Apache
/
archiva
mirror of https://github.com/apache/archiva.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[MRM-1316] restrict audit log report to repositories that you are a manager of 

git-svn-id: https://svn.apache.org/repos/asf/archiva/branches/MRM-1025@900696 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Brett Porter 2010-01-19 08:15:44 +00:00
parent 06a035aacd
commit 70fc5323d6
4 changed files with 52 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/reports/ViewAuditLogReportAction.java
View File

@ -21,12 +21,13 @@ package org.apache.maven.archiva.web.action.reports;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Calendar; import java.util.Calendar;
import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.Date; import java.util.Date;
import java.util.List; import java.util.List;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import com.opensymphony.xwork2.Preparable;
import org.apache.archiva.audit.AuditManager; import org.apache.archiva.audit.AuditManager;
import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.time.DateUtils; import org.apache.commons.lang.time.DateUtils;
@ -41,8 +42,6 @@ import org.codehaus.redback.integration.interceptor.SecureAction;
import org.codehaus.redback.integration.interceptor.SecureActionBundle; import org.codehaus.redback.integration.interceptor.SecureActionBundle;
import org.codehaus.redback.integration.interceptor.SecureActionException; import org.codehaus.redback.integration.interceptor.SecureActionException;
import com.opensymphony.xwork2.Preparable;
/** /**
* @plexus.component role="com.opensymphony.xwork2.Action" role-hint="viewAuditLogReport" * @plexus.component role="com.opensymphony.xwork2.Action" role-hint="viewAuditLogReport"
* instantiation-strategy="per-lookup" * instantiation-strategy="per-lookup"
@ -106,7 +105,13 @@ public class ViewAuditLogReportAction
public SecureActionBundle getSecureActionBundle() public SecureActionBundle getSecureActionBundle()
throws SecureActionException throws SecureActionException
{ {
return null; SecureActionBundle bundle = new SecureActionBundle();
// TODO: should require this, but for now we trust in the list of repositories
// bundle.setRequiresAuthentication( true );
// bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_VIEW_AUDIT_LOG );
return bundle;
} }
public void setServletRequest( HttpServletRequest request ) public void setServletRequest( HttpServletRequest request )
@ -120,7 +125,8 @@ public class ViewAuditLogReportAction
{ {
repositories = new ArrayList<String>(); repositories = new ArrayList<String>();
repositories.add( ALL_REPOSITORIES ); repositories.add( ALL_REPOSITORIES );
repositories.addAll( getObservableRepositories() ); List<String> repos = getManagableRepositories();
repositories.addAll( repos );
auditLogs = null; auditLogs = null;
groupId = ""; groupId = "";
@ -136,7 +142,7 @@ public class ViewAuditLogReportAction
headerName = HEADER_RESULTS; headerName = HEADER_RESULTS;
} }
auditLogs = auditManager.getMostRecentAuditEvents(); auditLogs = auditManager.getMostRecentAuditEvents( repos );
} }
public String execute() public String execute()
@ -177,9 +183,20 @@ public class ViewAuditLogReportAction
range[0] = ( page - 1 ) * rowCount; range[0] = ( page - 1 ) * rowCount;
range[1] = ( page * rowCount ) + 1; range[1] = ( page * rowCount ) + 1;
String repo = repository.equals( ALL_REPOSITORIES ) ? null : repository; Collection<String> repos = getManagableRepositories();
if ( !repository.equals( ALL_REPOSITORIES ) )
{
if ( repos.contains( repository ) )
{
repos = Collections.singletonList( repository );
}
else
{
repos = Collections.emptyList();
}
}
// TODO: query by artifact // TODO: query by artifact
auditLogs = auditManager.getAuditEventsInRange( repo, startDateInDF, endDateInDF ); auditLogs = auditManager.getAuditEventsInRange( repos, startDateInDF, endDateInDF );
if( auditLogs.isEmpty() ) if( auditLogs.isEmpty() )
{ {
@ -223,11 +240,11 @@ public class ViewAuditLogReportAction
next = StringUtils.replace( next, " ", "%20" ); next = StringUtils.replace( next, " ", "%20" );
} }
private List<String> getObservableRepositories() private List<String> getManagableRepositories()
{ {
try try
{ {
return userRepositories.getObservableRepositoryIds( getPrincipal() ); return userRepositories.getManagableRepositoryIds( getPrincipal() );
} }
catch ( PrincipalNotFoundException e ) catch ( PrincipalNotFoundException e )
{ {

5
archiva-modules/plugins/audit/src/main/java/org/apache/archiva/audit/AuditManager.java
View File

@ -19,6 +19,7 @@ package org.apache.archiva.audit;
* under the License. * under the License.
*/ */
import java.util.Collection;
import java.util.Date; import java.util.Date;
import java.util.List; import java.util.List;
@ -26,11 +27,11 @@ import org.apache.maven.archiva.repository.audit.AuditEvent;
public interface AuditManager public interface AuditManager
{ {
List<AuditEvent> getMostRecentAuditEvents(); List<AuditEvent> getMostRecentAuditEvents( List<String> repositoryIds );
void addAuditEvent( AuditEvent event ); void addAuditEvent( AuditEvent event );
void deleteAuditEvents( String repositoryId ); void deleteAuditEvents( String repositoryId );
List<AuditEvent> getAuditEventsInRange( String repositoryId, Date startTime, Date endTime ); List<AuditEvent> getAuditEventsInRange( Collection<String> repositoryIds, Date startTime, Date endTime );
} }

9
archiva-modules/plugins/audit/src/main/java/org/apache/archiva/audit/DefaultAuditManager.java
View File

@ -48,11 +48,11 @@ public class DefaultAuditManager
private static final Logger log = LoggerFactory.getLogger( DefaultAuditManager.class ); private static final Logger log = LoggerFactory.getLogger( DefaultAuditManager.class );
public List<AuditEvent> getMostRecentAuditEvents() public List<AuditEvent> getMostRecentAuditEvents( List<String> repositoryIds )
{ {
// TODO: consider a more efficient implementation that directly gets the last ten from the content repository // TODO: consider a more efficient implementation that directly gets the last ten from the content repository
List<AuditRecord> records = new ArrayList<AuditRecord>(); List<AuditRecord> records = new ArrayList<AuditRecord>();
for ( String repositoryId : metadataRepository.getRepositories() ) for ( String repositoryId : repositoryIds )
{ {
List<String> timestamps = metadataRepository.getMetadataFacets( repositoryId, AuditEvent.FACET_ID ); List<String> timestamps = metadataRepository.getMetadataFacets( repositoryId, AuditEvent.FACET_ID );
for ( String timestamp : timestamps ) for ( String timestamp : timestamps )
@ -88,11 +88,8 @@ public class DefaultAuditManager
metadataRepository.removeMetadataFacets( repositoryId, AuditEvent.FACET_ID ); metadataRepository.removeMetadataFacets( repositoryId, AuditEvent.FACET_ID );
} }
public List<AuditEvent> getAuditEventsInRange( String repoId, Date startTime, Date endTime ) public List<AuditEvent> getAuditEventsInRange( Collection<String> repositoryIds, Date startTime, Date endTime )
{ {
Collection<String> repositoryIds =
repoId != null ? Collections.singletonList( repoId ) : metadataRepository.getRepositories();
List<AuditEvent> results = new ArrayList<AuditEvent>(); List<AuditEvent> results = new ArrayList<AuditEvent>();
for ( String repositoryId : repositoryIds ) for ( String repositoryId : repositoryIds )
{ {

45
archiva-modules/plugins/audit/src/test/java/org/apache/archiva/audit/AuditManagerTest.java
View File

@ -91,9 +91,6 @@ public class AuditManagerTest
public void testGetMostRecentEvents() public void testGetMostRecentEvents()
throws ParseException throws ParseException
{ {
metadataRepositoryControl.expectAndReturn( metadataRepository.getRepositories(),
Collections.singletonList( TEST_REPO_ID ) );
int numEvents = 11; int numEvents = 11;
List<String> eventNames = new ArrayList<String>( numEvents ); List<String> eventNames = new ArrayList<String>( numEvents );
for ( int i = 0; i < numEvents; i++ ) for ( int i = 0; i < numEvents; i++ )
@ -113,7 +110,7 @@ public class AuditManagerTest
} }
metadataRepositoryControl.replay(); metadataRepositoryControl.replay();
List<AuditEvent> events = auditManager.getMostRecentAuditEvents(); List<AuditEvent> events = auditManager.getMostRecentAuditEvents( Collections.singletonList( TEST_REPO_ID ) );
assertNotNull( events ); assertNotNull( events );
assertEquals( numEvents - 1, events.size() ); assertEquals( numEvents - 1, events.size() );
int expectedTimestampCounter = numEvents - 1; int expectedTimestampCounter = numEvents - 1;
@ -149,8 +146,6 @@ public class AuditManagerTest
public void testGetMostRecentEventsLessThan10() public void testGetMostRecentEventsLessThan10()
throws ParseException throws ParseException
{ {
metadataRepositoryControl.expectAndReturn( metadataRepository.getRepositories(),
Collections.singletonList( TEST_REPO_ID ) );
int numEvents = 5; int numEvents = 5;
List<String> eventNames = new ArrayList<String>( numEvents ); List<String> eventNames = new ArrayList<String>( numEvents );
for ( int i = 0; i < numEvents; i++ ) for ( int i = 0; i < numEvents; i++ )
@ -170,7 +165,7 @@ public class AuditManagerTest
} }
metadataRepositoryControl.replay(); metadataRepositoryControl.replay();
List<AuditEvent> events = auditManager.getMostRecentAuditEvents(); List<AuditEvent> events = auditManager.getMostRecentAuditEvents( Collections.singletonList( TEST_REPO_ID ) );
assertNotNull( events ); assertNotNull( events );
assertEquals( numEvents, events.size() ); assertEquals( numEvents, events.size() );
int expectedTimestampCounter = numEvents - 1; int expectedTimestampCounter = numEvents - 1;
@ -187,8 +182,6 @@ public class AuditManagerTest
public void testGetMostRecentEventsInterleavedRepositories() public void testGetMostRecentEventsInterleavedRepositories()
throws ParseException throws ParseException
{ {
metadataRepositoryControl.expectAndReturn( metadataRepository.getRepositories(),
Arrays.asList( TEST_REPO_ID, TEST_REPO_ID_2 ) );
int numEvents = 11; int numEvents = 11;
Map<String, List<String>> eventNames = new LinkedHashMap<String, List<String>>(); Map<String, List<String>> eventNames = new LinkedHashMap<String, List<String>>();
List<AuditEvent> events = new ArrayList<AuditEvent>(); List<AuditEvent> events = new ArrayList<AuditEvent>();
@ -216,7 +209,7 @@ public class AuditManagerTest
} }
metadataRepositoryControl.replay(); metadataRepositoryControl.replay();
events = auditManager.getMostRecentAuditEvents(); events = auditManager.getMostRecentAuditEvents( Arrays.asList( TEST_REPO_ID, TEST_REPO_ID_2 ) );
assertNotNull( events ); assertNotNull( events );
assertEquals( numEvents - 1, events.size() ); assertEquals( numEvents - 1, events.size() );
int expectedTimestampCounter = numEvents - 1; int expectedTimestampCounter = numEvents - 1;
@ -248,14 +241,11 @@ public class AuditManagerTest
public void testGetMostRecentEventsWhenEmpty() public void testGetMostRecentEventsWhenEmpty()
{ {
metadataRepositoryControl.expectAndReturn( metadataRepository.getRepositories(),
Collections.singletonList( TEST_REPO_ID ) );
metadataRepositoryControl.expectAndReturn( metadataRepositoryControl.expectAndReturn(
metadataRepository.getMetadataFacets( TEST_REPO_ID, AuditEvent.FACET_ID ), Collections.emptyList() ); metadataRepository.getMetadataFacets( TEST_REPO_ID, AuditEvent.FACET_ID ), Collections.emptyList() );
metadataRepositoryControl.replay(); metadataRepositoryControl.replay();
assertTrue( auditManager.getMostRecentAuditEvents().isEmpty() ); assertTrue( auditManager.getMostRecentAuditEvents( Collections.singletonList( TEST_REPO_ID ) ).isEmpty() );
metadataRepositoryControl.verify(); metadataRepositoryControl.verify();
} }
@ -322,8 +312,8 @@ public class AuditManagerTest
metadataRepositoryControl.replay(); metadataRepositoryControl.replay();
List<AuditEvent> events = List<AuditEvent> events = auditManager.getAuditEventsInRange( Collections.singletonList( TEST_REPO_ID ),
auditManager.getAuditEventsInRange( TEST_REPO_ID, new Date( current.getTime() - 4000 ), new Date( current.getTime() - 4000 ),
new Date( current.getTime() - 2000 ) ); new Date( current.getTime() - 2000 ) );
assertEquals( 1, events.size() ); assertEquals( 1, events.size() );
@ -355,8 +345,8 @@ public class AuditManagerTest
metadataRepositoryControl.replay(); metadataRepositoryControl.replay();
List<AuditEvent> events = List<AuditEvent> events = auditManager.getAuditEventsInRange( Collections.singletonList( TEST_REPO_ID ),
auditManager.getAuditEventsInRange( TEST_REPO_ID, new Date( current.getTime() - 4000 ), current ); new Date( current.getTime() - 4000 ), current );
assertEquals( 2, events.size() ); assertEquals( 2, events.size() );
assertEvent( events.get( 0 ), name3, expectedEvent3.getResource() ); assertEvent( events.get( 0 ), name3, expectedEvent3.getResource() );
@ -388,8 +378,8 @@ public class AuditManagerTest
metadataRepositoryControl.replay(); metadataRepositoryControl.replay();
List<AuditEvent> events = List<AuditEvent> events = auditManager.getAuditEventsInRange( Collections.singletonList( TEST_REPO_ID ),
auditManager.getAuditEventsInRange( TEST_REPO_ID, new Date( current.getTime() - 20000 ), new Date( current.getTime() - 20000 ),
new Date( current.getTime() - 2000 ) ); new Date( current.getTime() - 2000 ) );
assertEquals( 2, events.size() ); assertEquals( 2, events.size() );
@ -425,8 +415,8 @@ public class AuditManagerTest
metadataRepositoryControl.replay(); metadataRepositoryControl.replay();
List<AuditEvent> events = List<AuditEvent> events = auditManager.getAuditEventsInRange( Collections.singletonList( TEST_REPO_ID ),
auditManager.getAuditEventsInRange( TEST_REPO_ID, new Date( current.getTime() - 20000 ), current ); new Date( current.getTime() - 20000 ), current );
assertEquals( 3, events.size() ); assertEquals( 3, events.size() );
assertEvent( events.get( 0 ), name3, expectedEvent3.getResource() ); assertEvent( events.get( 0 ), name3, expectedEvent3.getResource() );
@ -439,9 +429,6 @@ public class AuditManagerTest
public void testGetEventsRangeMultipleRepositories() public void testGetEventsRangeMultipleRepositories()
throws ParseException throws ParseException
{ {
metadataRepositoryControl.expectAndReturn( metadataRepository.getRepositories(),
Arrays.asList( TEST_REPO_ID, TEST_REPO_ID_2 ) );
Date current = new Date(); Date current = new Date();
String name1 = TIMESTAMP_FORMAT.format( new Date( current.getTime() - 12345 ) ); String name1 = TIMESTAMP_FORMAT.format( new Date( current.getTime() - 12345 ) );
@ -466,8 +453,8 @@ public class AuditManagerTest
metadataRepositoryControl.replay(); metadataRepositoryControl.replay();
List<AuditEvent> events = List<AuditEvent> events = auditManager.getAuditEventsInRange( Arrays.asList( TEST_REPO_ID, TEST_REPO_ID_2 ),
auditManager.getAuditEventsInRange( null, new Date( current.getTime() - 20000 ), current ); new Date( current.getTime() - 20000 ), current );
assertEquals( 3, events.size() ); assertEquals( 3, events.size() );
assertEvent( events.get( 0 ), name3, expectedEvent3.getResource() ); assertEvent( events.get( 0 ), name3, expectedEvent3.getResource() );
@ -496,8 +483,8 @@ public class AuditManagerTest
metadataRepositoryControl.replay(); metadataRepositoryControl.replay();
List<AuditEvent> events = List<AuditEvent> events = auditManager.getAuditEventsInRange( Collections.singletonList( TEST_REPO_ID ),
auditManager.getAuditEventsInRange( TEST_REPO_ID, new Date( current.getTime() - 20000 ), new Date( current.getTime() - 20000 ),
new Date( current.getTime() - 16000 ) ); new Date( current.getTime() - 16000 ) );
assertEquals( 0, events.size() ); assertEquals( 0, events.size() );