From d01764bed989abc53c20cb79723e59ae390f454a Mon Sep 17 00:00:00 2001 From: Martin Stockhammer Date: Wed, 14 Sep 2016 21:48:59 +0200 Subject: [PATCH 1/3] Changing upload permissions using parameter reference Needs the new functionality in the redback annotations. --- .../main/java/org/apache/archiva/web/api/FileUploadService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/FileUploadService.java b/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/FileUploadService.java index d95db3da59..cf21a30baf 100644 --- a/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/FileUploadService.java +++ b/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/FileUploadService.java @@ -70,7 +70,7 @@ List getSessionFileMetadatas() @Path( "save/{repositoryId}/{groupId}/{artifactId}/{version}/{packaging}" ) @GET @Produces( { MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML } ) - @RedbackAuthorization( permissions = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD ) + @RedbackAuthorization( resource = "{repositoryId}", permissions = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD ) Boolean save( @PathParam( "repositoryId" ) String repositoryId, @PathParam( "groupId" ) String groupId, @PathParam( "artifactId" ) String artifactId, @PathParam( "version" ) String version, @PathParam( "packaging" ) String packaging, @QueryParam( "generatePom" ) boolean generatePom ) From de3eb83242b42d75546670e8859cdb1f59fe4fa6 Mon Sep 17 00:00:00 2001 From: Martin Stockhammer Date: Wed, 14 Sep 2016 21:49:30 +0200 Subject: [PATCH 2/3] Adding restricted view for user managable repositories Adds additional rest method to list the repositories where the user has manage permissions. Restricts the view for uploads to only managable repositories. --- .../archiva/rest/api/services/BrowseService.java | 10 ++++++++++ .../rest/services/DefaultBrowseService.java | 13 +++++++++++++ .../archiva/security/DefaultUserRepositories.java | 5 +++++ .../apache/archiva/security/UserRepositories.java | 14 ++++++++++++++ .../archiva/security/UserRepositoriesStub.java | 5 +++++ .../main/webapp/js/archiva/artifacts-management.js | 2 +- 6 files changed, 48 insertions(+), 1 deletion(-) diff --git a/archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/services/BrowseService.java b/archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/services/BrowseService.java index 777d15d90f..cdb99eb384 100644 --- a/archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/services/BrowseService.java +++ b/archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/services/BrowseService.java @@ -101,6 +101,16 @@ ProjectVersionMetadata getProjectMetadata( @PathParam("g") String groupId, @Path List getUserRepositories() throws ArchivaRestServiceException; + /** + * @return List of repositories current user can manage + */ + @Path("userManagableRepositories") + @GET + @Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML }) + @RedbackAuthorization(noPermission = true, noRestriction = true) + List getUserManagableRepositories() + throws ArchivaRestServiceException; + /** * return the dependency Tree for an artifacts * the List result has only one entry diff --git a/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/services/DefaultBrowseService.java b/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/services/DefaultBrowseService.java index 5e5a4654b5..682c367bb9 100644 --- a/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/services/DefaultBrowseService.java +++ b/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/services/DefaultBrowseService.java @@ -507,6 +507,19 @@ public List getUserRepositories() } } + @Override + public List getUserManagableRepositories() throws ArchivaRestServiceException { + try + { + return userRepositories.getManagableRepositories( getPrincipal() ); + } + catch ( ArchivaSecurityException e ) + { + throw new ArchivaRestServiceException( "repositories.read.managable.error", + Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), e ); + } + } + @Override public List getDependees( String groupId, String artifactId, String version, String repositoryId ) throws ArchivaRestServiceException diff --git a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/DefaultUserRepositories.java b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/DefaultUserRepositories.java index 91ff5ea070..4679bc7338 100644 --- a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/DefaultUserRepositories.java +++ b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/DefaultUserRepositories.java @@ -99,6 +99,11 @@ public List getAccessibleRepositories( String principal ) return getAccessibleRepositories( principal, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ); } + @Override + public List getManagableRepositories(String principal) throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException { + return getAccessibleRepositories( principal, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD ); + } + private List getAccessibleRepositories( String principal, String operation ) throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException { diff --git a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/UserRepositories.java b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/UserRepositories.java index 6e3881218f..493eeced7f 100644 --- a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/UserRepositories.java +++ b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/UserRepositories.java @@ -98,5 +98,19 @@ boolean isAuthorizedToDeleteArtifacts( String principal, String repoId ) */ List getAccessibleRepositories( String principal ) throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException; + + /** + * + * Returns a list of repositories for which the user has the manager role. + * + * @param principal + * @since 2.2.2 + * @return + * @throws ArchivaSecurityException + * @throws AccessDeniedException + * @throws PrincipalNotFoundException + */ + List getManagableRepositories( String principal ) + throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException; } diff --git a/archiva-modules/archiva-web/archiva-web-common/src/test/java/org/apache/archiva/security/UserRepositoriesStub.java b/archiva-modules/archiva-web/archiva-web-common/src/test/java/org/apache/archiva/security/UserRepositoriesStub.java index 485d4a7186..3cd2dad116 100644 --- a/archiva-modules/archiva-web/archiva-web-common/src/test/java/org/apache/archiva/security/UserRepositoriesStub.java +++ b/archiva-modules/archiva-web/archiva-web-common/src/test/java/org/apache/archiva/security/UserRepositoriesStub.java @@ -88,4 +88,9 @@ public List getAccessibleRepositories( String principal ) { return Collections.emptyList(); } + + @Override + public List getManagableRepositories(String principal) throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException { + return Collections.emptyList(); + } } diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/js/archiva/artifacts-management.js b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/js/archiva/artifacts-management.js index e87ec56915..aa96a8339f 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/js/archiva/artifacts-management.js +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/js/archiva/artifacts-management.js @@ -86,7 +86,7 @@ define("archiva.artifacts-management",["jquery","i18n","utils","jquery.tmpl","kn dataType: 'json', success: function(data) { mainContent.html($("#file-upload-screen").html()); - $.ajax("restServices/archivaServices/browseService/userRepositories", { + $.ajax("restServices/archivaServices/browseService/userManagableRepositories", { type: "GET", dataType: 'json', success: function(data) { From 5bc8ad7de352acb025fefb2e39967abf94163b3b Mon Sep 17 00:00:00 2001 From: Martin Stockhammer Date: Wed, 14 Sep 2016 23:04:03 +0200 Subject: [PATCH 3/3] Adding test case for repository listing --- .../rest/services/BrowseServiceTest.java | 52 +++++++++++++++++-- 1 file changed, 49 insertions(+), 3 deletions(-) diff --git a/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/BrowseServiceTest.java b/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/BrowseServiceTest.java index 7ee34c6d9f..f6e58855c6 100644 --- a/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/BrowseServiceTest.java +++ b/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/BrowseServiceTest.java @@ -18,8 +18,10 @@ * under the License. */ +import org.apache.archiva.admin.model.beans.ManagedRepository; import org.apache.archiva.maven2.model.Artifact; import org.apache.archiva.metadata.model.ProjectVersionMetadata; +import org.apache.archiva.redback.rest.api.model.Role; import org.apache.archiva.redback.rest.api.services.RedbackServiceException; import org.apache.archiva.rest.api.model.ArtifactContentEntry; import org.apache.archiva.rest.api.model.BrowseResult; @@ -38,9 +40,7 @@ import javax.ws.rs.core.MediaType; import java.io.File; import java.io.IOException; -import java.util.HashMap; -import java.util.List; -import java.util.Map; +import java.util.*; import static org.assertj.core.api.Assertions.assertThat; @@ -154,6 +154,52 @@ public void browsegroupId() new BrowseResultEntry( "org.apache.karaf.features", false ) ); } + @Test + public void listUserRepositories() + throws Exception + { + initSourceTargetRepo(); + BrowseService browseService = getBrowseService( authorizationHeader, false ); + + List browseResult = browseService.getUserRepositories(); + assertThat( browseResult ) + .isNotNull() + .isNotEmpty() + .hasSize(5); + List repIds = new ArrayList<>(); + for(ManagedRepository rep : browseResult) { + repIds.add(rep.getId()); + } + assertThat(repIds).contains("internal","snapshots","test-repo","test-copy-target","test-origin-repo"); + + } + + + @Test + public void listUserManagableRepositories() + throws Exception + { + initSourceTargetRepo(); + // Giving the guest user a manager role + String name = "Repository Manager - internal"; + Role role = getRoleManagementService( authorizationHeader ).getRole( name ); + role.setUsers( Arrays.asList( getUserService( authorizationHeader ).getUser( "guest" ) ) ); + getRoleManagementService( authorizationHeader ).updateRoleUsers( role ); + + // browseService with guest user + BrowseService browseService = getBrowseService( "", false ); + + List browseResult = browseService.getUserManagableRepositories(); + assertThat( browseResult ) + .isNotNull() + .isNotEmpty().hasSize(1); + List repIds = new ArrayList<>(); + for(ManagedRepository rep : browseResult) { + repIds.add(rep.getId()); + } + assertThat(repIds).contains("internal"); + + } @Test public void browsegroupIdWithReleaseStartNumber()