Apache
/
archiva
mirror of https://github.com/apache/archiva.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[MRM-1316] restrict audit log report to repositories that you are a manager of 

git-svn-id: https://svn.apache.org/repos/asf/archiva/branches/MRM-1025@900696 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Brett Porter 2010-01-19 08:15:44 +00:00
parent 06a035aacd
commit 70fc5323d6
4 changed files with 52 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/reports/ViewAuditLogReportAction.java
View File

@ -21,12 +21,13 @@ package org.apache.maven.archiva.web.action.reports;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import com.opensymphony.xwork2.Preparable;
import org.apache.archiva.audit.AuditManager;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.time.DateUtils;
@ -41,8 +42,6 @@ import org.codehaus.redback.integration.interceptor.SecureAction;
import org.codehaus.redback.integration.interceptor.SecureActionBundle;
import org.codehaus.redback.integration.interceptor.SecureActionException;
import com.opensymphony.xwork2.Preparable;
/**
* @plexus.component role="com.opensymphony.xwork2.Action" role-hint="viewAuditLogReport"
* instantiation-strategy="per-lookup"
@ -106,7 +105,13 @@ public class ViewAuditLogReportAction
public SecureActionBundle getSecureActionBundle()
throws SecureActionException
{
return null;
SecureActionBundle bundle = new SecureActionBundle();
// TODO: should require this, but for now we trust in the list of repositories
// bundle.setRequiresAuthentication( true );
// bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_VIEW_AUDIT_LOG );
return bundle;
}
public void setServletRequest( HttpServletRequest request )
@ -120,7 +125,8 @@ public class ViewAuditLogReportAction
{
repositories = new ArrayList<String>();
repositories.add( ALL_REPOSITORIES );
repositories.addAll( getObservableRepositories() );
List<String> repos = getManagableRepositories();
repositories.addAll( repos );
auditLogs = null;
groupId = "";
@ -136,7 +142,7 @@ public class ViewAuditLogReportAction
headerName = HEADER_RESULTS;
}
auditLogs = auditManager.getMostRecentAuditEvents();
auditLogs = auditManager.getMostRecentAuditEvents( repos );
}
public String execute()
@ -177,9 +183,20 @@ public class ViewAuditLogReportAction
range[0] = ( page - 1 ) * rowCount;
range[1] = ( page * rowCount ) + 1;
String repo = repository.equals( ALL_REPOSITORIES ) ? null : repository;
Collection<String> repos = getManagableRepositories();
if ( !repository.equals( ALL_REPOSITORIES ) )
{
if ( repos.contains( repository ) )
{
repos = Collections.singletonList( repository );
}
else
{
repos = Collections.emptyList();
}
}
// TODO: query by artifact
auditLogs = auditManager.getAuditEventsInRange( repo, startDateInDF, endDateInDF );
auditLogs = auditManager.getAuditEventsInRange( repos, startDateInDF, endDateInDF );
if( auditLogs.isEmpty() )
{
@ -223,11 +240,11 @@ public class ViewAuditLogReportAction
next = StringUtils.replace( next, " ", "%20" );
}
private List<String> getObservableRepositories()
private List<String> getManagableRepositories()
{
try
{
return userRepositories.getObservableRepositoryIds( getPrincipal() );
return userRepositories.getManagableRepositoryIds( getPrincipal() );
}
catch ( PrincipalNotFoundException e )
{

5
archiva-modules/plugins/audit/src/main/java/org/apache/archiva/audit/AuditManager.java
View File

@ -19,6 +19,7 @@ package org.apache.archiva.audit;
* under the License.
*/
import java.util.Collection;
import java.util.Date;
import java.util.List;
@ -26,11 +27,11 @@ import org.apache.maven.archiva.repository.audit.AuditEvent;
public interface AuditManager
{
List<AuditEvent> getMostRecentAuditEvents();
List<AuditEvent> getMostRecentAuditEvents( List<String> repositoryIds );
void addAuditEvent( AuditEvent event );
void deleteAuditEvents( String repositoryId );
List<AuditEvent> getAuditEventsInRange( String repositoryId, Date startTime, Date endTime );
List<AuditEvent> getAuditEventsInRange( Collection<String> repositoryIds, Date startTime, Date endTime );
}

9
archiva-modules/plugins/audit/src/main/java/org/apache/archiva/audit/DefaultAuditManager.java
View File

@ -48,11 +48,11 @@ public class DefaultAuditManager
private static final Logger log = LoggerFactory.getLogger( DefaultAuditManager.class );
public List<AuditEvent> getMostRecentAuditEvents()
public List<AuditEvent> getMostRecentAuditEvents( List<String> repositoryIds )
{
// TODO: consider a more efficient implementation that directly gets the last ten from the content repository
List<AuditRecord> records = new ArrayList<AuditRecord>();
for ( String repositoryId : metadataRepository.getRepositories() )
for ( String repositoryId : repositoryIds )
{
List<String> timestamps = metadataRepository.getMetadataFacets( repositoryId, AuditEvent.FACET_ID );
for ( String timestamp : timestamps )
@ -88,11 +88,8 @@ public class DefaultAuditManager
metadataRepository.removeMetadataFacets( repositoryId, AuditEvent.FACET_ID );
}
public List<AuditEvent> getAuditEventsInRange( String repoId, Date startTime, Date endTime )
public List<AuditEvent> getAuditEventsInRange( Collection<String> repositoryIds, Date startTime, Date endTime )
{
Collection<String> repositoryIds =
repoId != null ? Collections.singletonList( repoId ) : metadataRepository.getRepositories();
List<AuditEvent> results = new ArrayList<AuditEvent>();
for ( String repositoryId : repositoryIds )
{

51
archiva-modules/plugins/audit/src/test/java/org/apache/archiva/audit/AuditManagerTest.java
View File

@ -91,9 +91,6 @@ public class AuditManagerTest
public void testGetMostRecentEvents()
throws ParseException
{
metadataRepositoryControl.expectAndReturn( metadataRepository.getRepositories(),
Collections.singletonList( TEST_REPO_ID ) );
int numEvents = 11;
List<String> eventNames = new ArrayList<String>( numEvents );
for ( int i = 0; i < numEvents; i++ )
@ -113,7 +110,7 @@ public class AuditManagerTest
}
metadataRepositoryControl.replay();
List<AuditEvent> events = auditManager.getMostRecentAuditEvents();
List<AuditEvent> events = auditManager.getMostRecentAuditEvents( Collections.singletonList( TEST_REPO_ID ) );
assertNotNull( events );
assertEquals( numEvents - 1, events.size() );
int expectedTimestampCounter = numEvents - 1;
@ -149,8 +146,6 @@ public class AuditManagerTest
public void testGetMostRecentEventsLessThan10()
throws ParseException
{
metadataRepositoryControl.expectAndReturn( metadataRepository.getRepositories(),
Collections.singletonList( TEST_REPO_ID ) );
int numEvents = 5;
List<String> eventNames = new ArrayList<String>( numEvents );
for ( int i = 0; i < numEvents; i++ )
@ -170,7 +165,7 @@ public class AuditManagerTest
}
metadataRepositoryControl.replay();
List<AuditEvent> events = auditManager.getMostRecentAuditEvents();
List<AuditEvent> events = auditManager.getMostRecentAuditEvents( Collections.singletonList( TEST_REPO_ID ) );
assertNotNull( events );
assertEquals( numEvents, events.size() );
int expectedTimestampCounter = numEvents - 1;
@ -187,8 +182,6 @@ public class AuditManagerTest
public void testGetMostRecentEventsInterleavedRepositories()
throws ParseException
{
metadataRepositoryControl.expectAndReturn( metadataRepository.getRepositories(),
Arrays.asList( TEST_REPO_ID, TEST_REPO_ID_2 ) );
int numEvents = 11;
Map<String, List<String>> eventNames = new LinkedHashMap<String, List<String>>();
List<AuditEvent> events = new ArrayList<AuditEvent>();
@ -216,7 +209,7 @@ public class AuditManagerTest
}
metadataRepositoryControl.replay();
events = auditManager.getMostRecentAuditEvents();
events = auditManager.getMostRecentAuditEvents( Arrays.asList( TEST_REPO_ID, TEST_REPO_ID_2 ) );
assertNotNull( events );
assertEquals( numEvents - 1, events.size() );
int expectedTimestampCounter = numEvents - 1;
@ -248,14 +241,11 @@ public class AuditManagerTest
public void testGetMostRecentEventsWhenEmpty()
{
metadataRepositoryControl.expectAndReturn( metadataRepository.getRepositories(),
Collections.singletonList( TEST_REPO_ID ) );
metadataRepositoryControl.expectAndReturn(
metadataRepository.getMetadataFacets( TEST_REPO_ID, AuditEvent.FACET_ID ), Collections.emptyList() );
metadataRepositoryControl.replay();
assertTrue( auditManager.getMostRecentAuditEvents().isEmpty() );
assertTrue( auditManager.getMostRecentAuditEvents( Collections.singletonList( TEST_REPO_ID ) ).isEmpty() );
metadataRepositoryControl.verify();
}
@ -322,9 +312,9 @@ public class AuditManagerTest
metadataRepositoryControl.replay();
List<AuditEvent> events =
auditManager.getAuditEventsInRange( TEST_REPO_ID, new Date( current.getTime() - 4000 ),
new Date( current.getTime() - 2000 ) );
List<AuditEvent> events = auditManager.getAuditEventsInRange( Collections.singletonList( TEST_REPO_ID ),
new Date( current.getTime() - 4000 ),
new Date( current.getTime() - 2000 ) );
assertEquals( 1, events.size() );
assertEvent( events.get( 0 ), name2, expectedEvent.getResource() );
@ -355,8 +345,8 @@ public class AuditManagerTest
metadataRepositoryControl.replay();
List<AuditEvent> events =
auditManager.getAuditEventsInRange( TEST_REPO_ID, new Date( current.getTime() - 4000 ), current );
List<AuditEvent> events = auditManager.getAuditEventsInRange( Collections.singletonList( TEST_REPO_ID ),
new Date( current.getTime() - 4000 ), current );
assertEquals( 2, events.size() );
assertEvent( events.get( 0 ), name3, expectedEvent3.getResource() );
@ -388,9 +378,9 @@ public class AuditManagerTest
metadataRepositoryControl.replay();
List<AuditEvent> events =
auditManager.getAuditEventsInRange( TEST_REPO_ID, new Date( current.getTime() - 20000 ),
new Date( current.getTime() - 2000 ) );
List<AuditEvent> events = auditManager.getAuditEventsInRange( Collections.singletonList( TEST_REPO_ID ),
new Date( current.getTime() - 20000 ),
new Date( current.getTime() - 2000 ) );
assertEquals( 2, events.size() );
assertEvent( events.get( 0 ), name2, expectedEvent2.getResource() );
@ -425,8 +415,8 @@ public class AuditManagerTest
metadataRepositoryControl.replay();
List<AuditEvent> events =
auditManager.getAuditEventsInRange( TEST_REPO_ID, new Date( current.getTime() - 20000 ), current );
List<AuditEvent> events = auditManager.getAuditEventsInRange( Collections.singletonList( TEST_REPO_ID ),
new Date( current.getTime() - 20000 ), current );
assertEquals( 3, events.size() );
assertEvent( events.get( 0 ), name3, expectedEvent3.getResource() );
@ -439,9 +429,6 @@ public class AuditManagerTest
public void testGetEventsRangeMultipleRepositories()
throws ParseException
{
metadataRepositoryControl.expectAndReturn( metadataRepository.getRepositories(),
Arrays.asList( TEST_REPO_ID, TEST_REPO_ID_2 ) );
Date current = new Date();
String name1 = TIMESTAMP_FORMAT.format( new Date( current.getTime() - 12345 ) );
@ -466,8 +453,8 @@ public class AuditManagerTest
metadataRepositoryControl.replay();
List<AuditEvent> events =
auditManager.getAuditEventsInRange( null, new Date( current.getTime() - 20000 ), current );
List<AuditEvent> events = auditManager.getAuditEventsInRange( Arrays.asList( TEST_REPO_ID, TEST_REPO_ID_2 ),
new Date( current.getTime() - 20000 ), current );
assertEquals( 3, events.size() );
assertEvent( events.get( 0 ), name3, expectedEvent3.getResource() );
@ -496,9 +483,9 @@ public class AuditManagerTest
metadataRepositoryControl.replay();
List<AuditEvent> events =
auditManager.getAuditEventsInRange( TEST_REPO_ID, new Date( current.getTime() - 20000 ),
new Date( current.getTime() - 16000 ) );
List<AuditEvent> events = auditManager.getAuditEventsInRange( Collections.singletonList( TEST_REPO_ID ),
new Date( current.getTime() - 20000 ),
new Date( current.getTime() - 16000 ) );
assertEquals( 0, events.size() );