mirror of https://github.com/apache/archiva.git
Adding additional operations for access control
This commit is contained in:
parent
55b1e5d09f
commit
c818808b7c
|
@ -64,7 +64,7 @@ public class ArchivaRoleConstants
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Permission to add a repository
|
* Permission to add a repository
|
||||||
* Scope: application
|
* Scope: global
|
||||||
*/
|
*/
|
||||||
public static final String OPERATION_ADD_REPOSITORY = "archiva-add-repository";
|
public static final String OPERATION_ADD_REPOSITORY = "archiva-add-repository";
|
||||||
|
|
||||||
|
@ -118,10 +118,15 @@ public class ArchivaRoleConstants
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Permission to upload a file to the upload workspace
|
* Permission to upload a file to the upload workspace
|
||||||
* Scope: application
|
* Scope: global
|
||||||
*/
|
*/
|
||||||
public static final String OPERATION_FILE_UPLOAD = "archiva-upload-file";
|
public static final String OPERATION_FILE_UPLOAD = "archiva-upload-file";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Permission to list all available repositories
|
||||||
|
* Scope: global
|
||||||
|
*/
|
||||||
|
public static final String OPERATION_LIST_REPOSITORIES = "archiva-list-repositories";
|
||||||
|
|
||||||
|
|
||||||
public static final String OPERATION_MERGE_REPOSITORY = "archiva-merge-repository";
|
public static final String OPERATION_MERGE_REPOSITORY = "archiva-merge-repository";
|
||||||
|
@ -139,6 +144,7 @@ public class ArchivaRoleConstants
|
||||||
|
|
||||||
public static final String TEMPLATE_GUEST = "archiva-guest";
|
public static final String TEMPLATE_GUEST = "archiva-guest";
|
||||||
|
|
||||||
|
|
||||||
public static String toRepositoryObserverRoleName( String repoId )
|
public static String toRepositoryObserverRoleName( String repoId )
|
||||||
{
|
{
|
||||||
return REPOSITORY_OBSERVER_ROLE_PREFIX + " - " + repoId;
|
return REPOSITORY_OBSERVER_ROLE_PREFIX + " - " + repoId;
|
||||||
|
|
|
@ -78,6 +78,11 @@
|
||||||
<name>archiva-access-reports</name>
|
<name>archiva-access-reports</name>
|
||||||
<description>Access Archiva Reports</description>
|
<description>Access Archiva Reports</description>
|
||||||
</operation>
|
</operation>
|
||||||
|
<operation>
|
||||||
|
<id>archiva-list-repositories</id>
|
||||||
|
<name>archiva-list-repositories</name>
|
||||||
|
<description>List all repositories</description>
|
||||||
|
</operation>
|
||||||
<operation>
|
<operation>
|
||||||
<id>archiva-add-repository</id>
|
<id>archiva-add-repository</id>
|
||||||
<name>archiva-add-repository</name>
|
<name>archiva-add-repository</name>
|
||||||
|
@ -253,6 +258,12 @@
|
||||||
<namePrefix>Repository Manager</namePrefix>
|
<namePrefix>Repository Manager</namePrefix>
|
||||||
<assignable>true</assignable>
|
<assignable>true</assignable>
|
||||||
<permissions>
|
<permissions>
|
||||||
|
<permission>
|
||||||
|
<id>archiva-list-repositories</id>
|
||||||
|
<name>Archiva List Repositories</name>
|
||||||
|
<operation>archiva-list-repositories</operation>
|
||||||
|
<resource>global</resource>
|
||||||
|
</permission>
|
||||||
<permission>
|
<permission>
|
||||||
<id>archiva-delete-namespace</id>
|
<id>archiva-delete-namespace</id>
|
||||||
<name>Archiva Delete Namespace (GroupId)</name>
|
<name>Archiva Delete Namespace (GroupId)</name>
|
||||||
|
|
|
@ -32,7 +32,6 @@ import org.apache.archiva.rest.api.v2.model.MavenManagedRepository;
|
||||||
import org.apache.archiva.rest.api.v2.model.MavenManagedRepositoryUpdate;
|
import org.apache.archiva.rest.api.v2.model.MavenManagedRepositoryUpdate;
|
||||||
import org.apache.archiva.rest.api.v2.svc.ArchivaRestError;
|
import org.apache.archiva.rest.api.v2.svc.ArchivaRestError;
|
||||||
import org.apache.archiva.rest.api.v2.svc.ArchivaRestServiceException;
|
import org.apache.archiva.rest.api.v2.svc.ArchivaRestServiceException;
|
||||||
import org.apache.archiva.security.common.ArchivaRoleConstants;
|
|
||||||
|
|
||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
import javax.ws.rs.DELETE;
|
import javax.ws.rs.DELETE;
|
||||||
|
@ -53,12 +52,25 @@ import static org.apache.archiva.rest.api.v2.svc.RestConfiguration.DEFAULT_PAGE_
|
||||||
import static org.apache.archiva.security.common.ArchivaRoleConstants.*;
|
import static org.apache.archiva.security.common.ArchivaRoleConstants.*;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
*
|
||||||
* Service interface for update, delete, add of Managed Maven Repositories
|
* Service interface for update, delete, add of Managed Maven Repositories
|
||||||
*
|
*
|
||||||
|
* The add, delete, update methods for a repository use "/{id}" with the classical CRUD actions.
|
||||||
|
* Where {id} is the repository ID.
|
||||||
|
*
|
||||||
|
* There are subpaths for certain repository management functions:
|
||||||
|
* <ul>
|
||||||
|
* <li>{@code /{id}/path/{groupsection1/groupsection2/... }/{project}/{version}/{artifact-file}}
|
||||||
|
* is used for accessing artifacts and directories by their repository path</li>
|
||||||
|
* <li>{@code /{id}/co/{groupid}/{artifactid}/{version} } is used to access Maven artifacts by their coordinates.
|
||||||
|
* Which means, {groupid} is a '.' separated string.
|
||||||
|
* </li>
|
||||||
|
* </ul>
|
||||||
|
*
|
||||||
* @author Martin Stockhammer <martin_s@apache.org>
|
* @author Martin Stockhammer <martin_s@apache.org>
|
||||||
* @since 3.0
|
* @since 3.0
|
||||||
*/
|
*/
|
||||||
@Schema( name = "ManagedRepositoryService", description = "Managing and configuration of managed repositories" )
|
@Schema( name = "MavenManagedRepositoryService", description = "Managing and configuration of managed maven repositories" )
|
||||||
@Path( "repositories/maven/managed" )
|
@Path( "repositories/maven/managed" )
|
||||||
@Tag(name = "v2")
|
@Tag(name = "v2")
|
||||||
@Tag(name = "v2/Repositories")
|
@Tag(name = "v2/Repositories")
|
||||||
|
@ -67,7 +79,7 @@ public interface MavenManagedRepositoryService
|
||||||
@Path( "" )
|
@Path( "" )
|
||||||
@GET
|
@GET
|
||||||
@Produces( {APPLICATION_JSON} )
|
@Produces( {APPLICATION_JSON} )
|
||||||
@RedbackAuthorization( permissions = OPERATION_MANAGE_CONFIGURATION )
|
@RedbackAuthorization( permissions = { OPERATION_MANAGE_CONFIGURATION, OPERATION_LIST_REPOSITORIES } )
|
||||||
@Operation( summary = "Returns all managed repositories.",
|
@Operation( summary = "Returns all managed repositories.",
|
||||||
parameters = {
|
parameters = {
|
||||||
@Parameter( name = "q", description = "Search term" ),
|
@Parameter( name = "q", description = "Search term" ),
|
||||||
|
@ -79,7 +91,11 @@ public interface MavenManagedRepositoryService
|
||||||
security = {
|
security = {
|
||||||
@SecurityRequirement(
|
@SecurityRequirement(
|
||||||
name = OPERATION_MANAGE_CONFIGURATION
|
name = OPERATION_MANAGE_CONFIGURATION
|
||||||
|
),
|
||||||
|
@SecurityRequirement(
|
||||||
|
name = OPERATION_LIST_REPOSITORIES
|
||||||
)
|
)
|
||||||
|
|
||||||
},
|
},
|
||||||
responses = {
|
responses = {
|
||||||
@ApiResponse( responseCode = "200",
|
@ApiResponse( responseCode = "200",
|
||||||
|
@ -159,7 +175,8 @@ public interface MavenManagedRepositoryService
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
Response deleteManagedRepository( @PathParam( "id" ) String repositoryId,
|
Response deleteManagedRepository( @PathParam( "id" ) String repositoryId,
|
||||||
@QueryParam( "deleteContent" ) boolean deleteContent )
|
@DefaultValue( "false" )
|
||||||
|
@QueryParam( "deleteContent" ) Boolean deleteContent )
|
||||||
throws ArchivaRestServiceException;
|
throws ArchivaRestServiceException;
|
||||||
|
|
||||||
|
|
||||||
|
@ -243,7 +260,7 @@ public interface MavenManagedRepositoryService
|
||||||
permissions = { OPERATION_MANAGE_CONFIGURATION, OPERATION_READ_REPOSITORY},
|
permissions = { OPERATION_MANAGE_CONFIGURATION, OPERATION_READ_REPOSITORY},
|
||||||
resource = "{id}"
|
resource = "{id}"
|
||||||
)
|
)
|
||||||
@Operation( summary = "Returns the status of a given file in the repository",
|
@Operation( summary = "Returns the status of a given artifact file in the repository",
|
||||||
security = {
|
security = {
|
||||||
@SecurityRequirement(
|
@SecurityRequirement(
|
||||||
name = OPERATION_MANAGE_CONFIGURATION
|
name = OPERATION_MANAGE_CONFIGURATION
|
||||||
|
@ -277,7 +294,7 @@ public interface MavenManagedRepositoryService
|
||||||
@POST
|
@POST
|
||||||
@Produces({APPLICATION_JSON})
|
@Produces({APPLICATION_JSON})
|
||||||
@RedbackAuthorization (noPermission = true)
|
@RedbackAuthorization (noPermission = true)
|
||||||
@Operation( summary = "Copies a artifact from the source repository to the destination repository",
|
@Operation( summary = "Copies a artifact from the source repository to the destination repository with the same path",
|
||||||
security = {
|
security = {
|
||||||
@SecurityRequirement(
|
@SecurityRequirement(
|
||||||
name = OPERATION_READ_REPOSITORY,
|
name = OPERATION_READ_REPOSITORY,
|
||||||
|
@ -315,7 +332,7 @@ public interface MavenManagedRepositoryService
|
||||||
permissions = { OPERATION_MANAGE_CONFIGURATION, OPERATION_DELETE_ARTIFACT },
|
permissions = { OPERATION_MANAGE_CONFIGURATION, OPERATION_DELETE_ARTIFACT },
|
||||||
resource = "{id}"
|
resource = "{id}"
|
||||||
)
|
)
|
||||||
@Operation( summary = "Deletes a artifact in the repository.",
|
@Operation( summary = "Deletes a artifact from the repository.",
|
||||||
security = {
|
security = {
|
||||||
@SecurityRequirement(
|
@SecurityRequirement(
|
||||||
name = OPERATION_MANAGE_CONFIGURATION
|
name = OPERATION_MANAGE_CONFIGURATION
|
||||||
|
@ -339,14 +356,14 @@ public interface MavenManagedRepositoryService
|
||||||
Response deleteArtifact( @PathParam( "id" ) String repositoryId, @PathParam( "path" ) String path )
|
Response deleteArtifact( @PathParam( "id" ) String repositoryId, @PathParam( "path" ) String path )
|
||||||
throws ArchivaRestServiceException;
|
throws ArchivaRestServiceException;
|
||||||
|
|
||||||
@Path ( "{id}/co/{group}/{project}/{version}" )
|
@Path ( "{id}/co/{groupid}/{artifactid}/{version}" )
|
||||||
@DELETE
|
@DELETE
|
||||||
@Produces ({ MediaType.APPLICATION_JSON })
|
@Produces ({ MediaType.APPLICATION_JSON })
|
||||||
@RedbackAuthorization (
|
@RedbackAuthorization (
|
||||||
permissions = { OPERATION_MANAGE_CONFIGURATION, OPERATION_DELETE_VERSION},
|
permissions = { OPERATION_MANAGE_CONFIGURATION, OPERATION_DELETE_VERSION},
|
||||||
resource = "{id}"
|
resource = "{id}"
|
||||||
)
|
)
|
||||||
@Operation( summary = "Removes a version tree in the repository",
|
@Operation( summary = "Removes a version and all its content from the repository",
|
||||||
security = {
|
security = {
|
||||||
@SecurityRequirement(
|
@SecurityRequirement(
|
||||||
name = OPERATION_MANAGE_CONFIGURATION
|
name = OPERATION_MANAGE_CONFIGURATION
|
||||||
|
@ -368,16 +385,16 @@ public interface MavenManagedRepositoryService
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
Response removeProjectVersion( @PathParam ( "id" ) String repositoryId,
|
Response removeProjectVersion( @PathParam ( "id" ) String repositoryId,
|
||||||
@PathParam ( "group" ) String namespace, @PathParam ( "project" ) String projectId,
|
@PathParam ( "groupid" ) String namespace, @PathParam ( "artifactid" ) String projectId,
|
||||||
@PathParam ( "version" ) String version )
|
@PathParam ( "version" ) String version )
|
||||||
throws org.apache.archiva.rest.api.services.ArchivaRestServiceException;
|
throws org.apache.archiva.rest.api.services.ArchivaRestServiceException;
|
||||||
|
|
||||||
|
|
||||||
@Path ( "{id}/co/{group}/{project}" )
|
@Path ( "{id}/co/{groupid}/{artifactid}" )
|
||||||
@DELETE
|
@DELETE
|
||||||
@Produces ({ MediaType.APPLICATION_JSON })
|
@Produces ({ MediaType.APPLICATION_JSON })
|
||||||
@RedbackAuthorization (noPermission = true)
|
@RedbackAuthorization (noPermission = true)
|
||||||
@Operation( summary = "Removes a project tree in the repository",
|
@Operation( summary = "Removes a artifact and all its versions from the repository",
|
||||||
security = {
|
security = {
|
||||||
@SecurityRequirement(
|
@SecurityRequirement(
|
||||||
name = OPERATION_MANAGE_CONFIGURATION
|
name = OPERATION_MANAGE_CONFIGURATION
|
||||||
|
@ -394,21 +411,21 @@ public interface MavenManagedRepositoryService
|
||||||
),
|
),
|
||||||
@ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to delete in repositories",
|
@ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to delete in repositories",
|
||||||
content = @Content( mediaType = APPLICATION_JSON, schema = @Schema( implementation = ArchivaRestError.class ) ) ),
|
content = @Content( mediaType = APPLICATION_JSON, schema = @Schema( implementation = ArchivaRestError.class ) ) ),
|
||||||
@ApiResponse( responseCode = "404", description = "The managed repository with this id does not exist. Or the project does not exist.",
|
@ApiResponse( responseCode = "404", description = "The managed repository with this id does not exist. Or the artifact does not exist.",
|
||||||
content = @Content( mediaType = APPLICATION_JSON, schema = @Schema( implementation = ArchivaRestError.class ) ) )
|
content = @Content( mediaType = APPLICATION_JSON, schema = @Schema( implementation = ArchivaRestError.class ) ) )
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
Response deleteProject( @PathParam ("id") String repositoryId, @PathParam ( "group" ) String namespace, @PathParam ( "project" ) String projectId )
|
Response deleteProject( @PathParam ("id") String repositoryId, @PathParam ( "groupid" ) String namespace, @PathParam ( "artifactid" ) String projectId )
|
||||||
throws org.apache.archiva.rest.api.services.ArchivaRestServiceException;
|
throws org.apache.archiva.rest.api.services.ArchivaRestServiceException;
|
||||||
|
|
||||||
@Path ( "{id}/co/{namespace}" )
|
@Path ( "{id}/co/{groupid}" )
|
||||||
@DELETE
|
@DELETE
|
||||||
@Produces ({ MediaType.APPLICATION_JSON })
|
@Produces ({ MediaType.APPLICATION_JSON })
|
||||||
@RedbackAuthorization (
|
@RedbackAuthorization (
|
||||||
permissions = { OPERATION_MANAGE_CONFIGURATION, OPERATION_DELETE_NAMESPACE },
|
permissions = { OPERATION_MANAGE_CONFIGURATION, OPERATION_DELETE_NAMESPACE },
|
||||||
resource = "{id}"
|
resource = "{id}"
|
||||||
)
|
)
|
||||||
@Operation( summary = "Removes a namespace tree in the repository",
|
@Operation( summary = "Removes a group and all subfolders from the repository",
|
||||||
security = {
|
security = {
|
||||||
@SecurityRequirement(
|
@SecurityRequirement(
|
||||||
name = OPERATION_MANAGE_CONFIGURATION
|
name = OPERATION_MANAGE_CONFIGURATION
|
||||||
|
@ -424,11 +441,11 @@ public interface MavenManagedRepositoryService
|
||||||
),
|
),
|
||||||
@ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to delete namespaces in repositories",
|
@ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to delete namespaces in repositories",
|
||||||
content = @Content( mediaType = APPLICATION_JSON, schema = @Schema( implementation = ArchivaRestError.class ) ) ),
|
content = @Content( mediaType = APPLICATION_JSON, schema = @Schema( implementation = ArchivaRestError.class ) ) ),
|
||||||
@ApiResponse( responseCode = "404", description = "The managed repository with this id does not exist. Or the namespace does not exist.",
|
@ApiResponse( responseCode = "404", description = "The managed repository with this id does not exist. Or the groupid does not exist.",
|
||||||
content = @Content( mediaType = APPLICATION_JSON, schema = @Schema( implementation = ArchivaRestError.class ) ) )
|
content = @Content( mediaType = APPLICATION_JSON, schema = @Schema( implementation = ArchivaRestError.class ) ) )
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
Response deleteNamespace( @PathParam ("id") String repositoryId, @PathParam ( "namespace" ) String namespace )
|
Response deleteNamespace( @PathParam ("id") String repositoryId, @PathParam ( "groupid" ) String namespace )
|
||||||
throws org.apache.archiva.rest.api.services.ArchivaRestServiceException;
|
throws org.apache.archiva.rest.api.services.ArchivaRestServiceException;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
package org.apache.archiva.rest.v2.svc;
|
package org.apache.archiva.rest.v2.svc.maven;
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one
|
* Licensed to the Apache Software Foundation (ASF) under one
|
||||||
* or more contributor license agreements. See the NOTICE file
|
* or more contributor license agreements. See the NOTICE file
|
||||||
|
@ -155,7 +155,7 @@ public class DefaultMavenManagedRepositoryService implements MavenManagedReposit
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Response deleteManagedRepository( String repositoryId, boolean deleteContent ) throws ArchivaRestServiceException
|
public Response deleteManagedRepository( String repositoryId, Boolean deleteContent ) throws ArchivaRestServiceException
|
||||||
{
|
{
|
||||||
ManagedRepository repo = repositoryRegistry.getManagedRepository( repositoryId );
|
ManagedRepository repo = repositoryRegistry.getManagedRepository( repositoryId );
|
||||||
if (repo==null) {
|
if (repo==null) {
|
Loading…
Reference in New Issue