merge repositories rest service: users must have karma for this operation

git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@1389245 13f79535-47bb-0310-9956-ffa450edef68

archiva-modules/archiva-base/archiva-security-common/src/main/java/org/apache/archiva/security/common/ArchivaRoleConstants.java

@@ -66,6 +66,8 @@ public class ArchivaRoleConstants
 
     public static final String OPERATION_REPOSITORY_DELETE = "archiva-delete-artifact";
 
+    public static final String OPERATION_MERGE_REPOSITORY = "archiva-merge-repository";
+    
     public static final String OPERATION_VIEW_AUDIT_LOG = "archiva-view-audit-logs";
 
     // Role templates

archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/services/MergeRepositoriesService.java

@@ -20,6 +20,7 @@ package org.apache.archiva.rest.api.services;
 
 import org.apache.archiva.maven2.model.Artifact;
 import org.apache.archiva.redback.authorization.RedbackAuthorization;
+import org.apache.archiva.security.common.ArchivaRoleConstants;
 
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
@@ -40,7 +41,7 @@ public interface MergeRepositoriesService
     @Path ("mergeConflictedArtifacts/{sourceRepositoryId}/{targetRepositoryId}")
     @GET
     @Produces ({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
-    @RedbackAuthorization ( noPermission = true )
+    @RedbackAuthorization (permissions = ArchivaRoleConstants.OPERATION_MERGE_REPOSITORY)
     /**
      * <b>permissions are checked in impl</b>
      * @since 1.4-M3
@@ -51,7 +52,7 @@ public interface MergeRepositoriesService
 
     @Path ("mergeRepositories/{sourceRepositoryId}/{targetRepositoryId}/{skipConflicts}")
     @GET
-    @RedbackAuthorization ( noPermission = true )
+    @RedbackAuthorization (permissions = ArchivaRoleConstants.OPERATION_MERGE_REPOSITORY)
     /**
      * <b>permissions are checked in impl</b>
      * @since 1.4-M3