add security

git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@450867 13f79535-47bb-0310-9956-ffa450edef68

archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java

@@ -27,6 +27,7 @@ import org.apache.maven.archiva.configuration.InvalidConfigurationException;
 import org.apache.maven.archiva.security.ArchivaRoleConstants;
 import org.codehaus.plexus.xwork.action.PlexusActionSupport;
 import org.codehaus.plexus.security.rbac.RbacManagerException;
+import org.codehaus.plexus.security.rbac.Resource;
 import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
 import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
 import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
@@ -171,12 +172,18 @@ public abstract class AbstractConfigureRepositoryAction
     {
         SecureActionBundle bundle = new SecureActionBundle();
 
+        bundle.setRequiresAuthentication( true );
+
         if ( getRepoId() != null )
         {
-            bundle.setRequiresAuthentication( true );
+            // TODO: this is not right. It needs to change based on method. But is this really the right way to restrict this area?
-            // TODO: this is not right. It needs to change based on method
+            // TODO: not right. We only care about this permission on managed repositories. Otherwise, it's configuration
             bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY, getRepoId() );
         }
+        else
+        {
+            bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION, Resource.GLOBAL );
+        }
 
         return bundle;
     }

archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractDeleteRepositoryAction.java

@@ -22,7 +22,12 @@ import org.apache.maven.archiva.configuration.ConfigurationChangeException;
 import org.apache.maven.archiva.configuration.ConfigurationStore;
 import org.apache.maven.archiva.configuration.ConfigurationStoreException;
 import org.apache.maven.archiva.configuration.InvalidConfigurationException;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
 import org.codehaus.plexus.xwork.action.PlexusActionSupport;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
+import org.codehaus.plexus.security.rbac.Resource;
 
 import java.io.IOException;
 
@@ -33,6 +38,7 @@ import java.io.IOException;
  */
 public abstract class AbstractDeleteRepositoryAction
     extends PlexusActionSupport
+    implements SecureAction
 {
     /**
      * @plexus.requirement
@@ -112,4 +118,24 @@ public abstract class AbstractDeleteRepositoryAction
     {
         this.operation = operation;
     }
+    
+    public SecureActionBundle getSecureActionBundle()
+        throws SecureActionException
+    {
+        SecureActionBundle bundle = new SecureActionBundle();
+
+        bundle.setRequiresAuthentication( true );
+
+        if ( getRepoId() != null )
+        {
+            // TODO: not right. We only care about this permission on managed repositories. Otherwise, it's configuration
+            bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY, getRepoId() );
+        }
+        else
+        {
+            bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION, Resource.GLOBAL );
+        }
+
+        return bundle;
+    }
 }

archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/RunRepositoryTaskAction.java

@@ -18,7 +18,12 @@ package org.apache.maven.archiva.web.action.admin;
 
 import org.apache.maven.archiva.scheduler.RepositoryTaskScheduler;
 import org.apache.maven.archiva.scheduler.TaskExecutionException;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
 import org.codehaus.plexus.xwork.action.PlexusActionSupport;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.rbac.Resource;
 
 /**
  * Configures the application.
@@ -27,6 +32,7 @@ import org.codehaus.plexus.xwork.action.PlexusActionSupport;
  */
 public class RunRepositoryTaskAction
     extends PlexusActionSupport
+    implements SecureAction
 {
     /**
      * @plexus.requirement
@@ -40,4 +46,15 @@ public class RunRepositoryTaskAction
 
         return SUCCESS;
     }
+
+    public SecureActionBundle getSecureActionBundle()
+        throws SecureActionException
+    {
+        SecureActionBundle bundle = new SecureActionBundle();
+
+        bundle.setRequiresAuthentication( true );
+        bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_RUN_INDEXER, Resource.GLOBAL );
+
+        return bundle;
+    }
 }