Security role changes, added global repository manager that is the role for administering all repositories configuration wise, the particular repository managers now administer content _in_ their assigned repositories, observers get read access to corresponding repository (or global access to add if they get the global observer) and I also removed the archiva-edit-configuration operation since it was duplicated by the archiva-manage-configuraiton operation

git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@513431 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Jesse McConnell 2007-03-01 18:32:59 +00:00
parent 013a962760
commit eecc68356e
13 changed files with 56 additions and 152 deletions

View File

@ -36,8 +36,6 @@ public class ArchivaRoleConstants
public static final String GUEST_ROLE = "Guest";
public static final String BASE_REPOSITORY_MANAGER = "Repository Manager Base";
// dynamic role prefixes
public static final String REPOSITORY_MANAGER_ROLE_PREFIX = "Repository Manager";
@ -65,6 +63,5 @@ public class ArchivaRoleConstants
public static final String OPERATION_EDIT_REPOSITORY = "archiva-edit-repository";
public static final String OPERATION_REPOSITORY_UPLOAD = "archiva-upload-repository";
public static final String OPERATION_EDIT_CONFIGURATION = "archiva-edit-configuration";
}

View File

@ -25,6 +25,8 @@ import org.codehaus.plexus.rbac.profile.RoleProfileException;
/**
* Role profile manager.
*
* Role Structures are laid out as documented http://docs.codehaus.org/display/MAVENUSER/Archiva+Security+Roles
*
* @author Brett Porter
* @todo composition over inheritence?
* @plexus.component role="org.codehaus.plexus.rbac.profile.RoleProfileManager" role-hint="archiva"
@ -35,8 +37,9 @@ public class ArchivaRoleProfileManager
public void initialize()
throws RoleProfileException
{
getRole( "archiva-repository-manager-base" );
getRole( "global-repository-manager" );
getRole( "global-repository-observer" );
mergeRoleProfiles( "system-administrator", "archiva-system-administrator" );
mergeRoleProfiles( "user-administrator", "archiva-user-administrator" );
mergeRoleProfiles( "guest", "archiva-guest" );

View File

@ -41,7 +41,6 @@ public class ArchivaSystemAdministratorRoleProfile
{
List operations = new ArrayList();
operations.add( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION );
operations.add( ArchivaRoleConstants.OPERATION_EDIT_CONFIGURATION );
operations.add( ArchivaRoleConstants.OPERATION_MANAGE_USERS );
operations.add( ArchivaRoleConstants.OPERATION_RUN_INDEXER );
operations.add( ArchivaRoleConstants.OPERATION_REGENERATE_INDEX );

View File

@ -1,57 +0,0 @@
package org.apache.maven.archiva.security;
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import org.codehaus.plexus.rbac.profile.AbstractRoleProfile;
import java.util.ArrayList;
import java.util.List;
/**
* @plexus.component role="org.codehaus.plexus.rbac.profile.RoleProfile"
* role-hint="archiva-repository-manager-base"
*/
public class BaseRepositoryManagerRoleProfile
extends AbstractRoleProfile
{
public String getRoleName()
{
return ArchivaRoleConstants.BASE_REPOSITORY_MANAGER;
}
public List getOperations()
{
List operations = new ArrayList();
operations.add( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION );
return operations;
}
public boolean isPermanent()
{
return true;
}
public boolean isAssignable()
{
return false;
}
}

View File

@ -26,7 +26,7 @@ import java.util.List;
/**
* @plexus.component role="org.codehaus.plexus.rbac.profile.RoleProfile"
* role-hint="archiva-repository-administrator"
* role-hint="global-repository-manager"
*/
public class GlobalRepositoryManagerRoleProfile
extends AbstractRoleProfile
@ -49,9 +49,21 @@ public class GlobalRepositoryManagerRoleProfile
public List getOperations()
{
List operations = new ArrayList();
operations.add( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION );
operations.add( ArchivaRoleConstants.OPERATION_ADD_REPOSITORY );
operations.add( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY );
operations.add( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY );
return operations;
}
public List getChildRoles()
{
List childRoles = new ArrayList();
childRoles.add( ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE );
return childRoles;
}
}

View File

@ -26,7 +26,7 @@ import java.util.List;
/**
* @plexus.component role="org.codehaus.plexus.rbac.profile.RoleProfile"
* role-hint="archiva-repository-administrator"
* role-hint="global-repository-observer"
*/
public class GlobalRepositoryObserverRoleProfile
extends AbstractRoleProfile
@ -48,6 +48,8 @@ public class GlobalRepositoryObserverRoleProfile
public List getOperations()
{
return null;
List operations = new ArrayList();
operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
return operations;
}
}

View File

@ -50,61 +50,17 @@ public class RepositoryManagerDynamicRoleProfile
{
List operations = new ArrayList();
// I'm not sure these are appropriate roles.
operations.add( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY );
operations.add( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY );
operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD );
return operations;
}
public List getChildRoles()
{
return Collections.singletonList( ArchivaRoleConstants.BASE_REPOSITORY_MANAGER );
}
public List getDynamicChildRoles( String string )
{
return Collections.singletonList(
ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + ArchivaRoleConstants.DELIMITER + string );
}
public boolean isAssignable()
{
return true;
}
public Role getRole( String resource )
throws RoleProfileException
{
try
{
if ( rbacManager.roleExists( getRoleName( resource ) ) )
{
return rbacManager.getRole( getRoleName( resource ) );
}
else
{
// first time assign the role to the group administrator since they need the access
Role newRole = generateRole( resource );
Role repoAdmin = rbacManager.getRole( ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE );
repoAdmin.addChildRoleName( newRole.getName() );
rbacManager.saveRole( repoAdmin );
return newRole;
}
}
catch ( RbacObjectNotFoundException ne )
{
throw new RoleProfileException( "unable to get role", ne );
}
catch ( RbacManagerException e )
{
throw new RoleProfileException( "system error with rbac manager", e );
}
}
}

View File

@ -57,34 +57,4 @@ public class RepositoryObserverDynamicRoleProfile
return true;
}
public Role getRole( String resource )
throws RoleProfileException
{
try
{
if ( rbacManager.roleExists( getRoleName( resource ) ) )
{
return rbacManager.getRole( getRoleName( resource ) );
}
else
{
// first time assign the role to the group administrator since they need the access
Role newRole = generateRole( resource );
Role repoAdmin = rbacManager.getRole( ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE );
repoAdmin.addChildRoleName( newRole.getName() );
rbacManager.saveRole( repoAdmin );
return newRole;
}
}
catch ( RbacObjectNotFoundException ne )
{
throw new RoleProfileException( "unable to get role", ne );
}
catch ( RbacManagerException e )
{
throw new RoleProfileException( "system error with rbac manager", e );
}
}
}

View File

@ -85,8 +85,22 @@
</component>
<component>
<role>org.codehaus.plexus.rbac.profile.RoleProfile</role>
<role-hint>archiva-repository-manager-base</role-hint>
<implementation>org.apache.maven.archiva.security.BaseRepositoryManagerRoleProfile</implementation>
<role-hint>global-repository-manager</role-hint>
<implementation>org.apache.maven.archiva.security.GlobalRepositoryManagerRoleProfile</implementation>
<requirements>
<requirement>
<role>org.codehaus.plexus.security.rbac.RBACManager</role>
</requirement>
<requirement>
<role>org.codehaus.plexus.PlexusContainer</role>
<field-name>container</field-name>
</requirement>
</requirements>
</component>
<component>
<role>org.codehaus.plexus.rbac.profile.RoleProfile</role>
<role-hint>global-repository-observer</role-hint>
<implementation>org.apache.maven.archiva.security.GlobalRepositoryObserverRoleProfile</implementation>
<requirements>
<requirement>
<role>org.codehaus.plexus.security.rbac.RBACManager</role>

View File

@ -264,7 +264,7 @@
<jettyEnvXml>src/jetty-env.xml</jettyEnvXml>
<connectors>
<connector implementation="org.mortbay.jetty.nio.SelectChannelConnector">
<port>9091</port>
<port>9090</port>
<maxIdleTime>60000</maxIdleTime>
</connector>
</connectors>

View File

@ -35,7 +35,7 @@
<div>
<div style="float: right">
<%-- TODO replace with icons --%>
<pss:ifAuthorized permission="archiva-edit-configuration" resource="*">
<pss:ifAuthorized permission="archiva-manage-configuration">
<a href="<ww:url action="configure" />">Edit Configuration</a>
</pss:ifAuthorized>
</div>

View File

@ -39,7 +39,7 @@
<div>
<div style="float: right">
<%-- TODO replace with icons --%>
<pss:ifAuthorized permission="archiva-add-repository">
<pss:ifAuthorized permission="archiva-manage-configuration">
<ww:url id="addRepositoryUrl" action="addRepository" method="input"/>
<ww:a href="%{addRepositoryUrl}">Add Repository</ww:a>
</pss:ifAuthorized>
@ -52,9 +52,10 @@
<strong>There are no managed repositories configured yet.</strong>
</c:if>
<c:forEach items="${repositories}" var="repository" varStatus="i">
<pss:ifAnyAuthorized permissions="archiva-edit-repository, archiva-delete-repository" resource="${repository.id}">
<div>
<div style="float: right">
<pss:ifAnyAuthorized permissions="archiva-manage-configuration">
<ww:url id="editRepositoryUrl" action="editRepository" method="input">
<ww:param name="repoId" value="%{'${repository.id}'}"/>
</ww:url>
@ -64,6 +65,7 @@
<%-- TODO replace with icons --%>
<ww:a href="%{editRepositoryUrl}">Edit Repository</ww:a>
<ww:a href="%{deleteRepositoryUrl}">Delete Repository</ww:a>
</pss:ifAnyAuthorized>
</div>
<h3>${repository.name}</h3>
<table class="infoTable">
@ -142,7 +144,6 @@
</tr>
</table>
</div>
</pss:ifAnyAuthorized>
</c:forEach>
</div>

View File

@ -20,6 +20,7 @@
<%@ taglib prefix="ww" uri="/webwork" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="my" tagdir="/WEB-INF/tags" %>
<%@ taglib prefix="pss" uri="/plexusSecuritySystem" %>
<html>
<head>
@ -33,10 +34,14 @@
<div id="contentArea">
<div>
<%-- TODO replace with icons --%>
<div style="float: right">
<a href="<ww:url action="addProxiedRepository" method="input" />">Add Repository</a>
<pss:ifAuthorized permission="archiva-manage-configuration">
<a href="<ww:url action="addProxiedRepository" method="input" />">Add Repository</a>
</pss:ifAuthorized>
</div>
<h2>Proxied Repositories</h2>
</div>
@ -48,10 +53,12 @@
<div>
<div style="float: right">
<%-- TODO replace with icons --%>
<a href="<ww:url action="editProxiedRepository" method="input"><ww:param name="repoId" value="%{'${repository.id}'}" /></ww:url>">Edit
<pss:ifAuthorized permission="archiva-manage-configuration">
<a href="<ww:url action="editProxiedRepository" method="input"><ww:param name="repoId" value="%{'${repository.id}'}" /></ww:url>">Edit
Repository</a> | <a
href="<ww:url action="deleteProxiedRepository" method="input"><ww:param name="repoId" value="%{'${repository.id}'}" /></ww:url>">Delete
Repository</a>
Repository</a>
</pss:ifAuthorized>
</div>
<h3>${repository.name}</h3>
<table class="infoTable">