[MRM-1316] audit log report does not restrict events to repositories that you are a manager of

o filter the results and show only actions performed on repos which the user has access to o added selenium test git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@905996 13f79535-47bb-0310-9956-ffa450edef68
2010-02-03 11:11:06 +00:00 · 2010-02-03 11:11:06 +00:00 · bfe9d3b48d
parent 1d8d52338c
commit bfe9d3b48d
3 changed files with 86 additions and 2 deletions
--- a/archiva-modules/archiva-web/archiva-webapp-test/src/test/resources/testng.properties
+++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/resources/testng.properties
@ -77,6 +77,13 @@ PACKAGING1=jar
 ARTIFACTFILEPATH1=test
 REPOSITORYID1=internal

+SNAPSHOT_GROUPID=org.apache.archiva
+SNAPSHOT_ARTIFACTID=archiva-test
+SNAPSHOT_VERSION=1.0-SNAPSHOT
+SNAPSHOT_PACKAGING=jar
+SNAPSHOT_ARTIFACTFILEPATH=test
+SNAPSHOT_REPOSITORYID=snapshots
+
 # REPOSITORIES
 # Manage Repositories
 MANAGED_IDENTIFIER=testing1
--- a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/AuditLogsReportTest.java
+++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/AuditLogsReportTest.java
@ -128,4 +128,40 @@ public class AuditLogsReportTest
        assertTextPresent( "internal" );
        assertTextPresent( "admin" );
    }
+    
+    @Test (dependsOnMethods = { "testAddArtifactValidValues", "testUserWithRepoManagerInternalRole" }, enabled = false )
+    public void testViewAuditLogsViewAuditEventsForManageableRepositoriesOnly()
+    {
+        String groupId = getProperty( "SNAPSHOT_GROUPID" );
+        String artifactId = getProperty( "SNAPSHOT_ARTIFACTID" );
+        String version = getProperty( "SNAPSHOT_VERSION" );
+        String repo = getProperty( "SNAPSHOT_REPOSITORYID" );
+        String packaging = getProperty( "SNAPSHOT_PACKAGING" );
+        
+        addArtifact( groupId, artifactId, version, packaging, getProperty( "SNAPSHOT_ARTIFACTFILEPATH" ), repo );        
+        assertTextPresent( "Artifact '" + groupId + ":" + artifactId + ":" + version +
+            "' was successfully deployed to repository '" + repo + "'" );
+        
+        clickLinkWithText( "Logout" );
+                
+        login( getProperty( "REPOMANAGER_INTERNAL_USERNAME" ), getUserRolePassword() );
+        goToAuditLogReports();        
+        assertAuditLogsReportPage();
+        
+        selectValue( "repository", "all" );
+        submit();
+        
+        assertAuditLogsReportPage();
+        assertTextPresent( "Results" );
+        assertTextNotPresent( "No audit logs found." );
+        assertTextPresent( "test-1.0.jar" );
+        assertTextPresent( "Uploaded File" );
+        assertTextPresent( "internal" );
+        assertTextPresent( "admin" );
+        
+        assertTextNotPresent( artifactId + "-" + version + "." + packaging );
+        
+        clickLinkWithText( "Logout" );
+        login( getProperty( "ADMIN_USERNAME" ), getProperty( "ADMIN_PASSWORD" ) );
+    }
 }
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/reports/ViewAuditLogReportAction.java
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/reports/ViewAuditLogReportAction.java
@ -149,7 +149,7 @@ public class ViewAuditLogReportAction
        }

        SimpleConstraint constraint = new MostRecentArchivaAuditLogsConstraint();
-        auditLogs = (List<ArchivaAuditLogs>) dao.query( constraint );
+        auditLogs = filterLogs( (List<ArchivaAuditLogs>) dao.query( constraint ) );
    }

    public String execute()
@ -216,7 +216,8 @@ public class ViewAuditLogReportAction

        try
        {
-            auditLogs = auditLogsDao.queryAuditLogs( constraint );            
+            auditLogs = filterLogs( auditLogsDao.queryAuditLogs( constraint ) );
+            
            if( auditLogs.isEmpty() )
            {
                addActionError( "No audit logs found." );
@ -244,6 +245,25 @@ public class ViewAuditLogReportAction
        return SUCCESS;
    }
    
+    private List<ArchivaAuditLogs> filterLogs( List<ArchivaAuditLogs> auditLogs )
+    {
+        List<String> observableRepos = getManageableRepositories();
+        List<ArchivaAuditLogs> filteredAuditLogs = new ArrayList<ArchivaAuditLogs>();
+        
+        if( auditLogs != null )
+        {
+            for( ArchivaAuditLogs auditLog : auditLogs )
+            {
+                if( observableRepos.contains( auditLog.getRepositoryId() ) )
+                {
+                    filteredAuditLogs.add( auditLog );
+                }
+            }
+        }
+        
+        return filteredAuditLogs;
+    }
+        
    private void paginate()
    {
        if ( auditLogs.size() <= rowCount )
@ -270,6 +290,27 @@ public class ViewAuditLogReportAction
        next = StringUtils.replace( next, " ", "%20" );
    }

+    private List<String> getManageableRepositories()
+    {
+        try
+        {
+            return userRepositories.getManagableRepositoryIds( getPrincipal() );
+        }
+        catch ( PrincipalNotFoundException e )
+        {
+            log.warn( e.getMessage(), e );
+        }
+        catch ( AccessDeniedException e )
+        {
+            log.warn( e.getMessage(), e );
+        }
+        catch ( ArchivaSecurityException e )
+        {
+            log.warn( e.getMessage(), e );
+        }
+        return Collections.emptyList();
+    }
+    
    private List<String> getObservableRepositories()
    {
        try