diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java index 89214537a..b86eaefb7 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java @@ -27,6 +27,7 @@ import org.apache.maven.archiva.configuration.InvalidConfigurationException; import org.apache.maven.archiva.security.ArchivaRoleConstants; import org.codehaus.plexus.xwork.action.PlexusActionSupport; import org.codehaus.plexus.security.rbac.RbacManagerException; +import org.codehaus.plexus.security.rbac.Resource; import org.codehaus.plexus.security.ui.web.interceptor.SecureAction; import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle; import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException; @@ -171,12 +172,18 @@ public abstract class AbstractConfigureRepositoryAction { SecureActionBundle bundle = new SecureActionBundle(); + bundle.setRequiresAuthentication( true ); + if ( getRepoId() != null ) { - bundle.setRequiresAuthentication( true ); - // TODO: this is not right. It needs to change based on method + // TODO: this is not right. It needs to change based on method. But is this really the right way to restrict this area? + // TODO: not right. We only care about this permission on managed repositories. Otherwise, it's configuration bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY, getRepoId() ); } + else + { + bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION, Resource.GLOBAL ); + } return bundle; } diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractDeleteRepositoryAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractDeleteRepositoryAction.java index 83f92ed7e..a93f4dcae 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractDeleteRepositoryAction.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractDeleteRepositoryAction.java @@ -22,7 +22,12 @@ import org.apache.maven.archiva.configuration.ConfigurationChangeException; import org.apache.maven.archiva.configuration.ConfigurationStore; import org.apache.maven.archiva.configuration.ConfigurationStoreException; import org.apache.maven.archiva.configuration.InvalidConfigurationException; +import org.apache.maven.archiva.security.ArchivaRoleConstants; import org.codehaus.plexus.xwork.action.PlexusActionSupport; +import org.codehaus.plexus.security.ui.web.interceptor.SecureAction; +import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle; +import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException; +import org.codehaus.plexus.security.rbac.Resource; import java.io.IOException; @@ -33,6 +38,7 @@ import java.io.IOException; */ public abstract class AbstractDeleteRepositoryAction extends PlexusActionSupport + implements SecureAction { /** * @plexus.requirement @@ -112,4 +118,24 @@ public abstract class AbstractDeleteRepositoryAction { this.operation = operation; } + + public SecureActionBundle getSecureActionBundle() + throws SecureActionException + { + SecureActionBundle bundle = new SecureActionBundle(); + + bundle.setRequiresAuthentication( true ); + + if ( getRepoId() != null ) + { + // TODO: not right. We only care about this permission on managed repositories. Otherwise, it's configuration + bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY, getRepoId() ); + } + else + { + bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION, Resource.GLOBAL ); + } + + return bundle; + } } diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/RunRepositoryTaskAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/RunRepositoryTaskAction.java index 23ad9b0db..8da33970d 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/RunRepositoryTaskAction.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/RunRepositoryTaskAction.java @@ -18,7 +18,12 @@ package org.apache.maven.archiva.web.action.admin; import org.apache.maven.archiva.scheduler.RepositoryTaskScheduler; import org.apache.maven.archiva.scheduler.TaskExecutionException; +import org.apache.maven.archiva.security.ArchivaRoleConstants; import org.codehaus.plexus.xwork.action.PlexusActionSupport; +import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle; +import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException; +import org.codehaus.plexus.security.ui.web.interceptor.SecureAction; +import org.codehaus.plexus.security.rbac.Resource; /** * Configures the application. @@ -27,6 +32,7 @@ import org.codehaus.plexus.xwork.action.PlexusActionSupport; */ public class RunRepositoryTaskAction extends PlexusActionSupport + implements SecureAction { /** * @plexus.requirement @@ -40,4 +46,15 @@ public class RunRepositoryTaskAction return SUCCESS; } + + public SecureActionBundle getSecureActionBundle() + throws SecureActionException + { + SecureActionBundle bundle = new SecureActionBundle(); + + bundle.setRequiresAuthentication( true ); + bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_RUN_INDEXER, Resource.GLOBAL ); + + return bundle; + } }