Apache
/
archiva-redback-core
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Switching to role id for userassignment

This commit is contained in:
Martin Stockhammer 2020-11-26 22:20:10 +01:00
parent 1ce5d0be47
commit f86d739624
23 changed files with 368 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
redback-integrations/redback-common-integrations/src/main/java/org/apache/archiva/redback/integration/checks/security/LockedAdminEnvironmentCheck.java
View File

@ -74,7 +74,7 @@ public class LockedAdminEnvironmentCheck
if ( !checked && !userManager.isReadOnly() ) if ( !checked && !userManager.isReadOnly() )
{ {
List<String> roles = new ArrayList<String>(); List<String> roles = new ArrayList<String>();
roles.add( RedbackRoleConstants.SYSTEM_ADMINISTRATOR_ROLE ); roles.add( RedbackRoleConstants.SYSTEM_ADMINISTRATOR_ROLE_ID );
List<? extends UserAssignment> systemAdminstrators; List<? extends UserAssignment> systemAdminstrators;
try try

1
redback-integrations/redback-integrations-security/src/main/java/org/apache/archiva/redback/integration/security/role/RedbackRoleConstants.java
View File

@ -31,6 +31,7 @@ public interface RedbackRoleConstants
// roles // roles
public static final String SYSTEM_ADMINISTRATOR_ROLE = "System Administrator"; public static final String SYSTEM_ADMINISTRATOR_ROLE = "System Administrator";
public static final String SYSTEM_ADMINISTRATOR_ROLE_ID = "system-administrator";
public static final String USER_ADMINISTRATOR_ROLE = "User Administrator"; public static final String USER_ADMINISTRATOR_ROLE = "User Administrator";

35
redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/DefaultRoleManagementService.java
View File

@ -60,7 +60,9 @@ import java.util.Comparator;
import java.util.HashSet; import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Optional;
import java.util.Set; import java.util.Set;
import java.util.stream.Collectors;
/** /**
* @author Olivier Lamy * @author Olivier Lamy
@ -390,13 +392,14 @@ public class DefaultRoleManagementService
org.apache.archiva.redback.rbac.Role rbacRole = rbacManager.getRole( roleName ); org.apache.archiva.redback.rbac.Role rbacRole = rbacManager.getRole( roleName );
Role role = new Role( rbacRole ); Role role = new Role( rbacRole );
Map<String, ? extends org.apache.archiva.redback.rbac.Role> parentRoles = rbacManager.getParentRoleNames( rbacRole ); Map<String, ? extends org.apache.archiva.redback.rbac.Role> parentRoleIds = rbacManager.getParentRoleIds( rbacRole );
for ( String parentRoleName : parentRoles.keySet() ) for ( String parentRoleId : parentRoleIds.keySet() )
{ {
role.getParentRoleNames().add( parentRoleName ); org.apache.archiva.redback.rbac.Role rbacParentRole = rbacManager.getRoleById( parentRoleId );
role.getParentRoleNames().add( rbacParentRole.getName() );
} }
List<? extends UserAssignment> userAssignments = rbacManager.getUserAssignmentsForRoles( Arrays.asList( roleName ) ); List<? extends UserAssignment> userAssignments = rbacManager.getUserAssignmentsForRoles( Arrays.asList( rbacRole.getId() ) );
if ( userAssignments != null ) if ( userAssignments != null )
{ {
@ -417,7 +420,7 @@ public class DefaultRoleManagementService
if ( !role.getParentRoleNames().isEmpty() ) if ( !role.getParentRoleNames().isEmpty() )
{ {
List<? extends UserAssignment> userParentAssignments = List<? extends UserAssignment> userParentAssignments =
rbacManager.getUserAssignmentsForRoles( parentRoles.keySet() ); rbacManager.getUserAssignmentsForRoles( parentRoleIds.keySet() );
if ( userParentAssignments != null ) if ( userParentAssignments != null )
{ {
for ( UserAssignment userAssignment : userParentAssignments ) for ( UserAssignment userAssignment : userParentAssignments )
@ -507,7 +510,8 @@ public class DefaultRoleManagementService
assignment = rbacManager.createUserAssignment( username ); assignment = rbacManager.createUserAssignment( username );
} }
assignment.addRoleName( role.getName() ); org.apache.archiva.redback.rbac.Role rbacRole = rbacManager.getRole( role.getName( ) );
assignment.addRoleId( rbacRole.getId() );
assignment = rbacManager.saveUserAssignment( assignment ); assignment = rbacManager.saveUserAssignment( assignment );
log.info( "{} role assigned to {}", role.getName(), username ); log.info( "{} role assigned to {}", role.getName(), username );
} }
@ -548,7 +552,8 @@ public class DefaultRoleManagementService
assignment = rbacManager.createUserAssignment( username ); assignment = rbacManager.createUserAssignment( username );
} }
assignment.removeRoleName( role.getName() ); org.apache.archiva.redback.rbac.Role rbacRole = rbacManager.getRole( role.getName( ) );
assignment.removeRoleId( rbacRole.getId() );
assignment = rbacManager.saveUserAssignment( assignment ); assignment = rbacManager.saveUserAssignment( assignment );
log.info( "{} role unassigned to {}", role.getName(), username ); log.info( "{} role unassigned to {}", role.getName(), username );
} }
@ -724,10 +729,18 @@ public class DefaultRoleManagementService
{ {
assignment = rbacManager.createUserAssignment( username ); assignment = rbacManager.createUserAssignment( username );
} }
List<String> assignedRoleIds = user.getAssignedRoles().stream().map(roleName -> {
assignment.setRoleNames( user.getAssignedRoles() ); try
{
assignment = rbacManager.saveUserAssignment( assignment ); return Optional.of( rbacManager.getRole( roleName ).getId( ) );
}
catch ( RbacManagerException e )
{
return Optional.<String>empty( );
}
} ).filter( Optional::isPresent ).map(Optional::get).collect( Collectors.toList());
assignment.setRoleIds( assignedRoleIds );
rbacManager.saveUserAssignment( assignment );
} }
catch ( RbacManagerException e ) catch ( RbacManagerException e )

2
redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/BaseRedbackService.java
View File

@ -86,7 +86,7 @@ public class BaseRedbackService
{ {
try try
{ {
return rbacManager.getUserAssignmentsForRoles( recurseRoles( rbacRole ).map( role -> role.getName( ) ).collect( Collectors.toList( ) ) ) return rbacManager.getUserAssignmentsForRoles( recurseRoles( rbacRole ).map( role -> role.getId( ) ).collect( Collectors.toList( ) ) )
.stream( ).map( assignment -> getUserInfo( assignment.getPrincipal( ) ) ).collect( Collectors.toList( ) ); .stream( ).map( assignment -> getUserInfo( assignment.getPrincipal( ) ) ).collect( Collectors.toList( ) );
} }
catch ( RuntimeException e ) catch ( RuntimeException e )

14
redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
View File

@ -984,20 +984,20 @@ public class DefaultUserService extends BaseRedbackService
try try
{ {
final Set<String> assignedRoleNames = new HashSet( rbacManager.getUserAssignment( username ).getRoleNames( ) ); final Set<String> assignedRoleIds = new HashSet( rbacManager.getUserAssignment( username ).getRoleIds( ) );
// We have to reuse the BaseRoleInfo objects, because the roles are not returned starting from the roots // We have to reuse the BaseRoleInfo objects, because the roles are not returned starting from the roots
final Map<String, BaseRoleInfo> roleNameCache = new HashMap<>( ); final Map<String, BaseRoleInfo> roleIdCache = new HashMap<>( );
List<BaseRoleInfo> roleList = rbacManager.getAllRoles( ).stream( ).flatMap( this::flattenRole ).map( role -> List<BaseRoleInfo> roleList = rbacManager.getAllRoles( ).stream( ).flatMap( this::flattenRole ).map( role ->
{ {
BaseRoleInfo roleInfo = roleNameCache.computeIfAbsent( role.getName( ), s -> new BaseRoleInfo( ) ); BaseRoleInfo roleInfo = roleIdCache.computeIfAbsent( role.getId( ), s -> new BaseRoleInfo( ) );
// Setting the role data, as there may be child role objects that are not completely initialized // Setting the role data, as there may be child role objects that are not completely initialized
roleInfo = BaseRoleInfo.of( role, roleInfo ); roleInfo = BaseRoleInfo.of( role, roleInfo );
roleInfo.setApplicationId( roleApplicationMap.get( role.getId( ) ) ); roleInfo.setApplicationId( roleApplicationMap.get( role.getId( ) ) );
roleInfo.setAssigned( assignedRoleNames.contains( role.getName( ) ) ); roleInfo.setAssigned( assignedRoleIds.contains( role.getId( ) ) );
roleInfo.setChildren( role.getChildRoleNames( ).stream( ) roleInfo.setChildren( role.getChildRoleIds( ).stream( )
.map( roleName -> .map( roleId ->
{ {
BaseRoleInfo childRoleInfo = roleNameCache.computeIfAbsent( roleName, s -> BaseRoleInfo.ofName( roleName ) ); BaseRoleInfo childRoleInfo = roleIdCache.computeIfAbsent( roleId, s -> BaseRoleInfo.ofId( roleId ) );
childRoleInfo.setChild( true ); childRoleInfo.setChild( true );
return childRoleInfo; return childRoleInfo;
} ) } )

5
redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeGroupServiceTest.java
View File

@ -22,6 +22,7 @@ import io.restassured.filter.log.UrlDecoder;
import io.restassured.http.ContentType; import io.restassured.http.ContentType;
import io.restassured.response.Response; import io.restassured.response.Response;
import org.apache.archiva.components.apacheds.ApacheDs; import org.apache.archiva.components.apacheds.ApacheDs;
import org.apache.archiva.redback.rest.api.Constants;
import org.apache.archiva.redback.rest.api.model.Group; import org.apache.archiva.redback.rest.api.model.Group;
import org.apache.archiva.redback.rest.api.model.v2.GroupMapping; import org.apache.archiva.redback.rest.api.model.v2.GroupMapping;
import org.apache.archiva.redback.rest.services.BaseSetup; import org.apache.archiva.redback.rest.services.BaseSetup;
@ -323,7 +324,7 @@ public class NativeGroupServiceTest extends AbstractNativeRestServices
List<Group> data = response.body( ).jsonPath( ).getList( "data", Group.class ); List<Group> data = response.body( ).jsonPath( ).getList( "data", Group.class );
assertNotNull( data ); assertNotNull( data );
assertEquals( Integer.valueOf( 0 ), response.body( ).jsonPath( ).get( "pagination.offset" ) ); assertEquals( Integer.valueOf( 0 ), response.body( ).jsonPath( ).get( "pagination.offset" ) );
assertEquals( Integer.valueOf( 1000 ), response.body( ).jsonPath( ).get( "pagination.limit" ) ); assertEquals( Integer.valueOf( Constants.DEFAULT_PAGE_LIMIT ), response.body( ).jsonPath( ).get( "pagination.limit" ) );
assertEquals( Integer.valueOf( 6 ), response.body( ).jsonPath( ).get( "pagination.total_count" ) ); assertEquals( Integer.valueOf( 6 ), response.body( ).jsonPath( ).get( "pagination.total_count" ) );
assertEquals( 6, data.size( ) ); assertEquals( 6, data.size( ) );
String[] values = data.stream( ).map( ldapInfo -> ldapInfo.getName( ) ).sorted( ).collect( Collectors.toList( ) ).toArray( new String[0] ); String[] values = data.stream( ).map( ldapInfo -> ldapInfo.getName( ) ).sorted( ).collect( Collectors.toList( ) ).toArray( new String[0] );
@ -363,7 +364,7 @@ public class NativeGroupServiceTest extends AbstractNativeRestServices
List<Group> data = response.body( ).jsonPath( ).getList( "data", Group.class ); List<Group> data = response.body( ).jsonPath( ).getList( "data", Group.class );
assertNotNull( data ); assertNotNull( data );
assertEquals( Integer.valueOf( 2 ), response.body( ).jsonPath( ).get( "pagination.offset" ) ); assertEquals( Integer.valueOf( 2 ), response.body( ).jsonPath( ).get( "pagination.offset" ) );
assertEquals( Integer.valueOf( 1000 ), response.body( ).jsonPath( ).get( "pagination.limit" ) ); assertEquals( Integer.valueOf( Constants.DEFAULT_PAGE_LIMIT ), response.body( ).jsonPath( ).get( "pagination.limit" ) );
assertEquals( Integer.valueOf( 6 ), response.body( ).jsonPath( ).get( "pagination.total_count" ) ); assertEquals( Integer.valueOf( 6 ), response.body( ).jsonPath( ).get( "pagination.total_count" ) );
assertEquals( 4, data.size( ) ); assertEquals( 4, data.size( ) );
String[] values = data.stream( ).map( ldapInfo -> ldapInfo.getName( ) ).sorted( ).collect( Collectors.toList( ) ).toArray( new String[0] ); String[] values = data.stream( ).map( ldapInfo -> ldapInfo.getName( ) ).sorted( ).collect( Collectors.toList( ) ).toArray( new String[0] );

56
redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeRoleServiceTest.java
View File

@ -664,5 +664,61 @@ public class NativeRoleServiceTest extends AbstractNativeRestServices
} }
} }
@Test
void unAssignTemplatedRole( )
{
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "aragorn" );
jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
jsonAsMap.put( "full_name", "Aragorn King of Gondor " );
jsonAsMap.put( "password", "pAssw0rD" );
try
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.when( )
.put( "template/archiva-repository-manager/repository12" )
.then( ).statusCode( 201 );
given( ).spec( getRequestSpec( token, getUserServicePath( ) ) ).contentType( JSON )
.body( jsonAsMap )
.when( )
.post( )
.then( ).statusCode( 201 );
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.when( )
.put( "template/archiva-repository-manager/repository12/user/aragorn" )
.then( ).statusCode( 200 );
Response response = given( ).spec( getRequestSpec( token, getUserServicePath( ) ) ).contentType( JSON )
.when( )
.get( "aragorn/roles" )
.then( ).statusCode( 200 ).extract( ).response( );
List<RoleInfo> roles = response.getBody( ).jsonPath( ).getList( "", RoleInfo.class );
assertTrue( roles.stream( ).filter( role -> "archiva-repository-manager.repository12".equals( role.getId( ) ) ).findAny( ).isPresent( ) );
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.when( )
.delete( "archiva-repository-manager.repository12/user/aragorn" )
.then( ).statusCode( 200 );
response = given( ).spec( getRequestSpec( token, getUserServicePath( ) ) ).contentType( JSON )
.when( )
.get( "aragorn/roles" )
.then( ).statusCode( 200 ).extract( ).response( );
roles = response.getBody( ).jsonPath( ).getList( "", RoleInfo.class );
assertFalse( roles.stream( ).filter( role -> "archiva-repository-manager.repository12".equals( role.getId( ) ) ).findAny( ).isPresent( ) );
}
finally
{
given( ).spec( getRequestSpec( token, getUserServicePath( ) ) ).contentType( JSON )
.when( )
.delete( "aragorn" ).then().statusCode( 200 );
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.when( )
.delete( "template/archiva-repository-manager/repository12" ).then().statusCode( 200 );
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.when( )
.delete( "template/archiva-repository-observer/repository12" ).then().statusCode( 200 );
}
}
} }

24
redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/AbstractRBACManager.java
View File

@ -432,17 +432,17 @@ public abstract class AbstractRBACManager
Set<Permission> permissionSet = new HashSet<Permission>(); Set<Permission> permissionSet = new HashSet<Permission>();
if ( ua.getRoleNames() != null ) if ( ua.getRoleIds() != null )
{ {
boolean childRoleNamesUpdated = false; boolean childRoleNamesUpdated = false;
Iterator<String> it = ua.getRoleNames().listIterator(); Iterator<String> it = ua.getRoleIds().listIterator();
while ( it.hasNext() ) while ( it.hasNext() )
{ {
String roleName = it.next(); String roleId = it.next();
try try
{ {
Role role = getRole( roleName ); Role role = getRoleById( roleId );
gatherUniquePermissions( role, permissionSet ); gatherUniquePermissions( role, permissionSet );
} }
catch ( RbacObjectNotFoundException e ) catch ( RbacObjectNotFoundException e )
@ -563,17 +563,17 @@ public abstract class AbstractRBACManager
{ {
Set<Role> roleSet = new HashSet<Role>(); Set<Role> roleSet = new HashSet<Role>();
if ( ua.getRoleNames() != null ) if ( ua.getRoleIds() != null )
{ {
boolean childRoleNamesUpdated = false; boolean childRoleNamesUpdated = false;
Iterator<String> it = ua.getRoleNames().listIterator(); Iterator<String> it = ua.getRoleIds().listIterator();
while ( it.hasNext() ) while ( it.hasNext() )
{ {
String roleName = it.next(); String roleId = it.next();
try try
{ {
Role role = getRole( roleName ); Role role = getRoleById( roleId );
if ( !roleSet.contains( role ) ) if ( !roleSet.contains( role ) )
{ {
@ -650,17 +650,17 @@ public abstract class AbstractRBACManager
{ {
Set<Role> roleSet = new HashSet<Role>(); Set<Role> roleSet = new HashSet<Role>();
if ( ua != null && ua.getRoleNames() != null ) if ( ua != null && ua.getRoleIds() != null )
{ {
boolean childRoleNamesUpdated = false; boolean childRoleNamesUpdated = false;
Iterator<String> it = ua.getRoleNames().listIterator(); Iterator<String> it = ua.getRoleIds().listIterator();
while ( it.hasNext() ) while ( it.hasNext() )
{ {
String roleName = it.next(); String roleId = it.next();
try try
{ {
Role role = getRole( roleName ); Role role = getRoleById( roleId );
gatherEffectiveRoles( role, roleSet ); gatherEffectiveRoles( role, roleSet );
} }

28
redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/AbstractUserAssignment.java
View File

@ -33,6 +33,12 @@ public abstract class AbstractUserAssignment
addRoleName( role.getName() ); addRoleName( role.getName() );
} }
@Override
public void addRoleId( Role role )
{
addRoleId( role.getId( ) );
}
public void addRoleName( String roleName ) public void addRoleName( String roleName )
{ {
List<String> names = getRoleNames(); List<String> names = getRoleNames();
@ -43,6 +49,16 @@ public abstract class AbstractUserAssignment
setRoleNames( names ); setRoleNames( names );
} }
@Override
public void addRoleId( String roleId )
{
final List<String> ids = getRoleIds( );
if (!ids.contains( roleId )) {
ids.add( roleId );
}
setRoleIds( ids );
}
public void removeRoleName( Role role ) public void removeRoleName( Role role )
{ {
removeRoleName( role.getName() ); removeRoleName( role.getName() );
@ -52,4 +68,16 @@ public abstract class AbstractUserAssignment
{ {
getRoleNames().remove( roleName ); getRoleNames().remove( roleName );
} }
@Override
public void removeRoleId( Role role )
{
removeRoleId( role.getId() );
}
@Override
public void removeRoleId( String roleId )
{
getRoleIds( ).remove( roleId );
}
} }

4
redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/RBACManager.java
View File

@ -433,10 +433,10 @@ public interface RBACManager
/** /**
* Returns the assignments for the given roles * Returns the assignments for the given roles
* @param roleNames collection of role names * @param roleIds collection of role names
* @throws RbacManagerException if the access to the backend datastore failed * @throws RbacManagerException if the access to the backend datastore failed
*/ */
List<? extends UserAssignment> getUserAssignmentsForRoles( Collection<String> roleNames ) List<? extends UserAssignment> getUserAssignmentsForRoles( Collection<String> roleIds )
throws RbacManagerException; throws RbacManagerException;
/** /**

6
redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/RBACObjectAssertions.java
View File

@ -140,7 +140,7 @@ public class RBACObjectAssertions
throw new RbacObjectInvalidException( scope, "UserAssigment.principal cannot be empty." ); throw new RbacObjectInvalidException( scope, "UserAssigment.principal cannot be empty." );
} }
if ( assignment.getRoleNames() == null ) if ( assignment.getRoleIds() == null )
{ {
throw new RbacObjectInvalidException( scope, "UserAssignment.roles cannot be null." ); throw new RbacObjectInvalidException( scope, "UserAssignment.roles cannot be null." );
} }
@ -153,11 +153,11 @@ public class RBACObjectAssertions
} }
*/ */
int i = 0; int i = 0;
for ( String name : assignment.getRoleNames() ) for ( String name : assignment.getRoleIds() )
{ {
if ( StringUtils.isEmpty( name ) ) if ( StringUtils.isEmpty( name ) )
{ {
throw new RbacObjectInvalidException( scope, "UserAssignment.rolename[" + i + "] cannot be empty." ); throw new RbacObjectInvalidException( scope, "UserAssignment.roleid[" + i + "] cannot be empty." );
} }
i++; i++;
} }

15
redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/UserAssignment.java
View File

@ -49,6 +49,8 @@ public interface UserAssignment
*/ */
List<String> getRoleNames(); List<String> getRoleNames();
List<String> getRoleIds();
/** /**
* Add a rolename to this assignment. * Add a rolename to this assignment.
* *
@ -63,6 +65,13 @@ public interface UserAssignment
*/ */
void addRoleName( String roleName ); void addRoleName( String roleName );
void addRoleId( Role role );
/**
* Adds a role id to this assignment
* @param roleId
*/
void addRoleId( String roleId );
/** /**
* Remove a rolename from this assignment. * Remove a rolename from this assignment.
* *
@ -77,6 +86,10 @@ public interface UserAssignment
*/ */
void removeRoleName( String roleName ); void removeRoleName( String roleName );
void removeRoleId( Role role );
void removeRoleId( String roleId );
/** /**
* Set the user principal object for this association. * Set the user principal object for this association.
* *
@ -93,6 +106,8 @@ public interface UserAssignment
*/ */
void setRoleNames( List<String> roles ); void setRoleNames( List<String> roles );
void setRoleIds( List<String> roles );
/** /**
* Test to see if the object is a permanent object or not. * Test to see if the object is a permanent object or not.
* *

4
redback-rbac/redback-rbac-providers/redback-rbac-cached/src/main/java/org/apache/archiva/redback/rbac/cached/CachedRbacManager.java
View File

@ -479,11 +479,11 @@ public class CachedRbacManager
} }
@Override @Override
public List<? extends UserAssignment> getUserAssignmentsForRoles( Collection<String> roleNames ) public List<? extends UserAssignment> getUserAssignmentsForRoles( Collection<String> roleIds )
throws RbacManagerException throws RbacManagerException
{ {
log.debug( "NOT CACHED - .getUserAssignmentsForRoles(Collection)" ); log.debug( "NOT CACHED - .getUserAssignmentsForRoles(Collection)" );
return this.rbacImpl.getUserAssignmentsForRoles( roleNames ); return this.rbacImpl.getUserAssignmentsForRoles( roleIds );
} }
@Override @Override

6
redback-rbac/redback-rbac-providers/redback-rbac-jpa/src/main/java/org/apache/archiva/redback/rbac/jpa/JpaRbacManager.java
View File

@ -466,11 +466,11 @@ public class JpaRbacManager extends AbstractRBACManager {
} }
@Override @Override
public List<? extends UserAssignment> getUserAssignmentsForRoles(Collection<String> roleNames) throws RbacManagerException { public List<? extends UserAssignment> getUserAssignmentsForRoles(Collection<String> roleIds ) throws RbacManagerException {
try { try {
final EntityManager em = getEm(); final EntityManager em = getEm();
TypedQuery<JpaUserAssignment> q = em.createQuery("SELECT ua FROM JpaUserAssignment ua WHERE ua.roleNames IN :roles", JpaUserAssignment.class); TypedQuery<JpaUserAssignment> q = em.createQuery("SELECT ua FROM JpaUserAssignment ua WHERE ua.roleIds IN :roles", JpaUserAssignment.class);
q.setParameter("roles", roleNames); q.setParameter("roles", roleIds );
return q.getResultList(); return q.getResultList();
} catch (Exception ex) { } catch (Exception ex) {
log.error("Query failed: {}",ex.getMessage(),ex); log.error("Query failed: {}",ex.getMessage(),ex);

23
redback-rbac/redback-rbac-providers/redback-rbac-jpa/src/main/java/org/apache/archiva/redback/rbac/jpa/model/JpaUserAssignment.java
View File

@ -56,7 +56,8 @@ public class JpaUserAssignment extends AbstractUserAssignment implements UserAss
@JoinColumn(name = "PRINCIPAL_OID", referencedColumnName = "PRINCIPAL", nullable = false) @JoinColumn(name = "PRINCIPAL_OID", referencedColumnName = "PRINCIPAL", nullable = false)
} }
) )
private List<String> roleNames = new ArrayList<String>(); private List<String> roleIds = new ArrayList<>( );
@Column(name="PERMANENT", nullable = false) @Column(name="PERMANENT", nullable = false)
private Boolean permanent = false; private Boolean permanent = false;
@ -68,19 +69,31 @@ public class JpaUserAssignment extends AbstractUserAssignment implements UserAss
return principal; return principal;
} }
@Override
public List<String> getRoleNames( )
{
return roleIds;
}
@Override @Override
public void setPrincipal(String principal) { public void setPrincipal(String principal) {
this.principal = principal; this.principal = principal;
} }
@Override @Override
public List<String> getRoleNames() { public void setRoleNames( List<String> roles )
return roleNames; {
this.roleIds = roles;
} }
@Override @Override
public void setRoleNames(List<String> roleNames) { public List<String> getRoleIds() {
this.roleNames = roleNames; return roleIds;
}
@Override
public void setRoleIds( List<String> roleIds ) {
this.roleIds = roleIds;
} }
@Override @Override

127
redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java
View File

@ -62,6 +62,7 @@ import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Optional;
import java.util.Set; import java.util.Set;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import java.util.stream.Stream; import java.util.stream.Stream;
@ -688,7 +689,17 @@ public class LdapRbacManager
{ {
ldapConnection = ldapConnectionFactory.getConnection(); ldapConnection = ldapConnectionFactory.getConnection();
context = ldapConnection.getDirContext(); context = ldapConnection.getDirContext();
List<String> roles = ldapRoleMapper.getRoles( username, context, getRealRoles() ); List<String> roles = ldapRoleMapper.getRoles( username, context, getRealRoles() )
.stream( ).map( roleName -> {
try
{
return Optional.of( rbacImpl.getRole( roleName ).getId() );
}
catch ( RbacManagerException e )
{
return Optional.<String>empty( );
}
} ).filter( Optional::isPresent ).map( Optional::get ).collect( Collectors.toList() );
ua = new UserAssignmentImpl( username, roles ); ua = new UserAssignmentImpl( username, roles );
@ -714,11 +725,11 @@ public class LdapRbacManager
} }
@Override @Override
public List<? extends UserAssignment> getUserAssignmentsForRoles( Collection<String> roleNames ) public List<? extends UserAssignment> getUserAssignmentsForRoles( Collection<String> roleIds )
throws RbacManagerException throws RbacManagerException
{ {
// TODO from ldap // TODO from ldap
return this.rbacImpl.getUserAssignmentsForRoles( roleNames ); return this.rbacImpl.getUserAssignmentsForRoles( roleIds );
} }
@Override @Override
@ -1114,27 +1125,41 @@ public class LdapRbacManager
List<String> currentUserRoles = List<String> currentUserRoles =
ldapRoleMapper.getRoles( userAssignment.getPrincipal(), context, getRealRoles() ); ldapRoleMapper.getRoles( userAssignment.getPrincipal(), context, getRealRoles() );
Map<String, String> currentUserIds = currentUserRoles.stream( ).map( roleName -> {
try
{
return Optional.of( rbacImpl.getRole( roleName ) );
}
catch ( RbacManagerException e )
{
return Optional.<Role>empty( );
}
} ).filter( Optional::isPresent ).map(Optional::get)
.collect( Collectors.toMap( Role::getName, Role::getId ) );
for ( String role : userAssignment.getRoleNames() ) for ( String roleId : userAssignment.getRoleIds() )
{ {
if ( !currentUserRoles.contains( role ) && writableLdap ) Role rbacRole = rbacImpl.getRoleById( roleId );
String roleName = rbacRole.getName( );
if ( !currentUserRoles.contains( roleName ) && writableLdap )
{ {
// role exists in ldap ? // role exists in ldap ?
if ( !allRoles.contains( role ) ) if ( !allRoles.contains( roleName ) )
{ {
ldapRoleMapper.saveRole( role, context ); ldapRoleMapper.saveRole( roleName, context );
allRoles.add( role ); allRoles.add( roleName );
} }
ldapRoleMapper.saveUserRole( role, userAssignment.getPrincipal(), context ); ldapRoleMapper.saveUserRole( roleName, userAssignment.getPrincipal(), context );
currentUserRoles.add( role ); currentUserRoles.add( roleName );
currentUserIds.put( roleName, rbacRole.getId( ) );
} }
} }
for ( String role : currentUserRoles ) for ( String roleName : currentUserRoles )
{ {
if ( !userAssignment.getRoleNames().contains( role ) && writableLdap ) if ( !userAssignment.getRoleIds().contains( currentUserIds.get(roleName) ) && writableLdap )
{ {
ldapRoleMapper.removeUserRole( role, userAssignment.getPrincipal(), context ); ldapRoleMapper.removeUserRole( roleName, userAssignment.getPrincipal(), context );
} }
} }
@ -1491,21 +1516,21 @@ public class LdapRbacManager
{ {
private String username; private String username;
private List<String> roleNames; private List<String> roleIds;
private boolean permanent; private boolean permanent;
private UserAssignmentImpl( String username, Collection<String> roleNames ) private UserAssignmentImpl( String username, Collection<String> roleIds )
{ {
this.username = username; this.username = username;
if ( roleNames == null ) if ( roleIds == null )
{ {
this.roleNames = new ArrayList<String>(); this.roleIds = new ArrayList<>( );
} }
else else
{ {
this.roleNames = new ArrayList<String>( roleNames ); this.roleIds = new ArrayList<>( roleIds );
} }
} }
@ -1518,7 +1543,13 @@ public class LdapRbacManager
@Override @Override
public List<String> getRoleNames() public List<String> getRoleNames()
{ {
return this.roleNames; return this.roleIds;
}
@Override
public List<String> getRoleIds( )
{
return this.roleIds;
} }
@Override @Override
@ -1528,7 +1559,7 @@ public class LdapRbacManager
{ {
return; return;
} }
this.roleNames.add( role.getName() ); this.roleIds.add( role.getName() );
} }
@Override @Override
@ -1538,7 +1569,27 @@ public class LdapRbacManager
{ {
return; return;
} }
this.roleNames.add( roleName ); this.roleIds.add( roleName );
}
@Override
public void addRoleId( Role role )
{
if ( role == null )
{
return;
}
this.roleIds.add( role.getId() );
}
@Override
public void addRoleId( String roleId )
{
if ( roleId == null )
{
return;
}
this.roleIds.add( roleId );
} }
@Override @Override
@ -1548,7 +1599,7 @@ public class LdapRbacManager
{ {
return; return;
} }
this.roleNames.remove( role.getName() ); this.roleIds.remove( role.getName() );
} }
@Override @Override
@ -1558,7 +1609,27 @@ public class LdapRbacManager
{ {
return; return;
} }
this.roleNames.remove( roleName ); this.roleIds.remove( roleName );
}
@Override
public void removeRoleId( Role role )
{
if ( role == null )
{
return;
}
this.roleIds.remove( role.getId() );
}
@Override
public void removeRoleId( String roleId )
{
if ( roleId == null )
{
return;
}
this.roleIds.remove( roleId );
} }
@Override @Override
@ -1570,7 +1641,13 @@ public class LdapRbacManager
@Override @Override
public void setRoleNames( List<String> roles ) public void setRoleNames( List<String> roles )
{ {
this.roleNames = roles; this.roleIds = roles;
}
@Override
public void setRoleIds( List<String> roles )
{
this.roleIds = roles;
} }
@Override @Override
@ -1591,7 +1668,7 @@ public class LdapRbacManager
final StringBuilder sb = new StringBuilder(); final StringBuilder sb = new StringBuilder();
sb.append( "UserAssignmentImpl" ); sb.append( "UserAssignmentImpl" );
sb.append( "{username='" ).append( username ).append( '\'' ); sb.append( "{username='" ).append( username ).append( '\'' );
sb.append( ", roleNames=" ).append( roleNames ); sb.append( ", roleNames=" ).append( roleIds );
sb.append( ", permanent=" ).append( permanent ); sb.append( ", permanent=" ).append( permanent );
sb.append( '}' ); sb.append( '}' );
return sb.toString(); return sb.toString();

8
redback-rbac/redback-rbac-providers/redback-rbac-memory/src/main/java/org/apache/archiva/redback/rbac/memory/MemoryRbacManager.java
View File

@ -515,18 +515,18 @@ public class MemoryRbacManager
} }
@Override @Override
public List<UserAssignment> getUserAssignmentsForRoles( Collection<String> roleNames ) public List<UserAssignment> getUserAssignmentsForRoles( Collection<String> roleIds )
throws RbacManagerException throws RbacManagerException
{ {
List<UserAssignment> allUserAssignments = getAllUserAssignments(); List<UserAssignment> allUserAssignments = getAllUserAssignments();
List<UserAssignment> userAssignments = new ArrayList<UserAssignment>( allUserAssignments.size() ); List<UserAssignment> userAssignments = new ArrayList<>( allUserAssignments.size( ) );
for ( UserAssignment ua : allUserAssignments ) for ( UserAssignment ua : allUserAssignments )
{ {
for ( String roleName : roleNames ) for ( String roleId : roleIds )
{ {
if ( ua.getRoleNames().contains( roleName ) ) if ( ua.getRoleIds().contains( roleId ) )
{ {
userAssignments.add( ua ); userAssignments.add( ua );
break; break;

17
redback-rbac/redback-rbac-providers/redback-rbac-memory/src/main/java/org/apache/archiva/redback/rbac/memory/MemoryUserAssignment.java
View File

@ -97,6 +97,17 @@ public class MemoryUserAssignment
return this.roles; return this.roles;
} }
@Override
public List<String> getRoleIds( )
{
if ( this.roles == null )
{
this.roles = new ArrayList<String>( 0 );
}
return this.roles;
}
/** /**
* Method hashCode * Method hashCode
*/ */
@ -127,6 +138,12 @@ public class MemoryUserAssignment
this.roles = roles; this.roles = roles;
} }
@Override
public void setRoleIds( List<String> roles )
{
this.roles = roles;
}
/** /**
* Method toString * Method toString
*/ */

35
redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/DefaultRoleManager.java
View File

@ -205,9 +205,9 @@ public class DefaultRoleManager
Role role = rbacManager.getRoleById( roleId ); Role role = rbacManager.getRoleById( roleId );
for ( UserAssignment assignment : rbacManager.getUserAssignmentsForRoles( for ( UserAssignment assignment : rbacManager.getUserAssignmentsForRoles(
Arrays.asList( role.getName() ) ) ) Arrays.asList( role.getId() ) ) )
{ {
assignment.removeRoleName( role ); assignment.removeRoleId( role );
rbacManager.saveUserAssignment( assignment ); rbacManager.saveUserAssignment( assignment );
} }
@ -240,16 +240,19 @@ public class DefaultRoleManager
String oldRoleName = template.getNamePrefix() + template.getDelimiter() + oldResource; String oldRoleName = template.getNamePrefix() + template.getDelimiter() + oldResource;
String newRoleName = template.getNamePrefix() + template.getDelimiter() + newResource; String newRoleName = template.getNamePrefix() + template.getDelimiter() + newResource;
String oldRoleId = RoleModelUtils.getRoleId( templateId, oldResource );
String newRoleId = RoleModelUtils.getRoleId( templateId, newResource );
try try
{ {
Role role = rbacManager.getRole( oldRoleName ); Role role = rbacManager.getRole( oldRoleName );
// remove the user assignments // remove the user assignments
for ( UserAssignment assignment : rbacManager.getUserAssignmentsForRoles( for ( UserAssignment assignment : rbacManager.getUserAssignmentsForRoles(
Arrays.asList( role.getName() ) ) ) Arrays.asList( role.getId() ) ) )
{ {
assignment.removeRoleName( oldRoleName ); assignment.removeRoleId( oldRoleId );
assignment.addRoleName( newRoleName ); assignment.addRoleId( newRoleId );
rbacManager.saveUserAssignment( assignment ); rbacManager.saveUserAssignment( assignment );
} }
} }
@ -286,7 +289,7 @@ public class DefaultRoleManager
userAssignment = rbacManager.createUserAssignment( principal ); userAssignment = rbacManager.createUserAssignment( principal );
} }
userAssignment.addRoleName( modelRole.getName() ); userAssignment.addRoleId( modelRole.getId() );
rbacManager.saveUserAssignment( userAssignment ); rbacManager.saveUserAssignment( userAssignment );
} }
catch ( RbacManagerException e ) catch ( RbacManagerException e )
@ -301,6 +304,7 @@ public class DefaultRoleManager
{ {
try try
{ {
Role role = rbacManager.getRole( roleName );
UserAssignment userAssignment; UserAssignment userAssignment;
if ( rbacManager.userAssignmentExists( principal ) ) if ( rbacManager.userAssignmentExists( principal ) )
@ -317,7 +321,7 @@ public class DefaultRoleManager
throw new RoleManagerException( "Unable to assign role: " + roleName + " does not exist." ); throw new RoleManagerException( "Unable to assign role: " + roleName + " does not exist." );
} }
userAssignment.addRoleName( roleName ); userAssignment.addRoleId( role.getId() );
rbacManager.saveUserAssignment( userAssignment ); rbacManager.saveUserAssignment( userAssignment );
} }
catch ( RbacManagerException e ) catch ( RbacManagerException e )
@ -355,7 +359,7 @@ public class DefaultRoleManager
userAssignment = rbacManager.createUserAssignment( principal ); userAssignment = rbacManager.createUserAssignment( principal );
} }
userAssignment.addRoleName( modelTemplate.getNamePrefix() + modelTemplate.getDelimiter() + resource ); userAssignment.addRoleId( RoleModelUtils.getRoleId( modelTemplate.getId(), resource ) );
rbacManager.saveUserAssignment( userAssignment ); rbacManager.saveUserAssignment( userAssignment );
} }
catch ( RbacManagerException e ) catch ( RbacManagerException e )
@ -368,15 +372,10 @@ public class DefaultRoleManager
public void unassignRole( String roleId, String principal ) public void unassignRole( String roleId, String principal )
throws RoleManagerException throws RoleManagerException
{ {
ModelRole modelRole = RoleModelUtils.getModelRole( blessedModel, roleId );
if ( modelRole == null )
{
throw new RoleNotFoundException( "Unable to assign role: " + roleId + " does not exist." );
}
try try
{ {
rbacManager.getRoleById( roleId );
UserAssignment userAssignment; UserAssignment userAssignment;
if ( rbacManager.userAssignmentExists( principal ) ) if ( rbacManager.userAssignmentExists( principal ) )
@ -389,9 +388,12 @@ public class DefaultRoleManager
"UserAssignment for principal " + principal + "does not exist, can't unassign role." ); "UserAssignment for principal " + principal + "does not exist, can't unassign role." );
} }
userAssignment.removeRoleName( modelRole.getName() ); userAssignment.removeRoleId( roleId );
rbacManager.saveUserAssignment( userAssignment ); rbacManager.saveUserAssignment( userAssignment );
} }
catch (RoleNotFoundException e) {
throw new RoleNotFoundException( "Unable to unassign role: " + roleId + " does not exist." );
}
catch ( RbacManagerException e ) catch ( RbacManagerException e )
{ {
throw new RoleManagerException( "Unable to unassign role: unable to manage user assignment", e ); throw new RoleManagerException( "Unable to unassign role: unable to manage user assignment", e );
@ -421,7 +423,8 @@ public class DefaultRoleManager
throw new RoleManagerException( "Unable to unassign role: " + roleName + " does not exist." ); throw new RoleManagerException( "Unable to unassign role: " + roleName + " does not exist." );
} }
userAssignment.removeRoleName( roleName ); Role rbacRole = rbacManager.getRole( roleName );
userAssignment.removeRoleId( rbacRole.getId() );
rbacManager.saveUserAssignment( userAssignment ); rbacManager.saveUserAssignment( userAssignment );
} }
catch ( RbacManagerException e ) catch ( RbacManagerException e )

8
redback-rbac/redback-rbac-role-manager/src/test/java/org/apache/archiva/redback/role/AbstractRoleManagerTest.java
View File

@ -110,14 +110,14 @@ public abstract class AbstractRoleManagerTest
UserAssignment assignment = rbacManager.getUserAssignment( principal ); UserAssignment assignment = rbacManager.getUserAssignment( principal );
List<String> assignments = assignment.getRoleNames(); List<String> assignments = assignment.getRoleIds();
assertEquals( 3, assignments.size() ); assertEquals( 3, assignments.size() );
for ( String roleName : assignments ) for ( String roleId : assignments )
{ {
logger.info( roleName ); logger.info( roleId );
assertTrue( "Test Role".equals( roleName ) || "Foo 2 - frigid".equals( roleName ) || "Test Role 1".equals( roleName ) ); assertTrue( "test-role".equals( roleId ) || "test-template-2.frigid".equals( roleId ) || "test-role-1".equals( roleId ) );
} }
} }

12
redback-rbac/redback-rbac-tests/src/main/java/org/apache/archiva/redback/tests/AbstractRbacManagerPerformanceTestCase.java
View File

@ -176,7 +176,7 @@ public class AbstractRbacManagerPerformanceTestCase
// Setup User / Assignment with 1 role. // Setup User / Assignment with 1 role.
String username = "bob"; String username = "bob";
UserAssignment assignment = manager.createUserAssignment( username ); UserAssignment assignment = manager.createUserAssignment( username );
assignment.addRoleName( devRole ); assignment.addRoleId( devRole );
assignment = manager.saveUserAssignment( assignment ); assignment = manager.saveUserAssignment( assignment );
assertEquals( 1, manager.getAllUserAssignments().size() ); assertEquals( 1, manager.getAllUserAssignments().size() );
@ -187,11 +187,11 @@ public class AbstractRbacManagerPerformanceTestCase
assertEquals( 2, manager.getAllRoles().size() ); assertEquals( 2, manager.getAllRoles().size() );
// assign the same role again to the same user // assign the same role again to the same user
assignment.addRoleName( devRole.getName() ); assignment.addRoleId( devRole.getId() );
manager.saveUserAssignment( assignment ); manager.saveUserAssignment( assignment );
// we certainly shouldn't have 2 roles here now // we certainly shouldn't have 2 roles here now
assertEquals( 1, assignment.getRoleNames().size() ); assertEquals( 1, assignment.getRoleIds().size() );
String bobId = assignment.getPrincipal(); String bobId = assignment.getPrincipal();
@ -203,7 +203,7 @@ public class AbstractRbacManagerPerformanceTestCase
manager.saveRole( devPlusRole ); manager.saveRole( devPlusRole );
assignment = manager.createUserAssignment( username ); assignment = manager.createUserAssignment( username );
assignment.addRoleName( devRole ); assignment.addRoleId( devRole );
assignment = manager.saveUserAssignment( assignment ); assignment = manager.saveUserAssignment( assignment );
assertEquals( 2, manager.getAllUserAssignments().size() ); assertEquals( 2, manager.getAllUserAssignments().size() );
@ -214,11 +214,11 @@ public class AbstractRbacManagerPerformanceTestCase
assertEquals( 2, manager.getAllRoles().size() ); assertEquals( 2, manager.getAllRoles().size() );
// assign the same role again to the same user // assign the same role again to the same user
assignment.addRoleName( devRole.getName() ); assignment.addRoleId( devRole.getId() );
manager.saveUserAssignment( assignment ); manager.saveUserAssignment( assignment );
// we certainly shouldn't have 2 roles here now // we certainly shouldn't have 2 roles here now
assertEquals( 1, assignment.getRoleNames().size() ); assertEquals( 1, assignment.getRoleIds().size() );
String janetId = assignment.getPrincipal(); String janetId = assignment.getPrincipal();

69
redback-rbac/redback-rbac-tests/src/main/java/org/apache/archiva/redback/tests/AbstractRbacManagerTestCase.java
View File

@ -104,7 +104,7 @@ public abstract class AbstractRbacManagerTestCase
private Role getDeveloperRole() private Role getDeveloperRole()
throws RbacManagerException throws RbacManagerException
{ {
Role role = rbacManager.createRole( "DEVELOPER" ); Role role = rbacManager.createRole( "developer","DEVELOPER" );
role.setAssignable( true ); role.setAssignable( true );
Permission perm = rbacManager.createPermission( "EDIT_MY_USER", "EDIT", "User:Self" ); Permission perm = rbacManager.createPermission( "EDIT_MY_USER", "EDIT", "User:Self" );
@ -117,7 +117,7 @@ public abstract class AbstractRbacManagerTestCase
private Role getProjectAdminRole() private Role getProjectAdminRole()
throws RbacManagerException throws RbacManagerException
{ {
Role role = rbacManager.createRole( "PROJECT_ADMIN" ); Role role = rbacManager.createRole( "project-admin","PROJECT_ADMIN" );
role.setAssignable( true ); role.setAssignable( true );
Permission perm = rbacManager.createPermission( "EDIT_PROJECT", "EDIT", "Project:Foo" ); Permission perm = rbacManager.createPermission( "EDIT_PROJECT", "EDIT", "Project:Foo" );
@ -129,7 +129,8 @@ public abstract class AbstractRbacManagerTestCase
private Role getSuperDeveloperRole() private Role getSuperDeveloperRole()
{ {
Role role = rbacManager.createRole( "SUPER_DEVELOPER" ); Role role = rbacManager.createRole( "super-developer","SUPER_DEVELOPER" );
role.setId( "super-developer" );
role.setAssignable( true ); role.setAssignable( true );
return role; return role;
@ -402,7 +403,7 @@ public abstract class AbstractRbacManagerTestCase
UserAssignment assignment = manager.createUserAssignment( adminPrincipal ); UserAssignment assignment = manager.createUserAssignment( adminPrincipal );
assignment.addRoleName( adminRole ); assignment.addRoleId( adminRole );
manager.saveUserAssignment( assignment ); manager.saveUserAssignment( assignment );
@ -436,10 +437,10 @@ public abstract class AbstractRbacManagerTestCase
// don't use admin as ldap group need at least one member // don't use admin as ldap group need at least one member
String adminPrincipal = "theadmin"; String adminPrincipal = "theadmin";
UserAssignment assignment = manager.createUserAssignment( adminPrincipal ); UserAssignment assignment = manager.createUserAssignment( adminPrincipal );
assignment.addRoleName( adminRole ); assignment.addRoleId( adminRole );
assignment = manager.saveUserAssignment( assignment ); assignment = manager.saveUserAssignment( assignment );
assertEquals( 1, assignment.getRoleNames().size() ); assertEquals( 1, assignment.getRoleIds().size() );
assertEquals( 1, manager.getAssignedRoles( adminPrincipal ).size() ); assertEquals( 1, manager.getAssignedRoles( adminPrincipal ).size() );
} }
@ -462,7 +463,7 @@ public abstract class AbstractRbacManagerTestCase
UserAssignment ua = manager.createUserAssignment( adminPrincipal ); UserAssignment ua = manager.createUserAssignment( adminPrincipal );
ua.addRoleName( admin ); ua.addRoleId( admin );
manager.saveUserAssignment( ua ); manager.saveUserAssignment( ua );
@ -536,7 +537,7 @@ public abstract class AbstractRbacManagerTestCase
// Setup User / Assignment with 1 role. // Setup User / Assignment with 1 role.
String username = "bob"; String username = "bob";
UserAssignment assignment = manager.createUserAssignment( username ); UserAssignment assignment = manager.createUserAssignment( username );
assignment.addRoleName( developerRole ); assignment.addRoleId( developerRole );
manager.saveUserAssignment( assignment ); manager.saveUserAssignment( assignment );
assertEquals( incAssignements( 1 ), manager.getAllUserAssignments().size() ); assertEquals( incAssignements( 1 ), manager.getAllUserAssignments().size() );
@ -544,41 +545,41 @@ public abstract class AbstractRbacManagerTestCase
// Create another role add it to manager. // Create another role add it to manager.
Role projectAdmin = getProjectAdminRole(); Role projectAdmin = getProjectAdminRole();
String projectAdminRoleName = projectAdmin.getName(); String projectAdminRoleId = projectAdmin.getId();
manager.saveRole( projectAdmin ); manager.saveRole( projectAdmin );
// Get User Assignment, add a second role // Get User Assignment, add a second role
UserAssignment bob = manager.getUserAssignment( username ); UserAssignment bob = manager.getUserAssignment( username );
bob.addRoleName( projectAdminRoleName ); bob.addRoleId( projectAdminRoleId );
bob = manager.saveUserAssignment( bob ); bob = manager.saveUserAssignment( bob );
assertEquals( incAssignements( 1 ), manager.getAllUserAssignments().size() ); assertEquals( incAssignements( 1 ), manager.getAllUserAssignments().size() );
assertEquals( 2, manager.getAllRoles().size() ); assertEquals( 2, manager.getAllRoles().size() );
assertEquals( 2, bob.getRoleNames().size() ); assertEquals( 2, bob.getRoleIds().size() );
assertEquals( 0, manager.getUnassignedRoles( bob.getPrincipal() ).size() ); assertEquals( 0, manager.getUnassignedRoles( bob.getPrincipal() ).size() );
List<String> roles = bob.getRoleNames(); List<String> roles = bob.getRoleIds();
assertEquals( 2, roles.size() ); assertEquals( 2, roles.size() );
// Remove 1 role from bob, end up with 1 role for bob. // Remove 1 role from bob, end up with 1 role for bob.
roles.remove( projectAdminRoleName ); roles.remove( projectAdminRoleId );
assertEquals( 1, roles.size() ); assertEquals( 1, roles.size() );
bob.setRoleNames( roles ); bob.setRoleIds( roles );
bob = manager.saveUserAssignment( bob ); bob = manager.saveUserAssignment( bob );
assertEquals( "Should only have 1 role under bob now.", 1, bob.getRoleNames().size() ); assertEquals( "Should only have 1 role under bob now.", 1, bob.getRoleIds().size() );
assertEquals( "Should have 2 total roles still.", 2, manager.getAllRoles().size() ); assertEquals( "Should have 2 total roles still.", 2, manager.getAllRoles().size() );
assertEquals( "Should have 1 assignable role", 1, manager.getUnassignedRoles( bob.getPrincipal() ).size() ); assertEquals( "Should have 1 assignable role", 1, manager.getUnassignedRoles( bob.getPrincipal() ).size() );
// Fetch bob again. see if role is missing. // Fetch bob again. see if role is missing.
UserAssignment cousin = manager.getUserAssignment( username ); UserAssignment cousin = manager.getUserAssignment( username );
assertEquals( 1, cousin.getRoleNames().size() ); assertEquals( 1, cousin.getRoleIds().size() );
assertEquals( "Should only have 1 role under bob now.", 1, cousin.getRoleNames().size() ); assertEquals( "Should only have 1 role under bob now.", 1, cousin.getRoleIds().size() );
assertEquals( "Should have 2 total roles still.", 2, manager.getAllRoles().size() ); assertEquals( "Should have 2 total roles still.", 2, manager.getAllRoles().size() );
// remove the last role // remove the last role
roles.remove( developerRole.getName() ); roles.remove( developerRole.getId() );
bob.setRoleNames( roles ); bob.setRoleIds( roles );
bob = manager.saveUserAssignment( bob ); bob = manager.saveUserAssignment( bob );
assertEquals( "Should have 2 assignable roles.", 2, manager.getUnassignedRoles( bob.getPrincipal() ).size() ); assertEquals( "Should have 2 assignable roles.", 2, manager.getUnassignedRoles( bob.getPrincipal() ).size() );
@ -602,18 +603,18 @@ public abstract class AbstractRbacManagerTestCase
// Setup User / Assignment with 1 role. // Setup User / Assignment with 1 role.
String username = "bob"; String username = "bob";
UserAssignment assignment = manager.createUserAssignment( username ); UserAssignment assignment = manager.createUserAssignment( username );
assignment.addRoleName( devRole ); assignment.addRoleId( devRole );
assignment = manager.saveUserAssignment( assignment ); assignment = manager.saveUserAssignment( assignment );
assertEquals( incAssignements( 1 ), manager.getAllUserAssignments().size() ); assertEquals( incAssignements( 1 ), manager.getAllUserAssignments().size() );
assertEquals( 1, manager.getAllRoles().size() ); assertEquals( 1, manager.getAllRoles().size() );
// assign the same role again to the same user // assign the same role again to the same user
assignment.addRoleName( devRole.getName() ); assignment.addRoleId( devRole.getId() );
manager.saveUserAssignment( assignment ); manager.saveUserAssignment( assignment );
// we certainly shouldn't have 2 roles here now // we certainly shouldn't have 2 roles here now
assertEquals( 1, assignment.getRoleNames().size() ); assertEquals( 1, assignment.getRoleIds().size() );
/* Assert some event tracker stuff */ /* Assert some event tracker stuff */
assertEventTracker( 1, 0, 1, 0, true, true ); assertEventTracker( 1, 0, 1, 0, true, true );
@ -639,7 +640,7 @@ public abstract class AbstractRbacManagerTestCase
// Setup User / Assignment with 1 role. // Setup User / Assignment with 1 role.
String username = "bob"; String username = "bob";
UserAssignment assignment = manager.createUserAssignment( username ); UserAssignment assignment = manager.createUserAssignment( username );
assignment.addRoleName( devRole ); assignment.addRoleId( devRole );
assignment = manager.saveUserAssignment( assignment ); assignment = manager.saveUserAssignment( assignment );
assertEquals( incAssignements( 1 ), manager.getAllUserAssignments().size() ); assertEquals( incAssignements( 1 ), manager.getAllUserAssignments().size() );
@ -650,11 +651,11 @@ public abstract class AbstractRbacManagerTestCase
assertEquals( 2, manager.getAllRoles().size() ); assertEquals( 2, manager.getAllRoles().size() );
// assign the same role again to the same user // assign the same role again to the same user
assignment.addRoleName( devRole.getName() ); assignment.addRoleId( devRole.getId() );
manager.saveUserAssignment( assignment ); manager.saveUserAssignment( assignment );
// we certainly shouldn't have 2 roles here now // we certainly shouldn't have 2 roles here now
assertEquals( 1, assignment.getRoleNames().size() ); assertEquals( 1, assignment.getRoleIds().size() );
/* Assert some event tracker stuff */ /* Assert some event tracker stuff */
assertEventTracker( 2, 0, 1, 0, true, true ); assertEventTracker( 2, 0, 1, 0, true, true );
@ -678,12 +679,12 @@ public abstract class AbstractRbacManagerTestCase
String username = "bob"; String username = "bob";
UserAssignment assignment = manager.createUserAssignment( username ); UserAssignment assignment = manager.createUserAssignment( username );
assignment.addRoleName( developerRole.getName() ); assignment.addRoleId( developerRole.getId() );
assignment.addRoleName( projectAdminRole.getName() ); assignment.addRoleId( projectAdminRole.getId() );
assignment.addRoleName( adminRole.getName() ); assignment.addRoleId( adminRole.getId() );
assignment = manager.saveUserAssignment( assignment ); assignment = manager.saveUserAssignment( assignment );
assertThat( assignment.getRoleNames() ).isNotNull().isNotEmpty().hasSize( 3 ); assertThat( assignment.getRoleIds() ).isNotNull().isNotEmpty().hasSize( 3 );
assertThat( manager.getAllUserAssignments() ).isNotNull().isNotEmpty().hasSize( incAssignements( 1 ) ); assertThat( manager.getAllUserAssignments() ).isNotNull().isNotEmpty().hasSize( incAssignements( 1 ) );
assertThat( manager.getAllRoles() ).isNotNull().isNotEmpty().hasSize( 3 ); assertThat( manager.getAllRoles() ).isNotNull().isNotEmpty().hasSize( 3 );
@ -718,7 +719,7 @@ public abstract class AbstractRbacManagerTestCase
manager.saveRole( getAdminRole() ); manager.saveRole( getAdminRole() );
manager.saveRole( getProjectAdminRole() ); manager.saveRole( getProjectAdminRole() );
Role added = manager.saveRole( getDeveloperRole() ); Role added = manager.saveRole( getDeveloperRole() );
String roleName = added.getName(); String roleId = added.getId();
assertThat( manager.getAllRoles() ).isNotNull().isNotEmpty().hasSize( 3 ); assertThat( manager.getAllRoles() ).isNotNull().isNotEmpty().hasSize( 3 );
assertThat( manager.getAllPermissions() ).isNotNull().isNotEmpty().hasSize( 3 ); assertThat( manager.getAllPermissions() ).isNotNull().isNotEmpty().hasSize( 3 );
@ -727,7 +728,7 @@ public abstract class AbstractRbacManagerTestCase
String username = "bob"; String username = "bob";
UserAssignment assignment = manager.createUserAssignment( username ); UserAssignment assignment = manager.createUserAssignment( username );
assignment.addRoleName( roleName ); assignment.addRoleId( roleId );
manager.saveUserAssignment( assignment ); manager.saveUserAssignment( assignment );
assertThat( manager.getAllUserAssignments() ).isNotNull().isNotEmpty().hasSize( incAssignements( 1 ) ); assertThat( manager.getAllUserAssignments() ).isNotNull().isNotEmpty().hasSize( incAssignements( 1 ) );
@ -816,7 +817,7 @@ public abstract class AbstractRbacManagerTestCase
String username = "bob"; String username = "bob";
UserAssignment assignment = rbacManager.createUserAssignment( username ); UserAssignment assignment = rbacManager.createUserAssignment( username );
assignment.addRoleName( "Developer" ); assignment.addRoleId( "developer" );
rbacManager.saveUserAssignment( assignment ); rbacManager.saveUserAssignment( assignment );
assertEquals( incAssignements( 1 ), rbacManager.getAllUserAssignments().size() ); assertEquals( incAssignements( 1 ), rbacManager.getAllUserAssignments().size() );
@ -824,7 +825,7 @@ public abstract class AbstractRbacManagerTestCase
assertEquals( 6, rbacManager.getAllPermissions().size() ); assertEquals( 6, rbacManager.getAllPermissions().size() );
// Get the List of Assigned Roles for user bob. // Get the List of Assigned Roles for user bob.
Role devel = rbacManager.getRole( "Developer" ); Role devel = rbacManager.getRoleById( "developer" );
assertNotNull( devel ); assertNotNull( devel );
// First Depth. // First Depth.
@ -850,7 +851,7 @@ public abstract class AbstractRbacManagerTestCase
String username = "bob"; String username = "bob";
UserAssignment assignment = rbacManager.createUserAssignment( username ); UserAssignment assignment = rbacManager.createUserAssignment( username );
assignment.addRoleName( "Developer" ); assignment.addRoleId( "developer" );
rbacManager.saveUserAssignment( assignment ); rbacManager.saveUserAssignment( assignment );
assertEquals( incAssignements( 1 ), rbacManager.getAllUserAssignments().size() ); assertEquals( incAssignements( 1 ), rbacManager.getAllUserAssignments().size() );

4
redback-rbac/redback-rbac-tests/src/main/java/org/apache/archiva/redback/tests/utils/RBACDefaults.java
View File

@ -149,6 +149,7 @@ public class RBACDefaults
if ( !manager.roleExists( "User Administrator" ) ) if ( !manager.roleExists( "User Administrator" ) )
{ {
Role userAdmin = manager.createRole( "User Administrator" ); Role userAdmin = manager.createRole( "User Administrator" );
userAdmin.setId( "user-administrator" );
userAdmin.addPermission( manager.getPermission( "Edit All Users" ) ); userAdmin.addPermission( manager.getPermission( "Edit All Users" ) );
userAdmin.addPermission( manager.getPermission( "Remove Roles" ) ); userAdmin.addPermission( manager.getPermission( "Remove Roles" ) );
userAdmin.setAssignable( true ); userAdmin.setAssignable( true );
@ -158,6 +159,7 @@ public class RBACDefaults
if ( !manager.roleExists( "System Administrator" ) ) if ( !manager.roleExists( "System Administrator" ) )
{ {
Role admin = manager.createRole( "System Administrator" ); Role admin = manager.createRole( "System Administrator" );
admin.setId( "system-administrator" );
admin.addChildRoleName( "User Administrator" ); admin.addChildRoleName( "User Administrator" );
admin.addChildRoleId( "user-administrator" ); admin.addChildRoleId( "user-administrator" );
admin.addPermission( manager.getPermission( "Edit Configuration" ) ); admin.addPermission( manager.getPermission( "Edit Configuration" ) );
@ -171,6 +173,7 @@ public class RBACDefaults
if ( !manager.roleExists( "Trusted Developer" ) ) if ( !manager.roleExists( "Trusted Developer" ) )
{ {
Role developer = manager.createRole( "Trusted Developer" ); Role developer = manager.createRole( "Trusted Developer" );
developer.setId( "trusted-developer" );
developer.addChildRoleName( "System Administrator" ); developer.addChildRoleName( "System Administrator" );
developer.addChildRoleId( "system-administrator" ); developer.addChildRoleId( "system-administrator" );
developer.addPermission( manager.getPermission( "Run Indexer" ) ); developer.addPermission( manager.getPermission( "Run Indexer" ) );
@ -181,6 +184,7 @@ public class RBACDefaults
if ( !manager.roleExists( "Developer" ) ) if ( !manager.roleExists( "Developer" ) )
{ {
Role developer = manager.createRole( "Developer" ); Role developer = manager.createRole( "Developer" );
developer.setId( "developer" );
developer.addChildRoleName( "Trusted Developer" ); developer.addChildRoleName( "Trusted Developer" );
developer.addChildRoleId( "trusted-developer" ); developer.addChildRoleId( "trusted-developer" );
developer.addPermission( manager.getPermission( "Run Indexer" ) ); developer.addPermission( manager.getPermission( "Run Indexer" ) );