add security

git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@450867 13f79535-47bb-0310-9956-ffa450edef68
2006-09-28 14:29:23 +00:00 · 2006-09-28 14:29:23 +00:00 · 51dab6ff2f
parent f3b5e97dfb
commit 51dab6ff2f
3 changed files with 52 additions and 2 deletions
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java
+++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java
@ -27,6 +27,7 @@ import org.apache.maven.archiva.configuration.InvalidConfigurationException;
 import org.apache.maven.archiva.security.ArchivaRoleConstants;
 import org.codehaus.plexus.xwork.action.PlexusActionSupport;
 import org.codehaus.plexus.security.rbac.RbacManagerException;
+import org.codehaus.plexus.security.rbac.Resource;
 import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
 import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
 import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
@ -171,12 +172,18 @@ public abstract class AbstractConfigureRepositoryAction
    {
        SecureActionBundle bundle = new SecureActionBundle();

+        bundle.setRequiresAuthentication( true );
+
        if ( getRepoId() != null )
        {
-            bundle.setRequiresAuthentication( true );
-            // TODO: this is not right. It needs to change based on method
+            // TODO: this is not right. It needs to change based on method. But is this really the right way to restrict this area?
+            // TODO: not right. We only care about this permission on managed repositories. Otherwise, it's configuration
            bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY, getRepoId() );
        }
+        else
+        {
+            bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION, Resource.GLOBAL );
+        }

        return bundle;
    }
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractDeleteRepositoryAction.java
+++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractDeleteRepositoryAction.java
@ -22,7 +22,12 @@ import org.apache.maven.archiva.configuration.ConfigurationChangeException;
 import org.apache.maven.archiva.configuration.ConfigurationStore;
 import org.apache.maven.archiva.configuration.ConfigurationStoreException;
 import org.apache.maven.archiva.configuration.InvalidConfigurationException;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
 import org.codehaus.plexus.xwork.action.PlexusActionSupport;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
+import org.codehaus.plexus.security.rbac.Resource;

 import java.io.IOException;

@ -33,6 +38,7 @@ import java.io.IOException;
 */
 public abstract class AbstractDeleteRepositoryAction
    extends PlexusActionSupport
+    implements SecureAction
 {
    /**
     * @plexus.requirement
@ -112,4 +118,24 @@ public abstract class AbstractDeleteRepositoryAction
    {
        this.operation = operation;
    }
+    
+    public SecureActionBundle getSecureActionBundle()
+        throws SecureActionException
+    {
+        SecureActionBundle bundle = new SecureActionBundle();
+
+        bundle.setRequiresAuthentication( true );
+
+        if ( getRepoId() != null )
+        {
+            // TODO: not right. We only care about this permission on managed repositories. Otherwise, it's configuration
+            bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY, getRepoId() );
+        }
+        else
+        {
+            bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION, Resource.GLOBAL );
+        }
+
+        return bundle;
+    }
 }
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/RunRepositoryTaskAction.java
+++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/RunRepositoryTaskAction.java
@ -18,7 +18,12 @@ package org.apache.maven.archiva.web.action.admin;

 import org.apache.maven.archiva.scheduler.RepositoryTaskScheduler;
 import org.apache.maven.archiva.scheduler.TaskExecutionException;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
 import org.codehaus.plexus.xwork.action.PlexusActionSupport;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.rbac.Resource;

 /**
 * Configures the application.
@ -27,6 +32,7 @@ import org.codehaus.plexus.xwork.action.PlexusActionSupport;
 */
 public class RunRepositoryTaskAction
    extends PlexusActionSupport
+    implements SecureAction
 {
    /**
     * @plexus.requirement
@ -40,4 +46,15 @@ public class RunRepositoryTaskAction

        return SUCCESS;
    }
+
+    public SecureActionBundle getSecureActionBundle()
+        throws SecureActionException
+    {
+        SecureActionBundle bundle = new SecureActionBundle();
+
+        bundle.setRequiresAuthentication( true );
+        bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_RUN_INDEXER, Resource.GLOBAL );
+
+        return bundle;
+    }
 }