[MRM-1316] audit log report does not restrict events to repositories that you are a manager of

o filter the results and show only actions performed on repos which the user has access to o added selenium test git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@905996 13f79535-47bb-0310-9956-ffa450edef68
2010-02-03 11:11:06 +00:00 · 2010-02-03 11:11:06 +00:00 · bfe9d3b48d
parent 1d8d52338c
commit bfe9d3b48d
3 changed files with 86 additions and 2 deletions
--- a/archiva-modules/archiva-web/archiva-webapp-test/src/test/resources/testng.properties
+++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/resources/testng.properties
@ -77,6 +77,13 @@ PACKAGING1=jar
 ARTIFACTFILEPATH1=test
 REPOSITORYID1=internal
 SNAPSHOT_GROUPID=org.apache.archiva
 SNAPSHOT_ARTIFACTID=archiva-test
 SNAPSHOT_VERSION=1.0-SNAPSHOT
 SNAPSHOT_PACKAGING=jar
 SNAPSHOT_ARTIFACTFILEPATH=test
 SNAPSHOT_REPOSITORYID=snapshots
 # REPOSITORIES
 # Manage Repositories
 MANAGED_IDENTIFIER=testing1
--- a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/AuditLogsReportTest.java
+++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/AuditLogsReportTest.java
@ -128,4 +128,40 @@ public class AuditLogsReportTest
        assertTextPresent( "internal" );
        assertTextPresent( "admin" );
    }
    @Test (dependsOnMethods = { "testAddArtifactValidValues", "testUserWithRepoManagerInternalRole" }, enabled = false )
    public void testViewAuditLogsViewAuditEventsForManageableRepositoriesOnly()
    {
        String groupId = getProperty( "SNAPSHOT_GROUPID" );
        String artifactId = getProperty( "SNAPSHOT_ARTIFACTID" );
        String version = getProperty( "SNAPSHOT_VERSION" );
        String repo = getProperty( "SNAPSHOT_REPOSITORYID" );
        String packaging = getProperty( "SNAPSHOT_PACKAGING" );
        addArtifact( groupId, artifactId, version, packaging, getProperty( "SNAPSHOT_ARTIFACTFILEPATH" ), repo );        
        assertTextPresent( "Artifact '" + groupId + ":" + artifactId + ":" + version +
            "' was successfully deployed to repository '" + repo + "'" );
        clickLinkWithText( "Logout" );
        login( getProperty( "REPOMANAGER_INTERNAL_USERNAME" ), getUserRolePassword() );
        goToAuditLogReports();        
        assertAuditLogsReportPage();
        selectValue( "repository", "all" );
        submit();
        assertAuditLogsReportPage();
        assertTextPresent( "Results" );
        assertTextNotPresent( "No audit logs found." );
        assertTextPresent( "test-1.0.jar" );
        assertTextPresent( "Uploaded File" );
        assertTextPresent( "internal" );
        assertTextPresent( "admin" );
        assertTextNotPresent( artifactId + "-" + version + "." + packaging );
        clickLinkWithText( "Logout" );
        login( getProperty( "ADMIN_USERNAME" ), getProperty( "ADMIN_PASSWORD" ) );
    }
 }
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/reports/ViewAuditLogReportAction.java
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/reports/ViewAuditLogReportAction.java
@ -149,7 +149,7 @@ public class ViewAuditLogReportAction
        }
        SimpleConstraint constraint = new MostRecentArchivaAuditLogsConstraint();
-        auditLogs = (List<ArchivaAuditLogs>) dao.query( constraint );
+        auditLogs = filterLogs( (List<ArchivaAuditLogs>) dao.query( constraint ) );
    }
    public String execute()
@ -216,7 +216,8 @@ public class ViewAuditLogReportAction
        try
        {
-            auditLogs = auditLogsDao.queryAuditLogs( constraint );            
+            auditLogs = filterLogs( auditLogsDao.queryAuditLogs( constraint ) );
            if( auditLogs.isEmpty() )
            {
                addActionError( "No audit logs found." );
@ -244,6 +245,25 @@ public class ViewAuditLogReportAction
        return SUCCESS;
    }
    private List<ArchivaAuditLogs> filterLogs( List<ArchivaAuditLogs> auditLogs )
    {
        List<String> observableRepos = getManageableRepositories();
        List<ArchivaAuditLogs> filteredAuditLogs = new ArrayList<ArchivaAuditLogs>();
        if( auditLogs != null )
        {
            for( ArchivaAuditLogs auditLog : auditLogs )
            {
                if( observableRepos.contains( auditLog.getRepositoryId() ) )
                {
                    filteredAuditLogs.add( auditLog );
                }
            }
        }
        return filteredAuditLogs;
    }
    private void paginate()
    {
        if ( auditLogs.size() <= rowCount )
@ -270,6 +290,27 @@ public class ViewAuditLogReportAction
        next = StringUtils.replace( next, " ", "%20" );
    }
    private List<String> getManageableRepositories()
    {
        try
        {
            return userRepositories.getManagableRepositoryIds( getPrincipal() );
        }
        catch ( PrincipalNotFoundException e )
        {
            log.warn( e.getMessage(), e );
        }
        catch ( AccessDeniedException e )
        {
            log.warn( e.getMessage(), e );
        }
        catch ( ArchivaSecurityException e )
        {
            log.warn( e.getMessage(), e );
        }
        return Collections.emptyList();
    }
    private List<String> getObservableRepositories()
    {
        try