From bfe9d3b48d8bbfa2ca389a9f80036e825d50938a Mon Sep 17 00:00:00 2001 From: "Maria Odea B. Ching" Date: Wed, 3 Feb 2010 11:11:06 +0000 Subject: [PATCH] [MRM-1316] audit log report does not restrict events to repositories that you are a manager of o filter the results and show only actions performed on repos which the user has access to o added selenium test git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@905996 13f79535-47bb-0310-9956-ffa450edef68 --- .../src/test/resources/testng.properties | 7 +++ .../archiva/web/test/AuditLogsReportTest.java | 36 +++++++++++++++ .../reports/ViewAuditLogReportAction.java | 45 ++++++++++++++++++- 3 files changed, 86 insertions(+), 2 deletions(-) diff --git a/archiva-modules/archiva-web/archiva-webapp-test/src/test/resources/testng.properties b/archiva-modules/archiva-web/archiva-webapp-test/src/test/resources/testng.properties index 3940355ab..778d802e5 100644 --- a/archiva-modules/archiva-web/archiva-webapp-test/src/test/resources/testng.properties +++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/resources/testng.properties @@ -77,6 +77,13 @@ PACKAGING1=jar ARTIFACTFILEPATH1=test REPOSITORYID1=internal +SNAPSHOT_GROUPID=org.apache.archiva +SNAPSHOT_ARTIFACTID=archiva-test +SNAPSHOT_VERSION=1.0-SNAPSHOT +SNAPSHOT_PACKAGING=jar +SNAPSHOT_ARTIFACTFILEPATH=test +SNAPSHOT_REPOSITORYID=snapshots + # REPOSITORIES # Manage Repositories MANAGED_IDENTIFIER=testing1 diff --git a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/AuditLogsReportTest.java b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/AuditLogsReportTest.java index daedc24a9..0f3dcc6c4 100644 --- a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/AuditLogsReportTest.java +++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/AuditLogsReportTest.java @@ -128,4 +128,40 @@ public class AuditLogsReportTest assertTextPresent( "internal" ); assertTextPresent( "admin" ); } + + @Test (dependsOnMethods = { "testAddArtifactValidValues", "testUserWithRepoManagerInternalRole" }, enabled = false ) + public void testViewAuditLogsViewAuditEventsForManageableRepositoriesOnly() + { + String groupId = getProperty( "SNAPSHOT_GROUPID" ); + String artifactId = getProperty( "SNAPSHOT_ARTIFACTID" ); + String version = getProperty( "SNAPSHOT_VERSION" ); + String repo = getProperty( "SNAPSHOT_REPOSITORYID" ); + String packaging = getProperty( "SNAPSHOT_PACKAGING" ); + + addArtifact( groupId, artifactId, version, packaging, getProperty( "SNAPSHOT_ARTIFACTFILEPATH" ), repo ); + assertTextPresent( "Artifact '" + groupId + ":" + artifactId + ":" + version + + "' was successfully deployed to repository '" + repo + "'" ); + + clickLinkWithText( "Logout" ); + + login( getProperty( "REPOMANAGER_INTERNAL_USERNAME" ), getUserRolePassword() ); + goToAuditLogReports(); + assertAuditLogsReportPage(); + + selectValue( "repository", "all" ); + submit(); + + assertAuditLogsReportPage(); + assertTextPresent( "Results" ); + assertTextNotPresent( "No audit logs found." ); + assertTextPresent( "test-1.0.jar" ); + assertTextPresent( "Uploaded File" ); + assertTextPresent( "internal" ); + assertTextPresent( "admin" ); + + assertTextNotPresent( artifactId + "-" + version + "." + packaging ); + + clickLinkWithText( "Logout" ); + login( getProperty( "ADMIN_USERNAME" ), getProperty( "ADMIN_PASSWORD" ) ); + } } diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/reports/ViewAuditLogReportAction.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/reports/ViewAuditLogReportAction.java index 298a6d996..5c0aec712 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/reports/ViewAuditLogReportAction.java +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/reports/ViewAuditLogReportAction.java @@ -149,7 +149,7 @@ public class ViewAuditLogReportAction } SimpleConstraint constraint = new MostRecentArchivaAuditLogsConstraint(); - auditLogs = (List) dao.query( constraint ); + auditLogs = filterLogs( (List) dao.query( constraint ) ); } public String execute() @@ -216,7 +216,8 @@ public class ViewAuditLogReportAction try { - auditLogs = auditLogsDao.queryAuditLogs( constraint ); + auditLogs = filterLogs( auditLogsDao.queryAuditLogs( constraint ) ); + if( auditLogs.isEmpty() ) { addActionError( "No audit logs found." ); @@ -244,6 +245,25 @@ public class ViewAuditLogReportAction return SUCCESS; } + private List filterLogs( List auditLogs ) + { + List observableRepos = getManageableRepositories(); + List filteredAuditLogs = new ArrayList(); + + if( auditLogs != null ) + { + for( ArchivaAuditLogs auditLog : auditLogs ) + { + if( observableRepos.contains( auditLog.getRepositoryId() ) ) + { + filteredAuditLogs.add( auditLog ); + } + } + } + + return filteredAuditLogs; + } + private void paginate() { if ( auditLogs.size() <= rowCount ) @@ -270,6 +290,27 @@ public class ViewAuditLogReportAction next = StringUtils.replace( next, " ", "%20" ); } + private List getManageableRepositories() + { + try + { + return userRepositories.getManagableRepositoryIds( getPrincipal() ); + } + catch ( PrincipalNotFoundException e ) + { + log.warn( e.getMessage(), e ); + } + catch ( AccessDeniedException e ) + { + log.warn( e.getMessage(), e ); + } + catch ( ArchivaSecurityException e ) + { + log.warn( e.getMessage(), e ); + } + return Collections.emptyList(); + } + private List getObservableRepositories() { try