diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java index d837c1a63..e21bd6834 100644 --- a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java +++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java @@ -30,6 +30,8 @@ public class ArchivaRoleConstants public static final String GLOBAL_REPOSITORY_MANAGER_ROLE = "Global Repository Manager"; + public static final String GLOBAL_REPOSITORY_OBSERVER_ROLE = "Global Repository Observer"; + public static final String REGISTERED_USER_ROLE = "Registered User"; public static final String GUEST_ROLE = "Guest"; diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/GlobalRepositoryObserverRoleProfile.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/GlobalRepositoryObserverRoleProfile.java new file mode 100644 index 000000000..34e61dd2e --- /dev/null +++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/GlobalRepositoryObserverRoleProfile.java @@ -0,0 +1,53 @@ +package org.apache.maven.archiva.security; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import org.codehaus.plexus.rbac.profile.AbstractRoleProfile; + +import java.util.ArrayList; +import java.util.List; + +/** + * @plexus.component role="org.codehaus.plexus.rbac.profile.RoleProfile" + * role-hint="archiva-repository-administrator" + */ +public class GlobalRepositoryObserverRoleProfile + extends AbstractRoleProfile +{ + /** + * Create the Role name for a Repository Observer, using the provided repository id. + * + * @param repoId the repository id + */ + public String getRoleName( ) + { + return ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE; + } + + public boolean isAssignable() + { + return true; + } + + public List getOperations() + { + return null; + } +} diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/RepositoryObserverDynamicRoleProfile.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/RepositoryObserverDynamicRoleProfile.java index 753d1695c..84b696db8 100644 --- a/archiva-security/src/main/java/org/apache/maven/archiva/security/RepositoryObserverDynamicRoleProfile.java +++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/RepositoryObserverDynamicRoleProfile.java @@ -20,6 +20,10 @@ package org.apache.maven.archiva.security; */ import org.codehaus.plexus.rbac.profile.AbstractDynamicRoleProfile; +import org.codehaus.plexus.rbac.profile.RoleProfileException; +import org.codehaus.plexus.security.rbac.RbacManagerException; +import org.codehaus.plexus.security.rbac.RbacObjectNotFoundException; +import org.codehaus.plexus.security.rbac.Role; import java.util.ArrayList; import java.util.List; @@ -52,4 +56,35 @@ public class RepositoryObserverDynamicRoleProfile { return true; } + + public Role getRole( String resource ) + throws RoleProfileException +{ + try + { + if ( rbacManager.roleExists( getRoleName( resource ) ) ) + { + return rbacManager.getRole( getRoleName( resource ) ); + } + else + { + // first time assign the role to the group administrator since they need the access + Role newRole = generateRole( resource ); + + Role repoAdmin = rbacManager.getRole( ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE ); + repoAdmin.addChildRoleName( newRole.getName() ); + rbacManager.saveRole( repoAdmin ); + + return newRole; + } + } + catch ( RbacObjectNotFoundException ne ) + { + throw new RoleProfileException( "unable to get role", ne ); + } + catch ( RbacManagerException e ) + { + throw new RoleProfileException( "system error with rbac manager", e ); + } +} }