mirror of https://github.com/apache/archiva.git
[MRM-1316] restrict audit log report to repositories that you are a manager of
git-svn-id: https://svn.apache.org/repos/asf/archiva/branches/MRM-1025@900696 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
06a035aacd
commit
70fc5323d6
|
@ -21,12 +21,13 @@ package org.apache.maven.archiva.web.action.reports;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Calendar;
|
import java.util.Calendar;
|
||||||
|
import java.util.Collection;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
|
||||||
|
import com.opensymphony.xwork2.Preparable;
|
||||||
import org.apache.archiva.audit.AuditManager;
|
import org.apache.archiva.audit.AuditManager;
|
||||||
import org.apache.commons.lang.StringUtils;
|
import org.apache.commons.lang.StringUtils;
|
||||||
import org.apache.commons.lang.time.DateUtils;
|
import org.apache.commons.lang.time.DateUtils;
|
||||||
|
@ -41,8 +42,6 @@ import org.codehaus.redback.integration.interceptor.SecureAction;
|
||||||
import org.codehaus.redback.integration.interceptor.SecureActionBundle;
|
import org.codehaus.redback.integration.interceptor.SecureActionBundle;
|
||||||
import org.codehaus.redback.integration.interceptor.SecureActionException;
|
import org.codehaus.redback.integration.interceptor.SecureActionException;
|
||||||
|
|
||||||
import com.opensymphony.xwork2.Preparable;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @plexus.component role="com.opensymphony.xwork2.Action" role-hint="viewAuditLogReport"
|
* @plexus.component role="com.opensymphony.xwork2.Action" role-hint="viewAuditLogReport"
|
||||||
* instantiation-strategy="per-lookup"
|
* instantiation-strategy="per-lookup"
|
||||||
|
@ -106,7 +105,13 @@ public class ViewAuditLogReportAction
|
||||||
public SecureActionBundle getSecureActionBundle()
|
public SecureActionBundle getSecureActionBundle()
|
||||||
throws SecureActionException
|
throws SecureActionException
|
||||||
{
|
{
|
||||||
return null;
|
SecureActionBundle bundle = new SecureActionBundle();
|
||||||
|
|
||||||
|
// TODO: should require this, but for now we trust in the list of repositories
|
||||||
|
// bundle.setRequiresAuthentication( true );
|
||||||
|
// bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_VIEW_AUDIT_LOG );
|
||||||
|
|
||||||
|
return bundle;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setServletRequest( HttpServletRequest request )
|
public void setServletRequest( HttpServletRequest request )
|
||||||
|
@ -120,7 +125,8 @@ public class ViewAuditLogReportAction
|
||||||
{
|
{
|
||||||
repositories = new ArrayList<String>();
|
repositories = new ArrayList<String>();
|
||||||
repositories.add( ALL_REPOSITORIES );
|
repositories.add( ALL_REPOSITORIES );
|
||||||
repositories.addAll( getObservableRepositories() );
|
List<String> repos = getManagableRepositories();
|
||||||
|
repositories.addAll( repos );
|
||||||
|
|
||||||
auditLogs = null;
|
auditLogs = null;
|
||||||
groupId = "";
|
groupId = "";
|
||||||
|
@ -136,7 +142,7 @@ public class ViewAuditLogReportAction
|
||||||
headerName = HEADER_RESULTS;
|
headerName = HEADER_RESULTS;
|
||||||
}
|
}
|
||||||
|
|
||||||
auditLogs = auditManager.getMostRecentAuditEvents();
|
auditLogs = auditManager.getMostRecentAuditEvents( repos );
|
||||||
}
|
}
|
||||||
|
|
||||||
public String execute()
|
public String execute()
|
||||||
|
@ -177,9 +183,20 @@ public class ViewAuditLogReportAction
|
||||||
range[0] = ( page - 1 ) * rowCount;
|
range[0] = ( page - 1 ) * rowCount;
|
||||||
range[1] = ( page * rowCount ) + 1;
|
range[1] = ( page * rowCount ) + 1;
|
||||||
|
|
||||||
String repo = repository.equals( ALL_REPOSITORIES ) ? null : repository;
|
Collection<String> repos = getManagableRepositories();
|
||||||
|
if ( !repository.equals( ALL_REPOSITORIES ) )
|
||||||
|
{
|
||||||
|
if ( repos.contains( repository ) )
|
||||||
|
{
|
||||||
|
repos = Collections.singletonList( repository );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
repos = Collections.emptyList();
|
||||||
|
}
|
||||||
|
}
|
||||||
// TODO: query by artifact
|
// TODO: query by artifact
|
||||||
auditLogs = auditManager.getAuditEventsInRange( repo, startDateInDF, endDateInDF );
|
auditLogs = auditManager.getAuditEventsInRange( repos, startDateInDF, endDateInDF );
|
||||||
|
|
||||||
if( auditLogs.isEmpty() )
|
if( auditLogs.isEmpty() )
|
||||||
{
|
{
|
||||||
|
@ -223,11 +240,11 @@ public class ViewAuditLogReportAction
|
||||||
next = StringUtils.replace( next, " ", "%20" );
|
next = StringUtils.replace( next, " ", "%20" );
|
||||||
}
|
}
|
||||||
|
|
||||||
private List<String> getObservableRepositories()
|
private List<String> getManagableRepositories()
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
return userRepositories.getObservableRepositoryIds( getPrincipal() );
|
return userRepositories.getManagableRepositoryIds( getPrincipal() );
|
||||||
}
|
}
|
||||||
catch ( PrincipalNotFoundException e )
|
catch ( PrincipalNotFoundException e )
|
||||||
{
|
{
|
||||||
|
|
|
@ -19,6 +19,7 @@ package org.apache.archiva.audit;
|
||||||
* under the License.
|
* under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
import java.util.Collection;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
|
@ -26,11 +27,11 @@ import org.apache.maven.archiva.repository.audit.AuditEvent;
|
||||||
|
|
||||||
public interface AuditManager
|
public interface AuditManager
|
||||||
{
|
{
|
||||||
List<AuditEvent> getMostRecentAuditEvents();
|
List<AuditEvent> getMostRecentAuditEvents( List<String> repositoryIds );
|
||||||
|
|
||||||
void addAuditEvent( AuditEvent event );
|
void addAuditEvent( AuditEvent event );
|
||||||
|
|
||||||
void deleteAuditEvents( String repositoryId );
|
void deleteAuditEvents( String repositoryId );
|
||||||
|
|
||||||
List<AuditEvent> getAuditEventsInRange( String repositoryId, Date startTime, Date endTime );
|
List<AuditEvent> getAuditEventsInRange( Collection<String> repositoryIds, Date startTime, Date endTime );
|
||||||
}
|
}
|
|
@ -48,11 +48,11 @@ public class DefaultAuditManager
|
||||||
|
|
||||||
private static final Logger log = LoggerFactory.getLogger( DefaultAuditManager.class );
|
private static final Logger log = LoggerFactory.getLogger( DefaultAuditManager.class );
|
||||||
|
|
||||||
public List<AuditEvent> getMostRecentAuditEvents()
|
public List<AuditEvent> getMostRecentAuditEvents( List<String> repositoryIds )
|
||||||
{
|
{
|
||||||
// TODO: consider a more efficient implementation that directly gets the last ten from the content repository
|
// TODO: consider a more efficient implementation that directly gets the last ten from the content repository
|
||||||
List<AuditRecord> records = new ArrayList<AuditRecord>();
|
List<AuditRecord> records = new ArrayList<AuditRecord>();
|
||||||
for ( String repositoryId : metadataRepository.getRepositories() )
|
for ( String repositoryId : repositoryIds )
|
||||||
{
|
{
|
||||||
List<String> timestamps = metadataRepository.getMetadataFacets( repositoryId, AuditEvent.FACET_ID );
|
List<String> timestamps = metadataRepository.getMetadataFacets( repositoryId, AuditEvent.FACET_ID );
|
||||||
for ( String timestamp : timestamps )
|
for ( String timestamp : timestamps )
|
||||||
|
@ -88,11 +88,8 @@ public class DefaultAuditManager
|
||||||
metadataRepository.removeMetadataFacets( repositoryId, AuditEvent.FACET_ID );
|
metadataRepository.removeMetadataFacets( repositoryId, AuditEvent.FACET_ID );
|
||||||
}
|
}
|
||||||
|
|
||||||
public List<AuditEvent> getAuditEventsInRange( String repoId, Date startTime, Date endTime )
|
public List<AuditEvent> getAuditEventsInRange( Collection<String> repositoryIds, Date startTime, Date endTime )
|
||||||
{
|
{
|
||||||
Collection<String> repositoryIds =
|
|
||||||
repoId != null ? Collections.singletonList( repoId ) : metadataRepository.getRepositories();
|
|
||||||
|
|
||||||
List<AuditEvent> results = new ArrayList<AuditEvent>();
|
List<AuditEvent> results = new ArrayList<AuditEvent>();
|
||||||
for ( String repositoryId : repositoryIds )
|
for ( String repositoryId : repositoryIds )
|
||||||
{
|
{
|
||||||
|
|
|
@ -91,9 +91,6 @@ public class AuditManagerTest
|
||||||
public void testGetMostRecentEvents()
|
public void testGetMostRecentEvents()
|
||||||
throws ParseException
|
throws ParseException
|
||||||
{
|
{
|
||||||
metadataRepositoryControl.expectAndReturn( metadataRepository.getRepositories(),
|
|
||||||
Collections.singletonList( TEST_REPO_ID ) );
|
|
||||||
|
|
||||||
int numEvents = 11;
|
int numEvents = 11;
|
||||||
List<String> eventNames = new ArrayList<String>( numEvents );
|
List<String> eventNames = new ArrayList<String>( numEvents );
|
||||||
for ( int i = 0; i < numEvents; i++ )
|
for ( int i = 0; i < numEvents; i++ )
|
||||||
|
@ -113,7 +110,7 @@ public class AuditManagerTest
|
||||||
}
|
}
|
||||||
metadataRepositoryControl.replay();
|
metadataRepositoryControl.replay();
|
||||||
|
|
||||||
List<AuditEvent> events = auditManager.getMostRecentAuditEvents();
|
List<AuditEvent> events = auditManager.getMostRecentAuditEvents( Collections.singletonList( TEST_REPO_ID ) );
|
||||||
assertNotNull( events );
|
assertNotNull( events );
|
||||||
assertEquals( numEvents - 1, events.size() );
|
assertEquals( numEvents - 1, events.size() );
|
||||||
int expectedTimestampCounter = numEvents - 1;
|
int expectedTimestampCounter = numEvents - 1;
|
||||||
|
@ -149,8 +146,6 @@ public class AuditManagerTest
|
||||||
public void testGetMostRecentEventsLessThan10()
|
public void testGetMostRecentEventsLessThan10()
|
||||||
throws ParseException
|
throws ParseException
|
||||||
{
|
{
|
||||||
metadataRepositoryControl.expectAndReturn( metadataRepository.getRepositories(),
|
|
||||||
Collections.singletonList( TEST_REPO_ID ) );
|
|
||||||
int numEvents = 5;
|
int numEvents = 5;
|
||||||
List<String> eventNames = new ArrayList<String>( numEvents );
|
List<String> eventNames = new ArrayList<String>( numEvents );
|
||||||
for ( int i = 0; i < numEvents; i++ )
|
for ( int i = 0; i < numEvents; i++ )
|
||||||
|
@ -170,7 +165,7 @@ public class AuditManagerTest
|
||||||
}
|
}
|
||||||
metadataRepositoryControl.replay();
|
metadataRepositoryControl.replay();
|
||||||
|
|
||||||
List<AuditEvent> events = auditManager.getMostRecentAuditEvents();
|
List<AuditEvent> events = auditManager.getMostRecentAuditEvents( Collections.singletonList( TEST_REPO_ID ) );
|
||||||
assertNotNull( events );
|
assertNotNull( events );
|
||||||
assertEquals( numEvents, events.size() );
|
assertEquals( numEvents, events.size() );
|
||||||
int expectedTimestampCounter = numEvents - 1;
|
int expectedTimestampCounter = numEvents - 1;
|
||||||
|
@ -187,8 +182,6 @@ public class AuditManagerTest
|
||||||
public void testGetMostRecentEventsInterleavedRepositories()
|
public void testGetMostRecentEventsInterleavedRepositories()
|
||||||
throws ParseException
|
throws ParseException
|
||||||
{
|
{
|
||||||
metadataRepositoryControl.expectAndReturn( metadataRepository.getRepositories(),
|
|
||||||
Arrays.asList( TEST_REPO_ID, TEST_REPO_ID_2 ) );
|
|
||||||
int numEvents = 11;
|
int numEvents = 11;
|
||||||
Map<String, List<String>> eventNames = new LinkedHashMap<String, List<String>>();
|
Map<String, List<String>> eventNames = new LinkedHashMap<String, List<String>>();
|
||||||
List<AuditEvent> events = new ArrayList<AuditEvent>();
|
List<AuditEvent> events = new ArrayList<AuditEvent>();
|
||||||
|
@ -216,7 +209,7 @@ public class AuditManagerTest
|
||||||
}
|
}
|
||||||
metadataRepositoryControl.replay();
|
metadataRepositoryControl.replay();
|
||||||
|
|
||||||
events = auditManager.getMostRecentAuditEvents();
|
events = auditManager.getMostRecentAuditEvents( Arrays.asList( TEST_REPO_ID, TEST_REPO_ID_2 ) );
|
||||||
assertNotNull( events );
|
assertNotNull( events );
|
||||||
assertEquals( numEvents - 1, events.size() );
|
assertEquals( numEvents - 1, events.size() );
|
||||||
int expectedTimestampCounter = numEvents - 1;
|
int expectedTimestampCounter = numEvents - 1;
|
||||||
|
@ -248,14 +241,11 @@ public class AuditManagerTest
|
||||||
|
|
||||||
public void testGetMostRecentEventsWhenEmpty()
|
public void testGetMostRecentEventsWhenEmpty()
|
||||||
{
|
{
|
||||||
metadataRepositoryControl.expectAndReturn( metadataRepository.getRepositories(),
|
|
||||||
Collections.singletonList( TEST_REPO_ID ) );
|
|
||||||
|
|
||||||
metadataRepositoryControl.expectAndReturn(
|
metadataRepositoryControl.expectAndReturn(
|
||||||
metadataRepository.getMetadataFacets( TEST_REPO_ID, AuditEvent.FACET_ID ), Collections.emptyList() );
|
metadataRepository.getMetadataFacets( TEST_REPO_ID, AuditEvent.FACET_ID ), Collections.emptyList() );
|
||||||
metadataRepositoryControl.replay();
|
metadataRepositoryControl.replay();
|
||||||
|
|
||||||
assertTrue( auditManager.getMostRecentAuditEvents().isEmpty() );
|
assertTrue( auditManager.getMostRecentAuditEvents( Collections.singletonList( TEST_REPO_ID ) ).isEmpty() );
|
||||||
|
|
||||||
metadataRepositoryControl.verify();
|
metadataRepositoryControl.verify();
|
||||||
}
|
}
|
||||||
|
@ -322,8 +312,8 @@ public class AuditManagerTest
|
||||||
|
|
||||||
metadataRepositoryControl.replay();
|
metadataRepositoryControl.replay();
|
||||||
|
|
||||||
List<AuditEvent> events =
|
List<AuditEvent> events = auditManager.getAuditEventsInRange( Collections.singletonList( TEST_REPO_ID ),
|
||||||
auditManager.getAuditEventsInRange( TEST_REPO_ID, new Date( current.getTime() - 4000 ),
|
new Date( current.getTime() - 4000 ),
|
||||||
new Date( current.getTime() - 2000 ) );
|
new Date( current.getTime() - 2000 ) );
|
||||||
|
|
||||||
assertEquals( 1, events.size() );
|
assertEquals( 1, events.size() );
|
||||||
|
@ -355,8 +345,8 @@ public class AuditManagerTest
|
||||||
|
|
||||||
metadataRepositoryControl.replay();
|
metadataRepositoryControl.replay();
|
||||||
|
|
||||||
List<AuditEvent> events =
|
List<AuditEvent> events = auditManager.getAuditEventsInRange( Collections.singletonList( TEST_REPO_ID ),
|
||||||
auditManager.getAuditEventsInRange( TEST_REPO_ID, new Date( current.getTime() - 4000 ), current );
|
new Date( current.getTime() - 4000 ), current );
|
||||||
|
|
||||||
assertEquals( 2, events.size() );
|
assertEquals( 2, events.size() );
|
||||||
assertEvent( events.get( 0 ), name3, expectedEvent3.getResource() );
|
assertEvent( events.get( 0 ), name3, expectedEvent3.getResource() );
|
||||||
|
@ -388,8 +378,8 @@ public class AuditManagerTest
|
||||||
|
|
||||||
metadataRepositoryControl.replay();
|
metadataRepositoryControl.replay();
|
||||||
|
|
||||||
List<AuditEvent> events =
|
List<AuditEvent> events = auditManager.getAuditEventsInRange( Collections.singletonList( TEST_REPO_ID ),
|
||||||
auditManager.getAuditEventsInRange( TEST_REPO_ID, new Date( current.getTime() - 20000 ),
|
new Date( current.getTime() - 20000 ),
|
||||||
new Date( current.getTime() - 2000 ) );
|
new Date( current.getTime() - 2000 ) );
|
||||||
|
|
||||||
assertEquals( 2, events.size() );
|
assertEquals( 2, events.size() );
|
||||||
|
@ -425,8 +415,8 @@ public class AuditManagerTest
|
||||||
|
|
||||||
metadataRepositoryControl.replay();
|
metadataRepositoryControl.replay();
|
||||||
|
|
||||||
List<AuditEvent> events =
|
List<AuditEvent> events = auditManager.getAuditEventsInRange( Collections.singletonList( TEST_REPO_ID ),
|
||||||
auditManager.getAuditEventsInRange( TEST_REPO_ID, new Date( current.getTime() - 20000 ), current );
|
new Date( current.getTime() - 20000 ), current );
|
||||||
|
|
||||||
assertEquals( 3, events.size() );
|
assertEquals( 3, events.size() );
|
||||||
assertEvent( events.get( 0 ), name3, expectedEvent3.getResource() );
|
assertEvent( events.get( 0 ), name3, expectedEvent3.getResource() );
|
||||||
|
@ -439,9 +429,6 @@ public class AuditManagerTest
|
||||||
public void testGetEventsRangeMultipleRepositories()
|
public void testGetEventsRangeMultipleRepositories()
|
||||||
throws ParseException
|
throws ParseException
|
||||||
{
|
{
|
||||||
metadataRepositoryControl.expectAndReturn( metadataRepository.getRepositories(),
|
|
||||||
Arrays.asList( TEST_REPO_ID, TEST_REPO_ID_2 ) );
|
|
||||||
|
|
||||||
Date current = new Date();
|
Date current = new Date();
|
||||||
|
|
||||||
String name1 = TIMESTAMP_FORMAT.format( new Date( current.getTime() - 12345 ) );
|
String name1 = TIMESTAMP_FORMAT.format( new Date( current.getTime() - 12345 ) );
|
||||||
|
@ -466,8 +453,8 @@ public class AuditManagerTest
|
||||||
|
|
||||||
metadataRepositoryControl.replay();
|
metadataRepositoryControl.replay();
|
||||||
|
|
||||||
List<AuditEvent> events =
|
List<AuditEvent> events = auditManager.getAuditEventsInRange( Arrays.asList( TEST_REPO_ID, TEST_REPO_ID_2 ),
|
||||||
auditManager.getAuditEventsInRange( null, new Date( current.getTime() - 20000 ), current );
|
new Date( current.getTime() - 20000 ), current );
|
||||||
|
|
||||||
assertEquals( 3, events.size() );
|
assertEquals( 3, events.size() );
|
||||||
assertEvent( events.get( 0 ), name3, expectedEvent3.getResource() );
|
assertEvent( events.get( 0 ), name3, expectedEvent3.getResource() );
|
||||||
|
@ -496,8 +483,8 @@ public class AuditManagerTest
|
||||||
|
|
||||||
metadataRepositoryControl.replay();
|
metadataRepositoryControl.replay();
|
||||||
|
|
||||||
List<AuditEvent> events =
|
List<AuditEvent> events = auditManager.getAuditEventsInRange( Collections.singletonList( TEST_REPO_ID ),
|
||||||
auditManager.getAuditEventsInRange( TEST_REPO_ID, new Date( current.getTime() - 20000 ),
|
new Date( current.getTime() - 20000 ),
|
||||||
new Date( current.getTime() - 16000 ) );
|
new Date( current.getTime() - 16000 ) );
|
||||||
|
|
||||||
assertEquals( 0, events.size() );
|
assertEquals( 0, events.size() );
|
||||||
|
|
Loading…
Reference in New Issue