mirror of https://github.com/apache/archiva.git
add role profiles
git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@450822 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Brett Porter
parent
1e99374aee
commit
46926538b8
|
|
@ -18,14 +18,42 @@ package org.apache.maven.archiva.security;
|
|||
|
||||
public class ArchivaRoleConstants
|
||||
{
|
||||
public static final String DELIMITER = " - ";
|
||||
|
||||
// globalish roles
|
||||
public static final String SYSTEM_ADMINISTRATOR_ROLE = "System Administrator";
|
||||
|
||||
public static final String USER_ADMINISTRATOR_ROLE = "User Administrator";
|
||||
|
||||
public static final String REGISTERED_USER_ROLE = "Registered User";
|
||||
|
||||
public static final String GUEST_ROLE = "Guest";
|
||||
|
||||
// dynamic role prefixes
|
||||
public static final String REPOSITORY_MANAGER_ROLE_PREFIX = "Repository Manager";
|
||||
|
||||
public static final String REPOSITORY_OBSERVER_ROLE_PREFIX = "Repository Observer";
|
||||
|
||||
// operations
|
||||
public static final String OPERATION_MANAGE_USERS = "archiva-manage-users";
|
||||
|
||||
public static final String OPERATION_MANAGE_CONFIGURATION = "archiva-manage-configuration";
|
||||
|
||||
public static final String OPERATION_ACTIVE_GUEST = "archiva-guest";
|
||||
|
||||
public static final String OPERATION_RUN_INDEXER = "archiva-run-indexer";
|
||||
|
||||
public static final String OPERATION_REGENERATE_INDEX = "archiva-regenerate-index";
|
||||
|
||||
public static final String OPERATION_ACCESS_REPORT = "archiva-access-reports";
|
||||
|
||||
public static final String OPERATION_ADD_REPOSITORY = "archiva-add-repository";
|
||||
|
||||
public static final String OPERATION_REPOSITORY_ACCESS = "archiva-read-repository";
|
||||
|
||||
public static final String OPERATION_DELETE_REPOSITORY = "archiva-delete-repository";
|
||||
|
||||
public static final String OPERATION_EDIT_REPOSITORY = "archiva-edit-repository";
|
||||
|
||||
public static final String OPERATION_REPOSITORY_UPLOAD = "archiva-upload-repository";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -39,6 +39,12 @@ public class ArchivaSystemAdministratorRoleProfile
|
|||
List operations = new ArrayList();
|
||||
operations.add( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION );
|
||||
operations.add( ArchivaRoleConstants.OPERATION_MANAGE_USERS );
|
||||
operations.add( ArchivaRoleConstants.OPERATION_RUN_INDEXER );
|
||||
operations.add( ArchivaRoleConstants.OPERATION_REGENERATE_INDEX );
|
||||
operations.add( ArchivaRoleConstants.OPERATION_ACCESS_REPORT ); // TODO: does this need to be templated?
|
||||
operations.add( ArchivaRoleConstants.OPERATION_ADD_REPOSITORY );
|
||||
operations.add( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY );
|
||||
operations.add( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY );
|
||||
return operations;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,61 @@
|
|||
package org.apache.maven.archiva.security;
|
||||
|
||||
/*
|
||||
* Copyright 2005-2006 The Apache Software Foundation.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
import org.codehaus.plexus.rbac.profile.AbstractDynamicRoleProfile;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* @plexus.component role="org.codehaus.plexus.rbac.profile.DynamicRoleProfile"
|
||||
* role-hint="archiva-repository-manager"
|
||||
*/
|
||||
public class RepsitoryManagerDynamicRoleProfile
|
||||
extends AbstractDynamicRoleProfile
|
||||
{
|
||||
public String getRoleName( String string )
|
||||
{
|
||||
return ArchivaRoleConstants.REPOSITORY_MANAGER_ROLE_PREFIX + ArchivaRoleConstants.DELIMITER + string;
|
||||
}
|
||||
|
||||
public List getOperations()
|
||||
{
|
||||
List operations = new ArrayList();
|
||||
|
||||
// I'm not sure these are appropriate roles.
|
||||
operations.add( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY );
|
||||
operations.add( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY );
|
||||
|
||||
operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
|
||||
operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD );
|
||||
return operations;
|
||||
}
|
||||
|
||||
public List getDynamicChildRoles( String string )
|
||||
{
|
||||
return Collections.singletonList(
|
||||
ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + ArchivaRoleConstants.DELIMITER + string );
|
||||
}
|
||||
|
||||
public boolean isAssignable()
|
||||
{
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
package org.apache.maven.archiva.security;
|
||||
|
||||
/*
|
||||
* Copyright 2005-2006 The Apache Software Foundation.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
import org.codehaus.plexus.rbac.profile.AbstractDynamicRoleProfile;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.ArrayList;
|
||||
|
||||
/**
|
||||
* @plexus.component role="org.codehaus.plexus.rbac.profile.DynamicRoleProfile"
|
||||
* role-hint="archiva-repository-observer"
|
||||
*/
|
||||
public class RepsitoryObserverDynamicRoleProfile
|
||||
extends AbstractDynamicRoleProfile
|
||||
{
|
||||
public String getRoleName( String string )
|
||||
{
|
||||
return ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + ArchivaRoleConstants.DELIMITER + string;
|
||||
}
|
||||
|
||||
public List getOperations()
|
||||
{
|
||||
List operations = new ArrayList();
|
||||
operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
|
||||
return operations;
|
||||
}
|
||||
|
||||
public boolean isAssignable()
|
||||
{
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
@ -63,5 +63,25 @@
|
|||
</requirement>
|
||||
</requirements>
|
||||
</component>
|
||||
<component>
|
||||
<role>org.codehaus.plexus.rbac.profile.DynamicRoleProfile</role>
|
||||
<role-hint>archiva-repository-manager</role-hint>
|
||||
<implementation>org.apache.maven.archiva.security.RepositoryManagerDynamicRoleProfile</implementation>
|
||||
<requirements>
|
||||
<requirement>
|
||||
<role>org.codehaus.plexus.security.rbac.RBACManager</role>
|
||||
</requirement>
|
||||
</requirements>
|
||||
</component>
|
||||
<component>
|
||||
<role>org.codehaus.plexus.rbac.profile.DynamicRoleProfile</role>
|
||||
<role-hint>archiva-repository-observer</role-hint>
|
||||
<implementation>org.apache.maven.archiva.security.RepositoryObserverDynamicRoleProfile</implementation>
|
||||
<requirements>
|
||||
<requirement>
|
||||
<role>org.codehaus.plexus.security.rbac.RBACManager</role>
|
||||
</requirement>
|
||||
</requirements>
|
||||
</component>
|
||||
</components>
|
||||
</component-set>
|
||||
|
|
|
|||
|
|
@ -198,15 +198,20 @@
|
|||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.codehaus.plexus.security</groupId>
|
||||
<artifactId>plexus-security-keys-jdo</artifactId>
|
||||
<version>1.0-SNAPSHOT</version>
|
||||
</dependency>
|
||||
<groupId>org.codehaus.plexus.security</groupId>
|
||||
<artifactId>plexus-security-keys-jdo</artifactId>
|
||||
<version>1.0-SNAPSHOT</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.codehaus.plexus</groupId>
|
||||
<artifactId>plexus-utils</artifactId>
|
||||
<version>1.2</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.codehaus.plexus</groupId>
|
||||
<artifactId>plexus-mail-sender-javamail</artifactId>
|
||||
<version>1.0-alpha-3</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.derby</groupId>
|
||||
<artifactId>derby</artifactId>
|
||||
|
|
|
|||
|
|
@ -1,97 +0,0 @@
|
|||
package org.apache.maven.archiva.web;
|
||||
|
||||
/*
|
||||
* Copyright 2001-2006 The Apache Software Foundation.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
import org.codehaus.plexus.security.user.User;
|
||||
import org.codehaus.plexus.security.rbac.RbacManagerException;
|
||||
|
||||
/**
|
||||
* ArchivaSecurityDefaults
|
||||
*
|
||||
* NOTE: this is targeted for removal with the forth coming rbac role templating
|
||||
*
|
||||
* @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
|
||||
* @version $Id$
|
||||
*/
|
||||
public interface ArchivaSecurityDefaults
|
||||
{
|
||||
public static final String ROLE = ArchivaSecurityDefaults.class.getName();
|
||||
|
||||
public static final String GUEST_USERNAME = "guest";
|
||||
|
||||
public static final String INDEX_REGENERATE_OPERATION = "regenerate-index";
|
||||
|
||||
public static final String INDEX_REGENERATE_PERMISSION = "Regenerate Index";
|
||||
|
||||
public static final String INDEX_RUN_OPERATION = "run-indexer";
|
||||
|
||||
public static final String INDEX_RUN_PERMISSION = "Run Indexer";
|
||||
|
||||
public static final String REPORTS_ACCESS_OPERATION = "access-reports";
|
||||
|
||||
public static final String REPORTS_ACCESS_PERMISSION = "Access Reports";
|
||||
|
||||
public static final String REPORTS_GENERATE_OPERATION = "generate-reports";
|
||||
|
||||
public static final String REPORTS_GENERATE_PERMISSION = "Generate Reports";
|
||||
|
||||
public static final String REPOSITORY_ACCESS = "Access Repository";
|
||||
|
||||
public static final String REPOSITORY_ACCESS_OPERATION = "read-repository";
|
||||
|
||||
public static final String REPOSITORY_ADD_OPERATION = "add-repository";
|
||||
|
||||
public static final String REPOSITORY_ADD_PERMISSION = "Add Repository";
|
||||
|
||||
public static final String REPOSITORY_DELETE = "Delete Repository";
|
||||
|
||||
public static final String REPOSITORY_DELETE_OPERATION = "delete-repository";
|
||||
|
||||
public static final String REPOSITORY_EDIT = "Edit Repository";
|
||||
|
||||
public static final String REPOSITORY_EDIT_OPERATION = "edit-repository";
|
||||
|
||||
public static final String REPOSITORY_MANAGER = "Repository Manager";
|
||||
|
||||
public static final String REPOSITORY_OBSERVER = "Repository Observer";
|
||||
|
||||
public static final String REPOSITORY_UPLOAD = "Repository Upload";
|
||||
|
||||
public static final String REPOSITORY_UPLOAD_OPERATION = "upload-repository";
|
||||
|
||||
public static final String ROLES_GRANT_OPERATION = "grant-roles";
|
||||
|
||||
public static final String ROLES_GRANT_PERMISSION = "Grant Roles";
|
||||
|
||||
public static final String ROLES_REMOVE_OPERATION = "remove-roles";
|
||||
|
||||
public static final String ROLES_REMOVE_PERMISSION = "Remove Roles";
|
||||
|
||||
public static final String SYSTEM_ADMINISTRATOR = "System Administrator";
|
||||
|
||||
public static final String USER_ADMINISTRATOR = "User Administrator";
|
||||
|
||||
public static final String USER_EDIT_OPERATION = "edit-user";
|
||||
|
||||
public static final String USERS_EDIT_ALL_OPERATION = "edit-all-users";
|
||||
|
||||
public static final String USERS_EDIT_ALL_PERMISSION = "Edit All Users";
|
||||
|
||||
public void ensureDefaultsExist()
|
||||
throws RbacManagerException;
|
||||
|
||||
}
|
||||
|
|
@ -1,147 +0,0 @@
|
|||
package org.apache.maven.archiva.web;
|
||||
|
||||
/*
|
||||
* Copyright 2001-2006 The Apache Software Foundation.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
import org.codehaus.plexus.logging.AbstractLogEnabled;
|
||||
import org.codehaus.plexus.personality.plexus.lifecycle.phase.Initializable;
|
||||
import org.codehaus.plexus.personality.plexus.lifecycle.phase.InitializationException;
|
||||
import org.codehaus.plexus.security.rbac.Operation;
|
||||
import org.codehaus.plexus.security.rbac.Permission;
|
||||
import org.codehaus.plexus.security.rbac.RBACManager;
|
||||
import org.codehaus.plexus.security.rbac.RbacManagerException;
|
||||
|
||||
/**
|
||||
* DefaultArchivaSecurityDefaults
|
||||
*
|
||||
* @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
|
||||
* @version $Id$
|
||||
* @plexus.component role="org.apache.maven.archiva.web.ArchivaSecurityDefaults"
|
||||
*/
|
||||
public class DefaultArchivaSecurityDefaults
|
||||
extends AbstractLogEnabled
|
||||
implements ArchivaSecurityDefaults, Initializable
|
||||
{
|
||||
/**
|
||||
* @plexus.requirement
|
||||
*/
|
||||
private RBACManager rbacManager;
|
||||
|
||||
private boolean initialized = false;
|
||||
|
||||
public void ensureDefaultsExist()
|
||||
throws RbacManagerException
|
||||
{
|
||||
if ( initialized )
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
ensureOperationsExist();
|
||||
ensurePermissionsExist();
|
||||
ensureRolesExist();
|
||||
|
||||
initialized = true;
|
||||
}
|
||||
|
||||
private void ensureOperationExists( String operationName )
|
||||
throws RbacManagerException
|
||||
{
|
||||
if ( !rbacManager.operationExists( operationName ) )
|
||||
{
|
||||
Operation operation = rbacManager.createOperation( operationName );
|
||||
rbacManager.saveOperation( operation );
|
||||
}
|
||||
}
|
||||
|
||||
private void ensureOperationsExist()
|
||||
throws RbacManagerException
|
||||
{
|
||||
ensureOperationExists( REPOSITORY_ADD_OPERATION );
|
||||
ensureOperationExists( REPOSITORY_EDIT_OPERATION );
|
||||
ensureOperationExists( REPOSITORY_DELETE_OPERATION );
|
||||
ensureOperationExists( INDEX_RUN_OPERATION );
|
||||
ensureOperationExists( INDEX_REGENERATE_OPERATION );
|
||||
ensureOperationExists( REPORTS_ACCESS_OPERATION );
|
||||
ensureOperationExists( REPORTS_GENERATE_OPERATION );
|
||||
ensureOperationExists( USER_EDIT_OPERATION );
|
||||
ensureOperationExists( USERS_EDIT_ALL_OPERATION );
|
||||
ensureOperationExists( ROLES_GRANT_OPERATION );
|
||||
ensureOperationExists( ROLES_REMOVE_OPERATION );
|
||||
ensureOperationExists( REPOSITORY_ACCESS_OPERATION );
|
||||
ensureOperationExists( REPOSITORY_UPLOAD_OPERATION );
|
||||
}
|
||||
|
||||
private void ensurePermissionExists( String permissionName, String operationName, String resourceIdentifier )
|
||||
throws RbacManagerException
|
||||
{
|
||||
if ( !rbacManager.permissionExists( permissionName ) )
|
||||
{
|
||||
Permission editConfiguration =
|
||||
rbacManager.createPermission( permissionName, operationName, resourceIdentifier );
|
||||
rbacManager.savePermission( editConfiguration );
|
||||
}
|
||||
}
|
||||
|
||||
private void ensurePermissionsExist()
|
||||
throws RbacManagerException
|
||||
{
|
||||
String globalResource = rbacManager.getGlobalResource().getIdentifier();
|
||||
|
||||
ensurePermissionExists( REPORTS_ACCESS_PERMISSION, REPORTS_ACCESS_OPERATION, globalResource );
|
||||
ensurePermissionExists( REPORTS_GENERATE_PERMISSION, REPORTS_GENERATE_OPERATION, globalResource );
|
||||
|
||||
ensurePermissionExists( INDEX_RUN_PERMISSION, INDEX_RUN_OPERATION, globalResource );
|
||||
ensurePermissionExists( INDEX_REGENERATE_PERMISSION, INDEX_REGENERATE_OPERATION, globalResource );
|
||||
|
||||
ensurePermissionExists( REPOSITORY_ADD_PERMISSION, REPOSITORY_ADD_OPERATION, globalResource );
|
||||
ensurePermissionExists( REPOSITORY_ACCESS, "access-repository", globalResource );
|
||||
ensurePermissionExists( REPOSITORY_UPLOAD, REPOSITORY_UPLOAD_OPERATION, globalResource );
|
||||
}
|
||||
|
||||
private void ensureRolesExist()
|
||||
throws RbacManagerException
|
||||
{
|
||||
/* TODO!
|
||||
if ( !rbacManager.roleExists( SYSTEM_ADMINISTRATOR ) )
|
||||
{
|
||||
Role admin = rbacManager.createRole( SYSTEM_ADMINISTRATOR );
|
||||
admin.addChildRoleName( rbacManager.getRole( USER_ADMINISTRATOR ).getName() );
|
||||
admin.addPermission( rbacManager.getPermission( CONFIGURATION_EDIT_PERMISSION ) );
|
||||
admin.addPermission( rbacManager.getPermission( INDEX_RUN_PERMISSION ) );
|
||||
admin.addPermission( rbacManager.getPermission( REPOSITORY_ADD_PERMISSION ) );
|
||||
admin.addPermission( rbacManager.getPermission( REPORTS_ACCESS_PERMISSION ) );
|
||||
admin.addPermission( rbacManager.getPermission( REPORTS_GENERATE_PERMISSION ) );
|
||||
admin.addPermission( rbacManager.getPermission( INDEX_REGENERATE_PERMISSION ) );
|
||||
admin.setAssignable( true );
|
||||
rbacManager.saveRole( admin );
|
||||
}
|
||||
*/
|
||||
}
|
||||
|
||||
public void initialize()
|
||||
throws InitializationException
|
||||
{
|
||||
try
|
||||
{
|
||||
ensureDefaultsExist();
|
||||
}
|
||||
catch ( RbacManagerException e )
|
||||
{
|
||||
throw new InitializationException( e.getMessage(), e );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -16,7 +16,6 @@ package org.apache.maven.archiva.web.action;
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
import com.opensymphony.xwork.ActionSupport;
|
||||
import com.opensymphony.xwork.Preparable;
|
||||
import org.apache.maven.archiva.configuration.Configuration;
|
||||
import org.apache.maven.archiva.configuration.ConfigurationStore;
|
||||
|
|
@ -29,8 +28,13 @@ import org.apache.maven.archiva.reporting.ReportExecutor;
|
|||
import org.apache.maven.archiva.reporting.ReportGroup;
|
||||
import org.apache.maven.archiva.reporting.ReportingDatabase;
|
||||
import org.apache.maven.archiva.reporting.ReportingStoreException;
|
||||
import org.apache.maven.archiva.security.ArchivaRoleConstants;
|
||||
import org.apache.maven.artifact.repository.ArtifactRepository;
|
||||
import org.apache.maven.artifact.resolver.filter.ArtifactFilter;
|
||||
import org.codehaus.plexus.security.rbac.Resource;
|
||||
import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
|
||||
import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
|
||||
import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
|
||||
import org.codehaus.plexus.xwork.action.PlexusActionSupport;
|
||||
|
||||
import java.util.ArrayList;
|
||||
|
|
@ -42,10 +46,11 @@ import java.util.Map;
|
|||
* Repository reporting.
|
||||
*
|
||||
* @plexus.component role="com.opensymphony.xwork.Action" role-hint="reportsAction"
|
||||
* @todo split report access and report generation
|
||||
*/
|
||||
public class ReportsAction
|
||||
extends PlexusActionSupport
|
||||
implements Preparable
|
||||
implements Preparable, SecureAction
|
||||
{
|
||||
/**
|
||||
* @plexus.requirement
|
||||
|
|
@ -223,4 +228,15 @@ public class ReportsAction
|
|||
{
|
||||
this.filter = filter;
|
||||
}
|
||||
|
||||
public SecureActionBundle getSecureActionBundle()
|
||||
throws SecureActionException
|
||||
{
|
||||
SecureActionBundle bundle = new SecureActionBundle();
|
||||
|
||||
bundle.setRequiresAuthentication( true );
|
||||
bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_ACCESS_REPORT, Resource.GLOBAL );
|
||||
|
||||
return bundle;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,9 +24,14 @@ import org.apache.maven.archiva.configuration.ConfigurationChangeException;
|
|||
import org.apache.maven.archiva.configuration.ConfigurationStore;
|
||||
import org.apache.maven.archiva.configuration.ConfigurationStoreException;
|
||||
import org.apache.maven.archiva.configuration.InvalidConfigurationException;
|
||||
import org.apache.maven.archiva.web.util.RoleManager;
|
||||
import org.apache.maven.archiva.security.ArchivaRoleConstants;
|
||||
import org.codehaus.plexus.xwork.action.PlexusActionSupport;
|
||||
import org.codehaus.plexus.security.rbac.RbacManagerException;
|
||||
import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
|
||||
import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
|
||||
import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
|
||||
import org.codehaus.plexus.rbac.profile.RoleProfileException;
|
||||
import org.codehaus.plexus.rbac.profile.RoleProfileManager;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
|
|
@ -37,7 +42,7 @@ import java.io.IOException;
|
|||
*/
|
||||
public abstract class AbstractConfigureRepositoryAction
|
||||
extends PlexusActionSupport
|
||||
implements ModelDriven, Preparable
|
||||
implements ModelDriven, Preparable, SecureAction
|
||||
{
|
||||
/**
|
||||
* @plexus.requirement
|
||||
|
|
@ -45,9 +50,9 @@ public abstract class AbstractConfigureRepositoryAction
|
|||
private ConfigurationStore configurationStore;
|
||||
|
||||
/**
|
||||
* @plexus.requirement
|
||||
* @plexus.requirement role-hint="archiva"
|
||||
*/
|
||||
protected RoleManager roleManager;
|
||||
protected RoleProfileManager roleProfileManager;
|
||||
|
||||
/**
|
||||
* The repository.
|
||||
|
|
@ -66,7 +71,7 @@ public abstract class AbstractConfigureRepositoryAction
|
|||
|
||||
public String add()
|
||||
throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException,
|
||||
RbacManagerException
|
||||
RbacManagerException, RoleProfileException
|
||||
{
|
||||
// TODO: if this didn't come from the form, go to configure.action instead of going through with re-saving what was just loaded
|
||||
|
||||
|
|
@ -82,7 +87,7 @@ public abstract class AbstractConfigureRepositoryAction
|
|||
|
||||
public String edit()
|
||||
throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException,
|
||||
RbacManagerException
|
||||
RbacManagerException, RoleProfileException
|
||||
{
|
||||
// TODO: if this didn't come from the form, go to configure.action instead of going through with re-saving what was just loaded
|
||||
|
||||
|
|
@ -98,12 +103,10 @@ public abstract class AbstractConfigureRepositoryAction
|
|||
|
||||
private String saveConfiguration()
|
||||
throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException,
|
||||
RbacManagerException
|
||||
RbacManagerException, RoleProfileException
|
||||
{
|
||||
addRepository();
|
||||
|
||||
roleManager.addRepository( repository.getId() );
|
||||
|
||||
configurationStore.storeConfiguration( configuration );
|
||||
|
||||
// TODO: do we need to check if indexing is needed?
|
||||
|
|
@ -114,7 +117,7 @@ public abstract class AbstractConfigureRepositoryAction
|
|||
}
|
||||
|
||||
protected abstract void addRepository()
|
||||
throws IOException;
|
||||
throws IOException, RoleProfileException;
|
||||
|
||||
public String input()
|
||||
{
|
||||
|
|
@ -162,4 +165,19 @@ public abstract class AbstractConfigureRepositoryAction
|
|||
{
|
||||
return configuration;
|
||||
}
|
||||
|
||||
public SecureActionBundle getSecureActionBundle()
|
||||
throws SecureActionException
|
||||
{
|
||||
SecureActionBundle bundle = new SecureActionBundle();
|
||||
|
||||
if ( getRepoId() != null )
|
||||
{
|
||||
bundle.setRequiresAuthentication( true );
|
||||
// TODO: this is not right. It needs to change based on method
|
||||
bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY, getRepoId() );
|
||||
}
|
||||
|
||||
return bundle;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,6 +18,11 @@ package org.apache.maven.archiva.web.action.admin;
|
|||
|
||||
import org.apache.maven.archiva.configuration.AbstractRepositoryConfiguration;
|
||||
import org.apache.maven.archiva.configuration.RepositoryConfiguration;
|
||||
import org.apache.maven.archiva.security.ArchivaRoleConstants;
|
||||
import org.codehaus.plexus.rbac.profile.RoleProfileException;
|
||||
import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
|
||||
import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
|
||||
import org.codehaus.plexus.security.rbac.Resource;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
|
|
@ -41,7 +46,7 @@ public class ConfigureRepositoryAction
|
|||
}
|
||||
|
||||
protected void addRepository()
|
||||
throws IOException
|
||||
throws IOException, RoleProfileException
|
||||
{
|
||||
RepositoryConfiguration repository = (RepositoryConfiguration) getRepository();
|
||||
|
||||
|
|
@ -55,6 +60,11 @@ public class ConfigureRepositoryAction
|
|||
}
|
||||
|
||||
configuration.addRepository( repository );
|
||||
|
||||
// TODO: double check these are configured on start up
|
||||
roleProfileManager.getDynamicRole( "archiva-repository-manager", repository.getId() );
|
||||
|
||||
roleProfileManager.getDynamicRole( "archiva-repository-observer", repository.getId() );
|
||||
}
|
||||
|
||||
protected AbstractRepositoryConfiguration createRepository()
|
||||
|
|
|
|||
|
|
@ -18,21 +18,9 @@ package org.apache.maven.archiva.web.interceptor;
|
|||
|
||||
import com.opensymphony.xwork.ActionInvocation;
|
||||
import com.opensymphony.xwork.interceptor.Interceptor;
|
||||
|
||||
import org.apache.maven.archiva.configuration.Configuration;
|
||||
import org.apache.maven.archiva.configuration.ConfigurationStore;
|
||||
import org.apache.maven.archiva.configuration.ConfigurationStoreException;
|
||||
import org.apache.maven.archiva.web.ArchivaSecurityDefaults;
|
||||
import org.apache.maven.archiva.web.util.RoleManager;
|
||||
import org.codehaus.plexus.logging.AbstractLogEnabled;
|
||||
import org.codehaus.plexus.security.rbac.RBACManager;
|
||||
import org.codehaus.plexus.security.rbac.RbacManagerException;
|
||||
import org.codehaus.plexus.security.user.User;
|
||||
import org.codehaus.plexus.security.user.UserManager;
|
||||
import org.codehaus.plexus.security.user.UserNotFoundException;
|
||||
|
||||
import java.util.Iterator;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* An interceptor that makes the application configuration available
|
||||
|
|
@ -50,28 +38,6 @@ public class ConfigurationInterceptor
|
|||
*/
|
||||
private ConfigurationStore configurationStore;
|
||||
|
||||
/**
|
||||
* @plexus.requirement
|
||||
*/
|
||||
private RoleManager roleManager;
|
||||
|
||||
/**
|
||||
* @plexus.requirement
|
||||
*/
|
||||
private RBACManager rbacManager;
|
||||
|
||||
/**
|
||||
* @plexus.requirement
|
||||
*/
|
||||
private UserManager userManager;
|
||||
|
||||
/**
|
||||
* @plexus.requirement
|
||||
*/
|
||||
private ArchivaSecurityDefaults archivaDefaults;
|
||||
|
||||
private boolean adminInitialized = false;
|
||||
|
||||
/**
|
||||
*
|
||||
* @param actionInvocation
|
||||
|
|
@ -81,30 +47,6 @@ public class ConfigurationInterceptor
|
|||
public String intercept( ActionInvocation actionInvocation )
|
||||
throws Exception
|
||||
{
|
||||
archivaDefaults.ensureDefaultsExist();
|
||||
ensureRepoRolesExist();
|
||||
|
||||
if ( !adminInitialized )
|
||||
{
|
||||
adminInitialized = true;
|
||||
|
||||
try
|
||||
{
|
||||
User user = userManager.findUser( "admin" );
|
||||
if ( user == null )
|
||||
{
|
||||
getLogger().info( "No admin user configured - forwarding to admin user creation page." );
|
||||
return "admin-user-needed";
|
||||
}
|
||||
getLogger().info( "Admin user found. No need to configure admin user." );
|
||||
}
|
||||
catch ( UserNotFoundException e )
|
||||
{
|
||||
getLogger().info( "No admin user found - forwarding to admin user creation page." );
|
||||
return "admin-user-needed";
|
||||
}
|
||||
}
|
||||
|
||||
Configuration configuration = configurationStore.getConfigurationFromStore();
|
||||
|
||||
if ( !configuration.isValid() )
|
||||
|
|
@ -126,39 +68,6 @@ public class ConfigurationInterceptor
|
|||
}
|
||||
}
|
||||
|
||||
public void ensureRepoRolesExist()
|
||||
throws RbacManagerException
|
||||
{
|
||||
try
|
||||
{
|
||||
if ( configurationStore.getConfigurationFromStore().isValid() )
|
||||
{
|
||||
Map repositories = configurationStore.getConfigurationFromStore().getRepositoriesMap();
|
||||
|
||||
for ( Iterator i = repositories.keySet().iterator(); i.hasNext(); )
|
||||
{
|
||||
String id = (String) i.next();
|
||||
|
||||
if ( !rbacManager.roleExists( "Repository Observer - " + id ) )
|
||||
{
|
||||
getLogger().info( "recovering Repository Observer - " + id );
|
||||
roleManager.addRepository( id );
|
||||
}
|
||||
|
||||
if ( !rbacManager.roleExists( "Repository Manager - " + id ) )
|
||||
{
|
||||
getLogger().info( "recovering Repository Manager - " + id );
|
||||
roleManager.addRepository( id );
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
catch ( ConfigurationStoreException e )
|
||||
{
|
||||
throw new RuntimeException( "error with configurationStore()" );
|
||||
}
|
||||
}
|
||||
|
||||
public void destroy()
|
||||
{
|
||||
// This space left intentionally blank
|
||||
|
|
|
|||
|
|
@ -22,16 +22,16 @@ import org.apache.maven.archiva.configuration.Configuration;
|
|||
import org.apache.maven.archiva.configuration.ConfigurationStore;
|
||||
import org.apache.maven.archiva.configuration.ConfigurationStoreException;
|
||||
import org.apache.maven.archiva.configuration.RepositoryConfiguration;
|
||||
import org.apache.maven.archiva.web.ArchivaSecurityDefaults;
|
||||
import org.apache.maven.archiva.security.ArchivaRoleConstants;
|
||||
import org.apache.maven.archiva.web.servlet.AbstractPlexusServlet;
|
||||
import org.codehaus.plexus.security.authentication.AuthenticationException;
|
||||
import org.codehaus.plexus.security.authentication.AuthenticationResult;
|
||||
import org.codehaus.plexus.security.authorization.AuthorizationException;
|
||||
import org.codehaus.plexus.security.policy.AccountLockedException;
|
||||
import org.codehaus.plexus.security.policy.MustChangePasswordException;
|
||||
import org.codehaus.plexus.security.system.SecuritySession;
|
||||
import org.codehaus.plexus.security.system.SecuritySystem;
|
||||
import org.codehaus.plexus.security.ui.web.filter.authentication.HttpAuthenticator;
|
||||
import org.codehaus.plexus.security.policy.AccountLockedException;
|
||||
import org.codehaus.plexus.security.policy.MustChangePasswordException;
|
||||
import org.codehaus.plexus.util.FileUtils;
|
||||
import org.codehaus.plexus.util.StringUtils;
|
||||
|
||||
|
|
@ -47,11 +47,10 @@ import java.util.Map;
|
|||
/**
|
||||
* RepositoryAccess - access read/write to the repository.
|
||||
*
|
||||
* @plexus.component role="org.apache.maven.archiva.web.servlet.PlexusServlet"
|
||||
* role-hint="repositoryAccess"
|
||||
*
|
||||
* @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
|
||||
* @version $Id$
|
||||
* @plexus.component role="org.apache.maven.archiva.web.servlet.PlexusServlet"
|
||||
* role-hint="repositoryAccess"
|
||||
* @todo CACHE REPOSITORY LIST
|
||||
*/
|
||||
public class RepositoryAccess
|
||||
|
|
@ -72,11 +71,6 @@ public class RepositoryAccess
|
|||
*/
|
||||
private HttpAuthenticator httpAuth;
|
||||
|
||||
/**
|
||||
* @plexus.requirement
|
||||
*/
|
||||
private ArchivaSecurityDefaults archivaSecurity;
|
||||
|
||||
/**
|
||||
* List of request methods that fall into the category of 'access' or 'read' of a repository.
|
||||
* All other method requests are to be considered 'write' or 'upload' requests.
|
||||
|
|
@ -137,7 +131,7 @@ public class RepositoryAccess
|
|||
routeToErrorPage( response, "Invalid Repository ID." );
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
// Authentication Tests.
|
||||
|
||||
AuthenticationResult result;
|
||||
|
|
@ -148,8 +142,8 @@ public class RepositoryAccess
|
|||
if ( !result.isAuthenticated() )
|
||||
{
|
||||
// Must Authenticate.
|
||||
httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
|
||||
new AuthenticationException("User Credentials Invalid") );
|
||||
httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
|
||||
new AuthenticationException( "User Credentials Invalid" ) );
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
|
@ -161,12 +155,12 @@ public class RepositoryAccess
|
|||
catch ( AccountLockedException e )
|
||||
{
|
||||
httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
|
||||
new AuthenticationException("User account is locked") );
|
||||
new AuthenticationException( "User account is locked" ) );
|
||||
}
|
||||
catch ( MustChangePasswordException e )
|
||||
{
|
||||
httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
|
||||
new AuthenticationException("You must change your password before you can attempt this again.") );
|
||||
httpAuth.challenge( request, response, "Repository " + repoconfig.getName(), new AuthenticationException(
|
||||
"You must change your password before you can attempt this again." ) );
|
||||
}
|
||||
|
||||
// Authorization Tests.
|
||||
|
|
@ -176,11 +170,11 @@ public class RepositoryAccess
|
|||
SecuritySession securitySession = httpAuth.getSecuritySession();
|
||||
try
|
||||
{
|
||||
String permission = ArchivaSecurityDefaults.REPOSITORY_ACCESS;
|
||||
String permission = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
|
||||
|
||||
if ( isWriteRequest )
|
||||
{
|
||||
permission = ArchivaSecurityDefaults.REPOSITORY_UPLOAD;
|
||||
permission = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
|
||||
}
|
||||
|
||||
permission += " - " + repoconfig.getId();
|
||||
|
|
@ -190,8 +184,8 @@ public class RepositoryAccess
|
|||
if ( !isAuthorized )
|
||||
{
|
||||
// Issue HTTP Challenge.
|
||||
httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
|
||||
new AuthenticationException("Authorization Denied.") );
|
||||
httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
|
||||
new AuthenticationException( "Authorization Denied." ) );
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
|
@ -204,8 +198,8 @@ public class RepositoryAccess
|
|||
|
||||
RepositoryMapping repo = getRepositoryMapping( repoconfig );
|
||||
|
||||
response.setHeader( "Server", getServletContext().getServerInfo() + " Archiva : "
|
||||
+ DAVUtilities.SERVLET_SIGNATURE );
|
||||
response.setHeader( "Server",
|
||||
getServletContext().getServerInfo() + " Archiva : " + DAVUtilities.SERVLET_SIGNATURE );
|
||||
|
||||
DAVTransaction transaction = new DAVTransaction( request, response );
|
||||
try
|
||||
|
|
|
|||
|
|
@ -1,97 +0,0 @@
|
|||
package org.apache.maven.archiva.web.util;
|
||||
|
||||
/*
|
||||
* Copyright 2001-2006 The Apache Software Foundation.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
import org.apache.maven.archiva.web.ArchivaSecurityDefaults;
|
||||
import org.codehaus.plexus.logging.AbstractLogEnabled;
|
||||
import org.codehaus.plexus.security.rbac.Permission;
|
||||
import org.codehaus.plexus.security.rbac.RBACManager;
|
||||
import org.codehaus.plexus.security.rbac.RbacManagerException;
|
||||
import org.codehaus.plexus.security.rbac.Resource;
|
||||
import org.codehaus.plexus.security.rbac.Role;
|
||||
import org.codehaus.plexus.security.user.User;
|
||||
import org.codehaus.plexus.security.user.UserManager;
|
||||
|
||||
/**
|
||||
* DefaultRoleManager:
|
||||
* @todo remove!
|
||||
*
|
||||
* @author Jesse McConnell <jmcconnell@apache.org>
|
||||
* @version $Id:$
|
||||
* @plexus.component role="org.apache.maven.archiva.web.util.RoleManager"
|
||||
* role-hint="default"
|
||||
*/
|
||||
public class DefaultRoleManager
|
||||
extends AbstractLogEnabled
|
||||
implements RoleManager
|
||||
{
|
||||
|
||||
/**
|
||||
* @plexus.requirement
|
||||
*/
|
||||
private RBACManager manager;
|
||||
|
||||
public void addRepository( String repositoryName )
|
||||
throws RbacManagerException
|
||||
{
|
||||
// make the resource
|
||||
Resource repoResource = manager.createResource( repositoryName );
|
||||
repoResource = manager.saveResource( repoResource );
|
||||
|
||||
// make the permissions
|
||||
Permission editRepo =
|
||||
manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_EDIT + " - " + repositoryName );
|
||||
editRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_EDIT_OPERATION ) );
|
||||
editRepo.setResource( repoResource );
|
||||
editRepo = manager.savePermission( editRepo );
|
||||
|
||||
Permission deleteRepo =
|
||||
manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_DELETE + " - " + repositoryName );
|
||||
deleteRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_DELETE_OPERATION ) );
|
||||
deleteRepo.setResource( repoResource );
|
||||
deleteRepo = manager.savePermission( deleteRepo );
|
||||
|
||||
Permission accessRepo =
|
||||
manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_ACCESS + " - " + repositoryName );
|
||||
accessRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_ACCESS_OPERATION ) );
|
||||
accessRepo.setResource( repoResource );
|
||||
accessRepo = manager.savePermission( accessRepo );
|
||||
|
||||
Permission uploadRepo =
|
||||
manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_UPLOAD + " - " + repositoryName );
|
||||
uploadRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_UPLOAD_OPERATION ) );
|
||||
uploadRepo.setResource( repoResource );
|
||||
uploadRepo = manager.savePermission( uploadRepo );
|
||||
|
||||
// make the roles
|
||||
Role repositoryObserver = manager.createRole( "Repository Observer - " + repositoryName );
|
||||
repositoryObserver.addPermission( manager.getPermission( ArchivaSecurityDefaults.REPORTS_ACCESS_PERMISSION ) );
|
||||
repositoryObserver.setAssignable( true );
|
||||
repositoryObserver = manager.saveRole( repositoryObserver );
|
||||
|
||||
Role repositoryManager = manager.createRole( "Repository Manager - " + repositoryName );
|
||||
repositoryManager.addPermission( editRepo );
|
||||
repositoryManager.addPermission( deleteRepo );
|
||||
repositoryManager.addPermission( accessRepo );
|
||||
repositoryManager.addPermission( uploadRepo );
|
||||
repositoryManager.addPermission( manager.getPermission( ArchivaSecurityDefaults.REPORTS_GENERATE_PERMISSION ) );
|
||||
repositoryManager.addChildRoleName( repositoryObserver.getName() );
|
||||
repositoryManager.setAssignable( true );
|
||||
manager.saveRole( repositoryManager );
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
package org.apache.maven.archiva.web.util;
|
||||
|
||||
/*
|
||||
* Copyright 2005 The Apache Software Foundation.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
import org.codehaus.plexus.security.rbac.RbacManagerException;
|
||||
|
||||
/**
|
||||
* RoleManager:
|
||||
*
|
||||
* @author Jesse McConnell <jmcconnell@apache.org>
|
||||
* @version $Id:$
|
||||
*/
|
||||
public interface RoleManager
|
||||
{
|
||||
public static final String ROLE = RoleManager.class.getName();
|
||||
|
||||
public void addRepository( String repositoryName )
|
||||
throws RbacManagerException;
|
||||
|
||||
}
|
||||
|
|
@ -441,8 +441,5 @@
|
|||
<component>
|
||||
<role>org.apache.maven.archiva.scheduler.RepositoryTaskScheduler</role>
|
||||
</component>
|
||||
<component>
|
||||
<role>org.apache.maven.archiva.web.ArchivaSecurityDefaults</role>
|
||||
</component>
|
||||
</load-on-start>
|
||||
</plexus>
|
||||
|
|
|
|||
|
|
@ -1,24 +0,0 @@
|
|||
#
|
||||
# properties that might be used in plexus-security initialization
|
||||
#
|
||||
|
||||
#
|
||||
# operations
|
||||
#
|
||||
addRepositoryOperation=add-repository
|
||||
editRepositoryOperation=edit-repository
|
||||
deleteRepositoryOperation=delete-repository
|
||||
|
||||
editConfiguration=edit-configuration
|
||||
|
||||
runIndexer=run-indexer
|
||||
regenerateIndex=regenerate-index
|
||||
|
||||
accessReports=access-reports
|
||||
generateReports=generate-reports
|
||||
|
||||
editAllUsers=edit-all-users
|
||||
editUser=edit-user
|
||||
|
||||
grantRoles=grant-roles
|
||||
removeRoles=remove-roles
|
||||
|
|
@ -52,7 +52,7 @@
|
|||
</td>
|
||||
<%-- TODO: a "delete index and run now" operation should be here too (really clean, remove deletions that didn't get picked up) --%>
|
||||
<td>
|
||||
<pss:ifAuthorized permission="run-indexer">
|
||||
<pss:ifAuthorized permission="archiva-run-indexer">
|
||||
<a href="<ww:url action="runIndexer" />">Run Now</a>
|
||||
</pss:ifAuthorized>
|
||||
</td>
|
||||
|
|
@ -82,7 +82,7 @@
|
|||
<div>
|
||||
<div style="float: right">
|
||||
<%-- TODO replace with icons --%>
|
||||
<pss:ifAuthorized permission="add-repository">
|
||||
<pss:ifAuthorized permission="archiva-add-repository">
|
||||
<ww:url id="addRepositoryUrl" action="addRepository" method="input"/>
|
||||
<ww:a href="%{addRepositoryUrl}">Add Repository</ww:a>
|
||||
</pss:ifAuthorized>
|
||||
|
|
@ -104,7 +104,8 @@
|
|||
<ww:param name="repoId" value="%{'${repository.id}'}" />
|
||||
</ww:url>
|
||||
<%-- TODO replace with icons --%>
|
||||
<pss:ifAuthorized permission="edit-repository" resource="${repository.id}"><ww:a href="%{editRepositoryUrl}">Edit Repository</ww:a></pss:ifAuthorized><pss:ifAuthorized permission="delete-repository" resource="${repository.id}"> <ww:a href="%{deleteRepositoryUrl}">Delete Repository</ww:a></pss:ifAuthorized>
|
||||
<pss:ifAuthorized permission="archiva-edit-repository" resource="${repository.id}"><ww:a href="%{editRepositoryUrl}">Edit Repository</ww:a></pss:ifAuthorized>
|
||||
<pss:ifAuthorized permission="archiva-delete-repository" resource="${repository.id}"><ww:a href="%{deleteRepositoryUrl}">Delete Repository</ww:a></pss:ifAuthorized>
|
||||
</div>
|
||||
<h3>${repository.name}</h3>
|
||||
<table class="infoTable">
|
||||
|
|
|
|||
|
|
@ -92,10 +92,10 @@
|
|||
<my:currentWWUrl action="browse" namespace="/">Browse</my:currentWWUrl>
|
||||
</li>
|
||||
</ul>
|
||||
<pss:ifAnyAuthorized permissions="archiva-manage-users,access-reports,archiva-manage-configuration">
|
||||
<pss:ifAnyAuthorized permissions="archiva-manage-users,archiva-access-reports,archiva-manage-configuration">
|
||||
<h5>Manage</h5>
|
||||
<ul>
|
||||
<pss:ifAuthorized permission="access-reports">
|
||||
<pss:ifAuthorized permission="archiva-access-reports">
|
||||
<li class="none">
|
||||
<my:currentWWUrl action="reports" namespace="/admin">Reports</my:currentWWUrl>
|
||||
</li>
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@
|
|||
|
||||
<div id="contentArea">
|
||||
|
||||
<pss:ifAnyAuthorized permissions="generate-reports">
|
||||
<pss:ifAnyAuthorized permissions="archiva-generate-reports">
|
||||
<ww:form action="reports" namespace="/admin">
|
||||
<ww:select list="reports" label="Report" name="reportGroup" onchange="document.reports.submit();"/>
|
||||
<ww:select list="configuration.repositories" listKey="id" listValue="name" label="Repository" headerKey="-"
|
||||
|
|
@ -55,7 +55,7 @@
|
|||
--%>
|
||||
<c:choose>
|
||||
<c:when test="${!database.inProgress}">
|
||||
<pss:ifAuthorized permission="generate-reports">
|
||||
<pss:ifAuthorized permission="archiva-generate-reports">
|
||||
<ww:url id="regenerateReportUrl" action="runReport" namespace="/admin">
|
||||
<ww:param name="repositoryId">${database.repository.id}</ww:param>
|
||||
<ww:param name="reportGroup" value="reportGroup"/>
|
||||
|
|
|
|||
Loading…
Reference in New Issue