source.dussan.org Git - archiva.git/blob

   1 package org.apache.archiva.redback.struts2.action.admin;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  *   http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import org.apache.archiva.redback.rbac.Resource;
  23 import org.apache.archiva.redback.rbac.Role;
  24 import org.apache.archiva.redback.rbac.UserAssignment;
  25 import org.apache.archiva.redback.role.RoleManager;
  26 import org.apache.archiva.redback.role.model.ModelApplication;
  27 import org.apache.archiva.redback.struts2.action.AbstractUserCredentialsAction;
  28 import org.apache.archiva.redback.users.User;
  29 import org.apache.archiva.redback.users.UserNotFoundException;
  30 import org.apache.archiva.redback.rbac.RbacManagerException;
  31 import org.apache.archiva.redback.struts2.action.AuditEvent;
  32 import org.apache.archiva.redback.struts2.model.ApplicationRoleDetails;
  33 import org.apache.archiva.redback.struts2.model.ApplicationRoleDetails.RoleTableCell;
  34 import org.apache.archiva.redback.users.UserManager;
  35 import org.codehaus.plexus.util.StringUtils;
  36 import org.apache.archiva.redback.integration.interceptor.SecureActionBundle;
  37 import org.apache.archiva.redback.integration.interceptor.SecureActionException;
  38 import org.apache.archiva.redback.integration.model.AdminEditUserCredentials;
  39 import org.apache.archiva.redback.integration.role.RoleConstants;
  40 import org.springframework.context.annotation.Scope;
  41 import org.springframework.stereotype.Controller;
  42
  43 import javax.inject.Inject;
  44 import java.util.ArrayList;
  45 import java.util.Arrays;
  46 import java.util.Collection;
  47 import java.util.HashSet;
  48 import java.util.Iterator;
  49 import java.util.List;
  50 import java.util.Set;
  51
  52 /**
  53  * AssignmentsAction
  54  *
  55  * @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
  56  * @version $Id$
  57  */
  58 @Controller("redback-assignments")
  59 @Scope("prototype")
  60 public class AssignmentsAction
  61     extends AbstractUserCredentialsAction
  62 {
  63     // ------------------------------------------------------------------
  64     //  Component Requirements
  65     // ------------------------------------------------------------------
  66
  67     /**
  68      *  role-hint="default"
  69      */
  70     @Inject
  71     private RoleManager rmanager;
  72
  73     // ------------------------------------------------------------------
  74     // Action Parameters
  75     // ------------------------------------------------------------------
  76
  77     private String principal;
  78
  79     private AdminEditUserCredentials user;
  80
  81     /**
  82      * A List of {@link Role} objects.
  83      */
  84     private List<Role> assignedRoles;
  85
  86     /**
  87      * A List of {@link Role} objects.
  88      */
  89     private List<Role> availableRoles;
  90
  91     private List<Role> effectivelyAssignedRoles;
  92
  93     /**
  94      * List of names (received from client) of dynamic roles to set/unset
  95      */
  96     private List<String> addDSelectedRoles;
  97
  98     /**
  99      * List of names (received from client) of nondynamic roles to set/unset
 100      */
 101     private List<String> addNDSelectedRoles;
 102
 103     private List<Role> nondynamicroles;
 104
 105     private List<Role> dynamicroles;
 106
 107     private List<String> NDRoles;
 108
 109     private List<String> DRoles;
 110
 111     private List<ApplicationRoleDetails> applicationRoleDetails = new ArrayList<ApplicationRoleDetails>();
 112
 113     // ------------------------------------------------------------------
 114     // Action Entry Points - (aka Names)
 115     // ------------------------------------------------------------------
 116
 117     public List<ApplicationRoleDetails> getApplicationRoleDetails()
 118     {
 119         return applicationRoleDetails;
 120     }
 121
 122     /**
 123      * Display the edit user panel. <p/> This should consist of the Role details for the specified user. <p/> A table of
 124      * currently assigned roles. This table should have a column to remove the role from the user. This table should
 125      * also have a column of checkboxes that can be selected and then removed from the user. <p/> A table of roles that
 126      * can be assigned. This table should have a set of checkboxes that can be selected and then added to the user. <p/>
 127      * Duplicate role assignment needs to be taken care of.
 128      *
 129      * @throws RbacManagerException
 130      * @throws org.apache.archiva.redback.rbac.RbacObjectNotFoundException
 131      */
 132     @SuppressWarnings( "unchecked" )
 133     public String show()
 134         throws RbacManagerException
 135     {
 136         this.addNDSelectedRoles = new ArrayList<String>();
 137         this.addDSelectedRoles = new ArrayList<String>();
 138
 139         if ( StringUtils.isEmpty( principal ) )
 140         {
 141             addActionError( getText( "rbac.edit.user.empty.principal" ) );
 142             return ERROR;
 143         }
 144
 145         UserManager userManager = super.securitySystem.getUserManager();
 146
 147         if ( !userManager.userExists( principal ) )
 148         {
 149             addActionError( getText( "user.does.not.exist", new String[]{principal} ) );
 150             return ERROR;
 151         }
 152
 153         try
 154         {
 155             User u = userManager.findUser( principal );
 156
 157             if ( u == null )
 158             {
 159                 addActionError( getText( "cannot.operate.on.null.user" ) );
 160                 return ERROR;
 161             }
 162
 163             user = new AdminEditUserCredentials( u );
 164         }
 165         catch ( UserNotFoundException e )
 166         {
 167             addActionError( getText( "user.not.found.exception", Arrays.asList( ( Object ) principal, e.getMessage() ) ) );
 168             return ERROR;
 169         }
 170
 171         // check first if role assignments for user exist
 172         if ( !getManager().userAssignmentExists( principal ) )
 173         {
 174             UserAssignment assignment = getManager().createUserAssignment( principal );
 175             getManager().saveUserAssignment( assignment );
 176         }
 177
 178         List<Role> assignableRoles = getFilteredRolesForCurrentUserAccess();
 179         List<ApplicationRoleDetails> appRoleDetails = lookupAppRoleDetails( principal, assignableRoles );
 180         applicationRoleDetails.addAll( appRoleDetails );
 181
 182         return SUCCESS;
 183     }
 184
 185     @SuppressWarnings( "unchecked" )
 186     private List<ApplicationRoleDetails> lookupAppRoleDetails( String principal, List<Role> assignableRoles )
 187         throws RbacManagerException
 188     {
 189         List<ApplicationRoleDetails> appRoleDetails = new ArrayList<ApplicationRoleDetails>();
 190         for ( Iterator<ModelApplication> i = rmanager.getModel().getApplications().iterator(); i.hasNext(); )
 191         {
 192             ModelApplication application = i.next();
 193             ApplicationRoleDetails details =
 194                 new ApplicationRoleDetails( application, getManager().getEffectivelyAssignedRoles( principal ),
 195                                             getManager().getAssignedRoles( principal ), assignableRoles );
 196             appRoleDetails.add( details );
 197         }
 198         return appRoleDetails;
 199     }
 200
 201     /**
 202      * Applies role additions and removals and then displays the edit user panel.
 203      *
 204      * @return
 205      */
 206     public String edituser()
 207     {
 208         try
 209         {
 210             Collection<Role> assignedRoles = getManager().getAssignedRoles( principal );
 211             List<Role> assignableRoles = getFilteredRolesForCurrentUserAccess();
 212
 213             // Compute set of roles usable by configured apps, add/del from this set only
 214             List<ApplicationRoleDetails> appRoleDetails = lookupAppRoleDetails( principal, assignableRoles );
 215             applicationRoleDetails.addAll( appRoleDetails );
 216
 217             Set<String> availableAppRoleNames = new HashSet<String>();
 218             for ( ApplicationRoleDetails appRoleDetail : applicationRoleDetails )
 219             {
 220                 availableAppRoleNames.addAll( appRoleDetail.getAssignedRoles() );
 221                 availableAppRoleNames.addAll( appRoleDetail.getAvailableRoles() );
 222
 223                 // Add dynamic roles offered on page
 224                 for ( List<RoleTableCell> row : appRoleDetail.getTable() )
 225                 {
 226                     for ( RoleTableCell col : row )
 227                     {
 228                         if ( !col.isLabel() )
 229                         {
 230                             availableAppRoleNames.add( col.getName() );
 231                         }
 232                     }
 233                 }
 234             }
 235
 236             Set<Role> availableRoles = new HashSet<Role>( assignedRoles );
 237             availableRoles.addAll( assignableRoles );
 238
 239             // Filter the available roles so we only consider configured app roles
 240             Iterator<Role> availableRoleIterator = availableRoles.iterator();
 241             while ( availableRoleIterator.hasNext() )
 242             {
 243                 Role availableRole = availableRoleIterator.next();
 244                 if ( !availableAppRoleNames.contains( availableRole.getName() ) )
 245                 {
 246                     availableRoleIterator.remove();
 247                 }
 248             }
 249
 250             List<String> selectedRoleNames = new ArrayList<String>();
 251             addSelectedRoles( availableRoles, selectedRoleNames, addNDSelectedRoles );
 252             addSelectedRoles( availableRoles, selectedRoleNames, addDSelectedRoles );
 253
 254             List<String> newRoles = new ArrayList<String>( selectedRoleNames );
 255             String currentUser = getCurrentUser();
 256             for ( Role assignedRole : assignedRoles )
 257             {
 258                 if ( !selectedRoleNames.contains( assignedRole.getName() ) )
 259                 {
 260                     // removing a currently assigned role, check if we have permission
 261                     if ( !availableRoles.contains( assignedRole )
 262                         || !checkRoleName( assignableRoles, assignedRole.getName() ) )
 263                     {
 264                         // it may have not been on the page. Leave it assigned.
 265                         selectedRoleNames.add( assignedRole.getName() );
 266                     }
 267                     else
 268                     {
 269                         String role = assignedRole.getName();
 270                         AuditEvent event = new AuditEvent( getText( "log.revoke.role" ) );
 271                         event.setAffectedUser( principal );
 272                         event.setRole( role );
 273                         event.setCurrentUser( currentUser );
 274                         event.log();
 275                     }
 276                 }
 277                 else
 278                 {
 279                     newRoles.remove( assignedRole.getName() );
 280                 }
 281             }
 282             for ( String r : newRoles )
 283             {
 284                 AuditEvent event = new AuditEvent( getText( "log.assign.role" ) );
 285                 event.setAffectedUser( principal );
 286                 event.setRole( r );
 287                 event.setCurrentUser( currentUser );
 288                 event.log();
 289             }
 290
 291             UserAssignment assignment;
 292
 293             if ( getManager().userAssignmentExists( principal ) )
 294             {
 295                 assignment = getManager().getUserAssignment( principal );
 296             }
 297             else
 298             {
 299                 assignment = getManager().createUserAssignment( principal );
 300             }
 301
 302             assignment.setRoleNames( selectedRoleNames );
 303
 304             assignment = getManager().saveUserAssignment( assignment );
 305         }
 306         catch ( RbacManagerException ne )
 307         {
 308             addActionError( getText( "error.removing.selected.roles", Arrays.asList( ( Object ) ne.getMessage() ) ) );
 309             return ERROR;
 310         }
 311         return SUCCESS;
 312     }
 313
 314     private void addSelectedRoles( Collection<Role> assignableRoles, List<String> roles, List<String> selectedRoles )
 315     {
 316         if ( selectedRoles != null )
 317         {
 318             for ( String r : selectedRoles )
 319             {
 320                 if ( checkRoleName( assignableRoles, r ) )
 321                 {
 322                     roles.add( r );
 323                 }
 324             }
 325         }
 326     }
 327
 328     private boolean checkRoleName( Collection<Role> assignableRoles, String r )
 329     {
 330         for ( Role role : assignableRoles )
 331         {
 332             if ( role.getName().equals( r ) )
 333             {
 334                 return true;
 335             }
 336         }
 337         return false;
 338     }
 339
 340     // ------------------------------------------------------------------
 341     // Parameter Accessor Methods
 342     // ------------------------------------------------------------------
 343
 344     public List<Role> getAssignedRoles()
 345     {
 346         return assignedRoles;
 347     }
 348
 349     public void setAssignedRoles( List<Role> assignedRoles )
 350     {
 351         this.assignedRoles = assignedRoles;
 352     }
 353
 354     public List<Role> getAvailableRoles()
 355     {
 356         return availableRoles;
 357     }
 358
 359     public void setAvailableRoles( List<Role> availableRoles )
 360     {
 361         this.availableRoles = availableRoles;
 362     }
 363
 364     public List<Role> getEffectivelyAssignedRoles()
 365     {
 366         return effectivelyAssignedRoles;
 367     }
 368
 369     public void setEffectivelyAssignedRoles( List<Role> effectivelyAssignedRoles )
 370     {
 371         this.effectivelyAssignedRoles = effectivelyAssignedRoles;
 372     }
 373
 374     public String getPrincipal()
 375     {
 376         return principal;
 377     }
 378
 379     public void setPrincipal( String principal )
 380     {
 381         this.principal = principal;
 382     }
 383
 384     public void setUsername( String username )
 385     {
 386         this.principal = username;
 387     }
 388
 389     public AdminEditUserCredentials getUser()
 390     {
 391         return user;
 392     }
 393
 394     public SecureActionBundle initSecureActionBundle()
 395         throws SecureActionException
 396     {
 397         SecureActionBundle bundle = new SecureActionBundle();
 398         bundle.setRequiresAuthentication( true );
 399         bundle.addRequiredAuthorization( RoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION, Resource.GLOBAL );
 400         bundle.addRequiredAuthorization( RoleConstants.USER_MANAGEMENT_RBAC_ADMIN_OPERATION, Resource.GLOBAL );
 401         bundle.addRequiredAuthorization( RoleConstants.USER_MANAGEMENT_ROLE_GRANT_OPERATION, Resource.GLOBAL );
 402         bundle.addRequiredAuthorization( RoleConstants.USER_MANAGEMENT_ROLE_DROP_OPERATION, Resource.GLOBAL );
 403         bundle.addRequiredAuthorization( RoleConstants.USER_MANAGEMENT_USER_ROLE_OPERATION, Resource.GLOBAL );
 404
 405         return bundle;
 406     }
 407
 408     public List<Role> getNondynamicroles()
 409     {
 410         return nondynamicroles;
 411     }
 412
 413     public void setNondynamicroles( List<Role> nondynamicroles )
 414     {
 415         this.nondynamicroles = nondynamicroles;
 416     }
 417
 418     public List<Role> getDynamicroles()
 419     {
 420         return dynamicroles;
 421     }
 422
 423     public void setDynamicroles( List<Role> dynamicroles )
 424     {
 425         this.dynamicroles = dynamicroles;
 426     }
 427
 428     public List<String> getNDRoles()
 429     {
 430         return NDRoles;
 431     }
 432
 433     public void setNDRoles( List<String> roles )
 434     {
 435         NDRoles = roles;
 436     }
 437
 438     public List<String> getDRoles()
 439     {
 440         return DRoles;
 441     }
 442
 443     public void setDRoles( List<String> roles )
 444     {
 445         DRoles = roles;
 446     }
 447
 448     public List<String> getAddDSelectedRoles()
 449     {
 450         return addDSelectedRoles;
 451     }
 452
 453     public void setAddDSelectedRoles( List<String> addDSelectedRoles )
 454     {
 455         this.addDSelectedRoles = addDSelectedRoles;
 456     }
 457
 458     public List<String> getAddNDSelectedRoles()
 459     {
 460         return addNDSelectedRoles;
 461     }
 462
 463     public void setAddNDSelectedRoles( List<String> addNDSelectedRoles )
 464     {
 465         this.addNDSelectedRoles = addNDSelectedRoles;
 466     }
 467 }