQuery("SELECT ua FROM JpaUserAssignment ua WHERE ua.roleNames IN :roles", JpaUserAssignment.class); - q.setParameter("roles", roleNames); + TypedQuery q = em.createQuery("SELECT ua FROM JpaUserAssignment ua WHERE ua.roleIds IN :roles", JpaUserAssignment.class); + q.setParameter("roles", roleIds ); return q.getResultList(); } catch (Exception ex) { log.error("Query failed: {}",ex.getMessage(),ex); diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-jpa/src/main/java/org/apache/archiva/redback/rbac/jpa/model/JpaUserAssignment.java b/redback-rbac/redback-rbac-providers/redback-rbac-jpa/src/main/java/org/apache/archiva/redback/rbac/jpa/model/JpaUserAssignment.java index 7e64bdd1..dcce5e3a 100644 --- a/redback-rbac/redback-rbac-providers/redback-rbac-jpa/src/main/java/org/apache/archiva/redback/rbac/jpa/model/JpaUserAssignment.java +++ b/redback-rbac/redback-rbac-providers/redback-rbac-jpa/src/main/java/org/apache/archiva/redback/rbac/jpa/model/JpaUserAssignment.java @@ -56,7 +56,8 @@ public class JpaUserAssignment extends AbstractUserAssignment implements UserAss @JoinColumn(name = "PRINCIPAL_OID", referencedColumnName = "PRINCIPAL", nullable = false) } ) - private List roleNames = new ArrayList(); + private List roleIds = new ArrayList<>( ); + @Column(name="PERMANENT", nullable = false) private Boolean permanent = false; @@ -68,19 +69,31 @@ public class JpaUserAssignment extends AbstractUserAssignment implements UserAss return principal; } + @Override + public List getRoleNames( ) + { + return roleIds; + } + @Override public void setPrincipal(String principal) { this.principal = principal; } @Override - public List getRoleNames() { - return roleNames; + public void setRoleNames( List roles ) + { + this.roleIds = roles; } @Override - public void setRoleNames(List roleNames) { - this.roleNames = roleNames; + public List getRoleIds() { + return roleIds; + } + + @Override + public void setRoleIds( List roleIds ) { + this.roleIds = roleIds; } @Override diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java index c5d9e8a8..f38a46d0 100644 --- a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java +++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java @@ -62,6 +62,7 @@ import java.util.Collection; import java.util.Collections; import java.util.List; import java.util.Map; +import java.util.Optional; import java.util.Set; import java.util.stream.Collectors; import java.util.stream.Stream; @@ -688,7 +689,17 @@ public class LdapRbacManager { ldapConnection = ldapConnectionFactory.getConnection(); context = ldapConnection.getDirContext(); - List roles = ldapRoleMapper.getRoles( username, context, getRealRoles() ); + List roles = ldapRoleMapper.getRoles( username, context, getRealRoles() ) + .stream( ).map( roleName -> { + try + { + return Optional.of( rbacImpl.getRole( roleName ).getId() ); + } + catch ( RbacManagerException e ) + { + return Optional.empty( ); + } + } ).filter( Optional::isPresent ).map( Optional::get ).collect( Collectors.toList() ); ua = new UserAssignmentImpl( username, roles ); @@ -714,11 +725,11 @@ public class LdapRbacManager } @Override - public List getUserAssignmentsForRoles( Collection roleNames ) + public List getUserAssignmentsForRoles( Collection roleIds ) throws RbacManagerException { // TODO from ldap - return this.rbacImpl.getUserAssignmentsForRoles( roleNames ); + return this.rbacImpl.getUserAssignmentsForRoles( roleIds ); } @Override @@ -1114,27 +1125,41 @@ public class LdapRbacManager List currentUserRoles = ldapRoleMapper.getRoles( userAssignment.getPrincipal(), context, getRealRoles() ); + Map currentUserIds = currentUserRoles.stream( ).map( roleName -> { + try + { + return Optional.of( rbacImpl.getRole( roleName ) ); + } + catch ( RbacManagerException e ) + { + return Optional.empty( ); + } + } ).filter( Optional::isPresent ).map(Optional::get) + .collect( Collectors.toMap( Role::getName, Role::getId ) ); - for ( String role : userAssignment.getRoleNames() ) + for ( String roleId : userAssignment.getRoleIds() ) { - if ( !currentUserRoles.contains( role ) && writableLdap ) + Role rbacRole = rbacImpl.getRoleById( roleId ); + String roleName = rbacRole.getName( ); + if ( !currentUserRoles.contains( roleName ) && writableLdap ) { // role exists in ldap ? - if ( !allRoles.contains( role ) ) + if ( !allRoles.contains( roleName ) ) { - ldapRoleMapper.saveRole( role, context ); - allRoles.add( role ); + ldapRoleMapper.saveRole( roleName, context ); + allRoles.add( roleName ); } - ldapRoleMapper.saveUserRole( role, userAssignment.getPrincipal(), context ); - currentUserRoles.add( role ); + ldapRoleMapper.saveUserRole( roleName, userAssignment.getPrincipal(), context ); + currentUserRoles.add( roleName ); + currentUserIds.put( roleName, rbacRole.getId( ) ); } } - for ( String role : currentUserRoles ) + for ( String roleName : currentUserRoles ) { - if ( !userAssignment.getRoleNames().contains( role ) && writableLdap ) + if ( !userAssignment.getRoleIds().contains( currentUserIds.get(roleName) ) && writableLdap ) { - ldapRoleMapper.removeUserRole( role, userAssignment.getPrincipal(), context ); + ldapRoleMapper.removeUserRole( roleName, userAssignment.getPrincipal(), context ); } } @@ -1491,21 +1516,21 @@ public class LdapRbacManager { private String username; - private List roleNames; + private List roleIds; private boolean permanent; - private UserAssignmentImpl( String username, Collection roleNames ) + private UserAssignmentImpl( String username, Collection roleIds ) { this.username = username; - if ( roleNames == null ) + if ( roleIds == null ) { - this.roleNames = new ArrayList(); + this.roleIds = new ArrayList<>( ); } else { - this.roleNames = new ArrayList( roleNames ); + this.roleIds = new ArrayList<>( roleIds ); } } @@ -1518,7 +1543,13 @@ public class LdapRbacManager @Override public List getRoleNames() { - return this.roleNames; + return this.roleIds; + } + + @Override + public List getRoleIds( ) + { + return this.roleIds; } @Override @@ -1528,7 +1559,7 @@ public class LdapRbacManager { return; } - this.roleNames.add( role.getName() ); + this.roleIds.add( role.getName() ); } @Override @@ -1538,7 +1569,27 @@ public class LdapRbacManager { return; } - this.roleNames.add( roleName ); + this.roleIds.add( roleName ); + } + + @Override + public void addRoleId( Role role ) + { + if ( role == null ) + { + return; + } + this.roleIds.add( role.getId() ); + } + + @Override + public void addRoleId( String roleId ) + { + if ( roleId == null ) + { + return; + } + this.roleIds.add( roleId ); } @Override @@ -1548,7 +1599,7 @@ public class LdapRbacManager { return; } - this.roleNames.remove( role.getName() ); + this.roleIds.remove( role.getName() ); } @Override @@ -1558,7 +1609,27 @@ public class LdapRbacManager { return; } - this.roleNames.remove( roleName ); + this.roleIds.remove( roleName ); + } + + @Override + public void removeRoleId( Role role ) + { + if ( role == null ) + { + return; + } + this.roleIds.remove( role.getId() ); + } + + @Override + public void removeRoleId( String roleId ) + { + if ( roleId == null ) + { + return; + } + this.roleIds.remove( roleId ); } @Override @@ -1570,7 +1641,13 @@ public class LdapRbacManager @Override public void setRoleNames( List roles ) { - this.roleNames = roles; + this.roleIds = roles; + } + + @Override + public void setRoleIds( List roles ) + { + this.roleIds = roles; } @Override @@ -1591,7 +1668,7 @@ public class LdapRbacManager final StringBuilder sb = new StringBuilder(); sb.append( "UserAssignmentImpl" ); sb.append( "{username='" ).append( username ).append( '\'' ); - sb.append( ", roleNames=" ).append( roleNames ); + sb.append( ", roleNames=" ).append( roleIds ); sb.append( ", permanent=" ).append( permanent ); sb.append( '}' ); return sb.toString(); diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-memory/src/main/java/org/apache/archiva/redback/rbac/memory/MemoryRbacManager.java b/redback-rbac/redback-rbac-providers/redback-rbac-memory/src/main/java/org/apache/archiva/redback/rbac/memory/MemoryRbacManager.java index 235d3abe..9ac875c3 100644 --- a/redback-rbac/redback-rbac-providers/redback-rbac-memory/src/main/java/org/apache/archiva/redback/rbac/memory/MemoryRbacManager.java +++ b/redback-rbac/redback-rbac-providers/redback-rbac-memory/src/main/java/org/apache/archiva/redback/rbac/memory/MemoryRbacManager.java @@ -515,18 +515,18 @@ public class MemoryRbacManager } @Override - public List getUserAssignmentsForRoles( Collection roleNames ) + public List getUserAssignmentsForRoles( Collection roleIds ) throws RbacManagerException { List allUserAssignments = getAllUserAssignments(); - List userAssignments = new ArrayList( allUserAssignments.size() ); + List userAssignments = new ArrayList<>( allUserAssignments.size( ) ); for ( UserAssignment ua : allUserAssignments ) { - for ( String roleName : roleNames ) + for ( String roleId : roleIds ) { - if ( ua.getRoleNames().contains( roleName ) ) + if ( ua.getRoleIds().contains( roleId ) ) { userAssignments.add( ua ); break; diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-memory/src/main/java/org/apache/archiva/redback/rbac/memory/MemoryUserAssignment.java b/redback-rbac/redback-rbac-providers/redback-rbac-memory/src/main/java/org/apache/archiva/redback/rbac/memory/MemoryUserAssignment.java index 49e01d27..fcf46a95 100644 --- a/redback-rbac/redback-rbac-providers/redback-rbac-memory/src/main/java/org/apache/archiva/redback/rbac/memory/MemoryUserAssignment.java +++ b/redback-rbac/redback-rbac-providers/redback-rbac-memory/src/main/java/org/apache/archiva/redback/rbac/memory/MemoryUserAssignment.java @@ -97,6 +97,17 @@ public class MemoryUserAssignment return this.roles; } + @Override + public List getRoleIds( ) + { + if ( this.roles == null ) + { + this.roles = new ArrayList( 0 ); + } + + return this.roles; + } + /** * Method hashCode */ @@ -127,6 +138,12 @@ public class MemoryUserAssignment this.roles = roles; } + @Override + public void setRoleIds( List roles ) + { + this.roles = roles; + } + /** * Method toString */ diff --git a/redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/DefaultRoleManager.java b/redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/DefaultRoleManager.java index d83e6426..59696337 100644 --- a/redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/DefaultRoleManager.java +++ b/redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/DefaultRoleManager.java @@ -205,9 +205,9 @@ public class DefaultRoleManager Role role = rbacManager.getRoleById( roleId ); for ( UserAssignment assignment : rbacManager.getUserAssignmentsForRoles( - Arrays.asList( role.getName() ) ) ) + Arrays.asList( role.getId() ) ) ) { - assignment.removeRoleName( role ); + assignment.removeRoleId( role ); rbacManager.saveUserAssignment( assignment ); } @@ -240,16 +240,19 @@ public class DefaultRoleManager String oldRoleName = template.getNamePrefix() + template.getDelimiter() + oldResource; String newRoleName = template.getNamePrefix() + template.getDelimiter() + newResource; + String oldRoleId = RoleModelUtils.getRoleId( templateId, oldResource ); + String newRoleId = RoleModelUtils.getRoleId( templateId, newResource ); + try { Role role = rbacManager.getRole( oldRoleName ); // remove the user assignments for ( UserAssignment assignment : rbacManager.getUserAssignmentsForRoles( - Arrays.asList( role.getName() ) ) ) + Arrays.asList( role.getId() ) ) ) { - assignment.removeRoleName( oldRoleName ); - assignment.addRoleName( newRoleName ); + assignment.removeRoleId( oldRoleId ); + assignment.addRoleId( newRoleId ); rbacManager.saveUserAssignment( assignment ); } } @@ -286,7 +289,7 @@ public class DefaultRoleManager userAssignment = rbacManager.createUserAssignment( principal ); } - userAssignment.addRoleName( modelRole.getName() ); + userAssignment.addRoleId( modelRole.getId() ); rbacManager.saveUserAssignment( userAssignment ); } catch ( RbacManagerException e ) @@ -301,6 +304,7 @@ public class DefaultRoleManager { try { + Role role = rbacManager.getRole( roleName ); UserAssignment userAssignment; if ( rbacManager.userAssignmentExists( principal ) ) @@ -317,7 +321,7 @@ public class DefaultRoleManager throw new RoleManagerException( "Unable to assign role: " + roleName + " does not exist." ); } - userAssignment.addRoleName( roleName ); + userAssignment.addRoleId( role.getId() ); rbacManager.saveUserAssignment( userAssignment ); } catch ( RbacManagerException e ) @@ -355,7 +359,7 @@ public class DefaultRoleManager userAssignment = rbacManager.createUserAssignment( principal ); } - userAssignment.addRoleName( modelTemplate.getNamePrefix() + modelTemplate.getDelimiter() + resource ); + userAssignment.addRoleId( RoleModelUtils.getRoleId( modelTemplate.getId(), resource ) ); rbacManager.saveUserAssignment( userAssignment ); } catch ( RbacManagerException e ) @@ -368,15 +372,10 @@ public class DefaultRoleManager public void unassignRole( String roleId, String principal ) throws RoleManagerException { - ModelRole modelRole = RoleModelUtils.getModelRole( blessedModel, roleId ); - - if ( modelRole == null ) - { - throw new RoleNotFoundException( "Unable to assign role: " + roleId + " does not exist." ); - } try { + rbacManager.getRoleById( roleId ); UserAssignment userAssignment; if ( rbacManager.userAssignmentExists( principal ) ) @@ -389,9 +388,12 @@ public class DefaultRoleManager "UserAssignment for principal " + principal + "does not exist, can't unassign role." ); } - userAssignment.removeRoleName( modelRole.getName() ); + userAssignment.removeRoleId( roleId ); rbacManager.saveUserAssignment( userAssignment ); } + catch (RoleNotFoundException e) { + throw new RoleNotFoundException( "Unable to unassign role: " + roleId + " does not exist." ); + } catch ( RbacManagerException e ) { throw new RoleManagerException( "Unable to unassign role: unable to manage user assignment", e ); @@ -421,7 +423,8 @@ public class DefaultRoleManager throw new RoleManagerException( "Unable to unassign role: " + roleName + " does not exist." ); } - userAssignment.removeRoleName( roleName ); + Role rbacRole = rbacManager.getRole( roleName ); + userAssignment.removeRoleId( rbacRole.getId() ); rbacManager.saveUserAssignment( userAssignment ); } catch ( RbacManagerException e ) diff --git a/redback-rbac/redback-rbac-role-manager/src/test/java/org/apache/archiva/redback/role/AbstractRoleManagerTest.java b/redback-rbac/redback-rbac-role-manager/src/test/java/org/apache/archiva/redback/role/AbstractRoleManagerTest.java index 50b303af..9bc074c9 100644 --- a/redback-rbac/redback-rbac-role-manager/src/test/java/org/apache/archiva/redback/role/AbstractRoleManagerTest.java +++ b/redback-rbac/redback-rbac-role-manager/src/test/java/org/apache/archiva/redback/role/AbstractRoleManagerTest.java @@ -110,14 +110,14 @@ public abstract class AbstractRoleManagerTest UserAssignment assignment = rbacManager.getUserAssignment( principal ); - List assignments = assignment.getRoleNames(); + List assignments = assignment.getRoleIds(); assertEquals( 3, assignments.size() ); - for ( String roleName : assignments ) + for ( String roleId : assignments ) { - logger.info( roleName ); - assertTrue( "Test Role".equals( roleName ) || "Foo 2 - frigid".equals( roleName ) || "Test Role 1".equals( roleName ) ); + logger.info( roleId ); + assertTrue( "test-role".equals( roleId ) || "test-template-2.frigid".equals( roleId ) || "test-role-1".equals( roleId ) ); } } diff --git a/redback-rbac/redback-rbac-tests/src/main/java/org/apache/archiva/redback/tests/AbstractRbacManagerPerformanceTestCase.java b/redback-rbac/redback-rbac-tests/src/main/java/org/apache/archiva/redback/tests/AbstractRbacManagerPerformanceTestCase.java index 7d1512f2..0c37200b 100644 --- a/redback-rbac/redback-rbac-tests/src/main/java/org/apache/archiva/redback/tests/AbstractRbacManagerPerformanceTestCase.java +++ b/redback-rbac/redback-rbac-tests/src/main/java/org/apache/archiva/redback/tests/AbstractRbacManagerPerformanceTestCase.java @@ -176,7 +176,7 @@ public class AbstractRbacManagerPerformanceTestCase // Setup User / Assignment with 1 role. String username = "bob"; UserAssignment assignment = manager.createUserAssignment( username ); - assignment.addRoleName( devRole ); + assignment.addRoleId( devRole ); assignment = manager.saveUserAssignment( assignment ); assertEquals( 1, manager.getAllUserAssignments().size() ); @@ -187,11 +187,11 @@ public class AbstractRbacManagerPerformanceTestCase assertEquals( 2, manager.getAllRoles().size() ); // assign the same role again to the same user - assignment.addRoleName( devRole.getName() ); + assignment.addRoleId( devRole.getId() ); manager.saveUserAssignment( assignment ); // we certainly shouldn't have 2 roles here now - assertEquals( 1, assignment.getRoleNames().size() ); + assertEquals( 1, assignment.getRoleIds().size() ); String bobId = assignment.getPrincipal(); @@ -203,7 +203,7 @@ public class AbstractRbacManagerPerformanceTestCase manager.saveRole( devPlusRole ); assignment = manager.createUserAssignment( username ); - assignment.addRoleName( devRole ); + assignment.addRoleId( devRole ); assignment = manager.saveUserAssignment( assignment ); assertEquals( 2, manager.getAllUserAssignments().size() ); @@ -214,11 +214,11 @@ public class AbstractRbacManagerPerformanceTestCase assertEquals( 2, manager.getAllRoles().size() ); // assign the same role again to the same user - assignment.addRoleName( devRole.getName() ); + assignment.addRoleId( devRole.getId() ); manager.saveUserAssignment( assignment ); // we certainly shouldn't have 2 roles here now - assertEquals( 1, assignment.getRoleNames().size() ); + assertEquals( 1, assignment.getRoleIds().size() ); String janetId = assignment.getPrincipal(); diff --git a/redback-rbac/redback-rbac-tests/src/main/java/org/apache/archiva/redback/tests/AbstractRbacManagerTestCase.java b/redback-rbac/redback-rbac-tests/src/main/java/org/apache/archiva/redback/tests/AbstractRbacManagerTestCase.java index bca655e9..4994e218 100644 --- a/redback-rbac/redback-rbac-tests/src/main/java/org/apache/archiva/redback/tests/AbstractRbacManagerTestCase.java +++ b/redback-rbac/redback-rbac-tests/src/main/java/org/apache/archiva/redback/tests/AbstractRbacManagerTestCase.java @@ -104,7 +104,7 @@ public abstract class AbstractRbacManagerTestCase private Role getDeveloperRole() throws RbacManagerException { - Role role = rbacManager.createRole( "DEVELOPER" ); + Role role = rbacManager.createRole( "developer","DEVELOPER" ); role.setAssignable( true ); Permission perm = rbacManager.createPermission( "EDIT_MY_USER", "EDIT", "User:Self" ); @@ -117,7 +117,7 @@ public abstract class AbstractRbacManagerTestCase private Role getProjectAdminRole() throws RbacManagerException { - Role role = rbacManager.createRole( "PROJECT_ADMIN" ); + Role role = rbacManager.createRole( "project-admin","PROJECT_ADMIN" ); role.setAssignable( true ); Permission perm = rbacManager.createPermission( "EDIT_PROJECT", "EDIT", "Project:Foo" ); @@ -129,7 +129,8 @@ public abstract class AbstractRbacManagerTestCase private Role getSuperDeveloperRole() { - Role role = rbacManager.createRole( "SUPER_DEVELOPER" ); + Role role = rbacManager.createRole( "super-developer","SUPER_DEVELOPER" ); + role.setId( "super-developer" ); role.setAssignable( true ); return role; @@ -402,7 +403,7 @@ public abstract class AbstractRbacManagerTestCase UserAssignment assignment = manager.createUserAssignment( adminPrincipal ); - assignment.addRoleName( adminRole ); + assignment.addRoleId( adminRole ); manager.saveUserAssignment( assignment ); @@ -436,10 +437,10 @@ public abstract class AbstractRbacManagerTestCase // don't use admin as ldap group need at least one member String adminPrincipal = "theadmin"; UserAssignment assignment = manager.createUserAssignment( adminPrincipal ); - assignment.addRoleName( adminRole ); + assignment.addRoleId( adminRole ); assignment = manager.saveUserAssignment( assignment ); - assertEquals( 1, assignment.getRoleNames().size() ); + assertEquals( 1, assignment.getRoleIds().size() ); assertEquals( 1, manager.getAssignedRoles( adminPrincipal ).size() ); } @@ -462,7 +463,7 @@ public abstract class AbstractRbacManagerTestCase UserAssignment ua = manager.createUserAssignment( adminPrincipal ); - ua.addRoleName( admin ); + ua.addRoleId( admin ); manager.saveUserAssignment( ua ); @@ -536,7 +537,7 @@ public abstract class AbstractRbacManagerTestCase // Setup User / Assignment with 1 role. String username = "bob"; UserAssignment assignment = manager.createUserAssignment( username ); - assignment.addRoleName( developerRole ); + assignment.addRoleId( developerRole ); manager.saveUserAssignment( assignment ); assertEquals( incAssignements( 1 ), manager.getAllUserAssignments().size() ); @@ -544,41 +545,41 @@ public abstract class AbstractRbacManagerTestCase // Create another role add it to manager. Role projectAdmin = getProjectAdminRole(); - String projectAdminRoleName = projectAdmin.getName(); + String projectAdminRoleId = projectAdmin.getId(); manager.saveRole( projectAdmin ); // Get User Assignment, add a second role UserAssignment bob = manager.getUserAssignment( username ); - bob.addRoleName( projectAdminRoleName ); + bob.addRoleId( projectAdminRoleId ); bob = manager.saveUserAssignment( bob ); assertEquals( incAssignements( 1 ), manager.getAllUserAssignments().size() ); assertEquals( 2, manager.getAllRoles().size() ); - assertEquals( 2, bob.getRoleNames().size() ); + assertEquals( 2, bob.getRoleIds().size() ); assertEquals( 0, manager.getUnassignedRoles( bob.getPrincipal() ).size() ); - List roles = bob.getRoleNames(); + List roles = bob.getRoleIds(); assertEquals( 2, roles.size() ); // Remove 1 role from bob, end up with 1 role for bob. - roles.remove( projectAdminRoleName ); + roles.remove( projectAdminRoleId ); assertEquals( 1, roles.size() ); - bob.setRoleNames( roles ); + bob.setRoleIds( roles ); bob = manager.saveUserAssignment( bob ); - assertEquals( "Should only have 1 role under bob now.", 1, bob.getRoleNames().size() ); + assertEquals( "Should only have 1 role under bob now.", 1, bob.getRoleIds().size() ); assertEquals( "Should have 2 total roles still.", 2, manager.getAllRoles().size() ); assertEquals( "Should have 1 assignable role", 1, manager.getUnassignedRoles( bob.getPrincipal() ).size() ); // Fetch bob again. see if role is missing. UserAssignment cousin = manager.getUserAssignment( username ); - assertEquals( 1, cousin.getRoleNames().size() ); + assertEquals( 1, cousin.getRoleIds().size() ); - assertEquals( "Should only have 1 role under bob now.", 1, cousin.getRoleNames().size() ); + assertEquals( "Should only have 1 role under bob now.", 1, cousin.getRoleIds().size() ); assertEquals( "Should have 2 total roles still.", 2, manager.getAllRoles().size() ); // remove the last role - roles.remove( developerRole.getName() ); - bob.setRoleNames( roles ); + roles.remove( developerRole.getId() ); + bob.setRoleIds( roles ); bob = manager.saveUserAssignment( bob ); assertEquals( "Should have 2 assignable roles.", 2, manager.getUnassignedRoles( bob.getPrincipal() ).size() ); @@ -602,18 +603,18 @@ public abstract class AbstractRbacManagerTestCase // Setup User / Assignment with 1 role. String username = "bob"; UserAssignment assignment = manager.createUserAssignment( username ); - assignment.addRoleName( devRole ); + assignment.addRoleId( devRole ); assignment = manager.saveUserAssignment( assignment ); assertEquals( incAssignements( 1 ), manager.getAllUserAssignments().size() ); assertEquals( 1, manager.getAllRoles().size() ); // assign the same role again to the same user - assignment.addRoleName( devRole.getName() ); + assignment.addRoleId( devRole.getId() ); manager.saveUserAssignment( assignment ); // we certainly shouldn't have 2 roles here now - assertEquals( 1, assignment.getRoleNames().size() ); + assertEquals( 1, assignment.getRoleIds().size() ); /* Assert some event tracker stuff */ assertEventTracker( 1, 0, 1, 0, true, true ); @@ -639,7 +640,7 @@ public abstract class AbstractRbacManagerTestCase // Setup User / Assignment with 1 role. String username = "bob"; UserAssignment assignment = manager.createUserAssignment( username ); - assignment.addRoleName( devRole ); + assignment.addRoleId( devRole ); assignment = manager.saveUserAssignment( assignment ); assertEquals( incAssignements( 1 ), manager.getAllUserAssignments().size() ); @@ -650,11 +651,11 @@ public abstract class AbstractRbacManagerTestCase assertEquals( 2, manager.getAllRoles().size() ); // assign the same role again to the same user - assignment.addRoleName( devRole.getName() ); + assignment.addRoleId( devRole.getId() ); manager.saveUserAssignment( assignment ); // we certainly shouldn't have 2 roles here now - assertEquals( 1, assignment.getRoleNames().size() ); + assertEquals( 1, assignment.getRoleIds().size() ); /* Assert some event tracker stuff */ assertEventTracker( 2, 0, 1, 0, true, true ); @@ -678,12 +679,12 @@ public abstract class AbstractRbacManagerTestCase String username = "bob"; UserAssignment assignment = manager.createUserAssignment( username ); - assignment.addRoleName( developerRole.getName() ); - assignment.addRoleName( projectAdminRole.getName() ); - assignment.addRoleName( adminRole.getName() ); + assignment.addRoleId( developerRole.getId() ); + assignment.addRoleId( projectAdminRole.getId() ); + assignment.addRoleId( adminRole.getId() ); assignment = manager.saveUserAssignment( assignment ); - assertThat( assignment.getRoleNames() ).isNotNull().isNotEmpty().hasSize( 3 ); + assertThat( assignment.getRoleIds() ).isNotNull().isNotEmpty().hasSize( 3 ); assertThat( manager.getAllUserAssignments() ).isNotNull().isNotEmpty().hasSize( incAssignements( 1 ) ); assertThat( manager.getAllRoles() ).isNotNull().isNotEmpty().hasSize( 3 ); @@ -718,7 +719,7 @@ public abstract class AbstractRbacManagerTestCase manager.saveRole( getAdminRole() ); manager.saveRole( getProjectAdminRole() ); Role added = manager.saveRole( getDeveloperRole() ); - String roleName = added.getName(); + String roleId = added.getId(); assertThat( manager.getAllRoles() ).isNotNull().isNotEmpty().hasSize( 3 ); assertThat( manager.getAllPermissions() ).isNotNull().isNotEmpty().hasSize( 3 ); @@ -727,7 +728,7 @@ public abstract class AbstractRbacManagerTestCase String username = "bob"; UserAssignment assignment = manager.createUserAssignment( username ); - assignment.addRoleName( roleName ); + assignment.addRoleId( roleId ); manager.saveUserAssignment( assignment ); assertThat( manager.getAllUserAssignments() ).isNotNull().isNotEmpty().hasSize( incAssignements( 1 ) ); @@ -816,7 +817,7 @@ public abstract class AbstractRbacManagerTestCase String username = "bob"; UserAssignment assignment = rbacManager.createUserAssignment( username ); - assignment.addRoleName( "Developer" ); + assignment.addRoleId( "developer" ); rbacManager.saveUserAssignment( assignment ); assertEquals( incAssignements( 1 ), rbacManager.getAllUserAssignments().size() ); @@ -824,7 +825,7 @@ public abstract class AbstractRbacManagerTestCase assertEquals( 6, rbacManager.getAllPermissions().size() ); // Get the List of Assigned Roles for user bob. - Role devel = rbacManager.getRole( "Developer" ); + Role devel = rbacManager.getRoleById( "developer" ); assertNotNull( devel ); // First Depth. @@ -850,7 +851,7 @@ public abstract class AbstractRbacManagerTestCase String username = "bob"; UserAssignment assignment = rbacManager.createUserAssignment( username ); - assignment.addRoleName( "Developer" ); + assignment.addRoleId( "developer" ); rbacManager.saveUserAssignment( assignment ); assertEquals( incAssignements( 1 ), rbacManager.getAllUserAssignments().size() ); diff --git a/redback-rbac/redback-rbac-tests/src/main/java/org/apache/archiva/redback/tests/utils/RBACDefaults.java b/redback-rbac/redback-rbac-tests/src/main/java/org/apache/archiva/redback/tests/utils/RBACDefaults.java index a4514850..024a6647 100644 --- a/redback-rbac/redback-rbac-tests/src/main/java/org/apache/archiva/redback/tests/utils/RBACDefaults.java +++ b/redback-rbac/redback-rbac-tests/src/main/java/org/apache/archiva/redback/tests/utils/RBACDefaults.java @@ -149,6 +149,7 @@ public class RBACDefaults if ( !manager.roleExists( "User Administrator" ) ) { Role userAdmin = manager.createRole( "User Administrator" ); + userAdmin.setId( "user-administrator" ); userAdmin.addPermission( manager.getPermission( "Edit All Users" ) ); userAdmin.addPermission( manager.getPermission( "Remove Roles" ) ); userAdmin.setAssignable( true ); @@ -158,6 +159,7 @@ public class RBACDefaults if ( !manager.roleExists( "System Administrator" ) ) { Role admin = manager.createRole( "System Administrator" ); + admin.setId( "system-administrator" ); admin.addChildRoleName( "User Administrator" ); admin.addChildRoleId( "user-administrator" ); admin.addPermission( manager.getPermission( "Edit Configuration" ) ); @@ -171,6 +173,7 @@ public class RBACDefaults if ( !manager.roleExists( "Trusted Developer" ) ) { Role developer = manager.createRole( "Trusted Developer" ); + developer.setId( "trusted-developer" ); developer.addChildRoleName( "System Administrator" ); developer.addChildRoleId( "system-administrator" ); developer.addPermission( manager.getPermission( "Run Indexer" ) ); @@ -181,6 +184,7 @@ public class RBACDefaults if ( !manager.roleExists( "Developer" ) ) { Role developer = manager.createRole( "Developer" ); + developer.setId( "developer" ); developer.addChildRoleName( "Trusted Developer" ); developer.addChildRoleId( "trusted-developer" ); developer.addPermission( manager.getPermission( "Run Indexer" ) );