]> source.dussan.org Git - archiva.git/blob
projects / archiva.git / blob
? search:


7479c6aba507fee0919c7d4c651b410420ffabfe
[archiva.git] /
1 package org.codehaus.plexus.redback.struts2.action.admin;
2
3 /*
4  * Licensed to the Apache Software Foundation (ASF) under one
5  * or more contributor license agreements.  See the NOTICE file
6  * distributed with this work for additional information
7  * regarding copyright ownership.  The ASF licenses this file
8  * to you under the Apache License, Version 2.0 (the
9  * "License"); you may not use this file except in compliance
10  * with the License.  You may obtain a copy of the License at
11  *
12  *   http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing,
15  * software distributed under the License is distributed on an
16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17  * KIND, either express or implied.  See the License for the
18  * specific language governing permissions and limitations
19  * under the License.
20  */
21
22 import org.apache.commons.lang.StringEscapeUtils;
23 import org.codehaus.plexus.redback.rbac.Permission;
24 import org.codehaus.plexus.redback.rbac.RbacManagerException;
25 import org.codehaus.plexus.redback.rbac.Resource;
26 import org.codehaus.plexus.redback.rbac.Role;
27 import org.codehaus.plexus.redback.rbac.UserAssignment;
28 import org.codehaus.plexus.redback.struts2.action.AbstractUserCredentialsAction;
29 import org.codehaus.plexus.redback.struts2.action.AuditEvent;
30 import org.codehaus.plexus.redback.users.User;
31 import org.codehaus.plexus.redback.users.UserManager;
32 import org.codehaus.plexus.redback.users.UserNotFoundException;
33 import org.codehaus.plexus.util.StringUtils;
34 import org.codehaus.redback.integration.interceptor.SecureActionBundle;
35 import org.codehaus.redback.integration.interceptor.SecureActionException;
36 import org.codehaus.redback.integration.role.RoleConstants;
37 import org.codehaus.redback.integration.security.role.RedbackRoleConstants;
38 import org.springframework.context.annotation.Scope;
39 import org.springframework.stereotype.Controller;
40
41 import java.util.ArrayList;
42 import java.util.List;
43 import java.util.Map;
44
45 /**
46  * EditRoleAction
47  *
48  * @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
49  * @version $Id$
50  */
51 @Controller( "redback-role-edit" )
52 @Scope( "prototype" )
53 public class EditRoleAction
54     extends AbstractUserCredentialsAction
55 {
56     // ------------------------------------------------------------------
57     // Action Parameters
58     // ------------------------------------------------------------------
59
60     private String name;
61
62     private String description;
63
64     private String newDescription;
65
66     private List<String> childRoleNames = new ArrayList<String>();
67
68     private List<String> parentRoleNames = new ArrayList<String>();
69
70     private List<Permission> permissions = new ArrayList<Permission>();
71
72     private List<User> users = new ArrayList<User>();
73
74     private List<User> parentUsers = new ArrayList<User>();
75
76     private List<User> allUsers = new ArrayList<User>();
77
78     private List<String> usersList = new ArrayList<String>();
79
80     private List<String> availableUsers = new ArrayList<String>();
81
82     private List<String> currentUsers = new ArrayList<String>();
83
84     // ------------------------------------------------------------------
85     // Action Entry Points - (aka Names)
86     // ------------------------------------------------------------------
87
88     public String input()
89     {
90         if ( name == null )
91         {
92             addActionError( getText( "cannot.edit.null.role" ) );
93             return ERROR;
94         }
95
96         if ( StringUtils.isEmpty( name ) )
97         {
98             addActionError( getText( "cannot.edit.empty.role" ) );
99             return ERROR;
100         }
101
102         name = StringEscapeUtils.escapeXml( name );
103
104         if ( !getManager().roleExists( name ) )
105         {
106             // Means that the role name doesn't exist.
107             // We should exit early and not attempt to look up the role information.
108             return INPUT;
109         }
110
111         try
112         {
113             if ( !isAuthorized() )
114             {
115                 log.warn( getCurrentUser() + " isn't authorized to access to the role '" + name + "'" );
116                 addActionError( getText( "alert.message" ) );
117                 return ERROR;
118             }
119
120             Role role = getManager().getRole( name );
121             if ( role == null )
122             {
123                 addActionError( getText( "cannot.operate.null.role" ) );
124                 return ERROR;
125             }
126
127             description = role.getDescription();
128             childRoleNames = role.getChildRoleNames();
129             Map<String, Role> parentRoles = getManager().getParentRoles( role );
130             for ( String roleName : parentRoles.keySet() )
131             {
132                 parentRoleNames.add( roleName );
133             }
134             permissions = role.getPermissions();
135
136             //Get users of the current role
137             List<String> roles = new ArrayList<String>();
138             roles.add( name );
139             List<UserAssignment> userAssignments = getManager().getUserAssignmentsForRoles( roles );
140             users = new ArrayList<User>();
141             if ( userAssignments != null )
142             {
143                 for ( UserAssignment userAssignment : userAssignments )
144                 {
145                     try
146                     {
147                         User user = getUserManager().findUser( userAssignment.getPrincipal() );
148                         users.add( user );
149                     }
150                     catch ( UserNotFoundException e )
151                     {
152                         log.warn( "User '" + userAssignment.getPrincipal() + "' doesn't exist.", e );
153                     }
154                 }
155             }
156
157             //Get users of the parent roles
158             parentUsers = new ArrayList<User>();
159             if ( !parentRoles.isEmpty() )
160             {
161                 List<UserAssignment> userParentAssignments =
162                     getManager().getUserAssignmentsForRoles( parentRoles.keySet() );
163                 if ( userParentAssignments != null )
164                 {
165                     for ( UserAssignment userAssignment : userParentAssignments )
166                     {
167                         try
168                         {
169                             User user = getUserManager().findUser( userAssignment.getPrincipal() );
170                             parentUsers.add( user );
171                         }
172                         catch ( UserNotFoundException e )
173                         {
174                             log.warn( "User '" + userAssignment.getPrincipal() + "' doesn't exist.", e );
175                         }
176                     }
177                 }
178             }
179         }
180         catch ( RbacManagerException e )
181         {
182             List<Object> list = new ArrayList<Object>();
183             list.add( name );
184             list.add( e.getMessage() );
185             addActionError( getText( "cannot.get.role", list ) );
186             return ERROR;
187         }
188
189         return INPUT;
190     }
191
192     private boolean isAuthorized()
193         throws RbacManagerException
194     {
195         List<Role> assignableRoles = getFilteredRolesForCurrentUserAccess();
196         boolean updatableRole = false;
197         for ( Role r : assignableRoles )
198         {
199             if ( r.getName().equalsIgnoreCase( name ) )
200             {
201                 updatableRole = true;
202             }
203         }
204
205         return updatableRole;
206     }
207
208     public String edit()
209     {
210         String result = input();
211         if ( ERROR.equals( result ) )
212         {
213             return result;
214         }
215
216         newDescription = description;
217
218         //TODO: Remove all users defined in parent roles too
219         allUsers = getUserManager().getUsers();
220
221         for ( User user : users )
222         {
223             if ( allUsers.contains( user ) )
224             {
225                 allUsers.remove( user );
226             }
227         }
228
229         for ( User user : parentUsers )
230         {
231             if ( allUsers.contains( user ) )
232             {
233                 allUsers.remove( user );
234             }
235         }
236
237         return result;
238     }
239
240     public String save()
241     {
242         String result = input();
243         if ( ERROR.equals( result ) )
244         {
245             return result;
246         }
247
248         if ( name == null )
249         {
250             addActionError( getText( "cannot.edit.null.role" ) );
251             return ERROR;
252         }
253
254         if ( StringUtils.isEmpty( name ) )
255         {
256             addActionError( getText( "cannot.edit.empty.role" ) );
257             return ERROR;
258         }
259
260         try
261         {
262             Role role;
263             if ( getManager().roleExists( name ) )
264             {
265                 role = getManager().getRole( name );
266             }
267             else
268             {
269                 role = getManager().createRole( name );
270             }
271
272             //TODO: allow to modify childRoleNames and permissions
273             role.setDescription( newDescription );
274             //role.setChildRoleNames( childRoleNames );
275             //role.setPermissions( permissions );
276
277             getManager().saveRole( role );
278
279             List<Object> list = new ArrayList<Object>();
280             list.add( name );
281             String currentUser = getCurrentUser();
282             AuditEvent event = new AuditEvent( getText( "log.role.edit" ) );
283             event.setRole( name );
284             event.setCurrentUser( currentUser );
285             event.log();
286             addActionMessage( getText( "save.role.success", list ) );
287         }
288         catch ( RbacManagerException e )
289         {
290             List<Object> list = new ArrayList<Object>();
291             list.add( name );
292             list.add( e.getMessage() );
293             addActionError( getText( "cannot.get.role", list ) );
294             return ERROR;
295         }
296
297         return SUCCESS;
298     }
299
300     public String addUsers()
301     {
302         if ( availableUsers == null || availableUsers.isEmpty() )
303         {
304             return INPUT;
305         }
306
307         for ( String principal : availableUsers )
308         {
309             if ( !getUserManager().userExists( principal ) )
310             {
311                 // Means that the role name doesn't exist.
312                 // We need to fail fast and return to the previous page.
313                 List<Object> list = new ArrayList<Object>();
314                 list.add( principal );
315                 addActionError( getText( "user.does.not.exist", list ) );
316                 return ERROR;
317             }
318
319             try
320             {
321                 UserAssignment assignment;
322
323                 if ( getManager().userAssignmentExists( principal ) )
324                 {
325                     assignment = getManager().getUserAssignment( principal );
326                 }
327                 else
328                 {
329                     assignment = getManager().createUserAssignment( principal );
330                 }
331
332                 assignment.addRoleName( name );
333                 assignment = getManager().saveUserAssignment( assignment );
334                 log.info( "{} role assigned to {}", name, principal );
335             }
336             catch ( RbacManagerException e )
337             {
338                 List<Object> list = new ArrayList<Object>();
339                 list.add( principal );
340                 list.add( e.getMessage() );
341                 addActionError( getText( "cannot.assign.role", list ) );
342                 return ERROR;
343             }
344         }
345
346         edit();
347         return SUCCESS;
348     }
349
350     public String removeUsers()
351     {
352         if ( currentUsers == null || currentUsers.isEmpty() )
353         {
354             return INPUT;
355         }
356
357         for ( String principal : currentUsers )
358         {
359             if ( !getUserManager().userExists( principal ) )
360             {
361                 // Means that the role name doesn't exist.
362                 // We need to fail fast and return to the previous page.
363                 List<Object> list = new ArrayList<Object>();
364                 list.add( principal );
365                 addActionError( getText( "user.does.not.exist", list ) );
366                 return ERROR;
367             }
368
369             try
370             {
371                 UserAssignment assignment;
372
373                 if ( getManager().userAssignmentExists( principal ) )
374                 {
375                     assignment = getManager().getUserAssignment( principal );
376                 }
377                 else
378                 {
379                     assignment = getManager().createUserAssignment( principal );
380                 }
381
382                 assignment.removeRoleName( name );
383                 assignment = getManager().saveUserAssignment( assignment );
384                 log.info( "{} role unassigned to {}", name, principal );
385             }
386             catch ( RbacManagerException e )
387             {
388                 List<Object> list = new ArrayList<Object>();
389                 list.add( principal );
390                 list.add( e.getMessage() );
391                 addActionError( getText( "cannot.assign.role", list ) );
392                 return ERROR;
393             }
394         }
395
396         edit();
397         return SUCCESS;
398     }
399
400     private UserManager getUserManager()
401     {
402         return securitySystem.getUserManager();
403     }
404
405     // ------------------------------------------------------------------
406     // Parameter Accessor Methods
407     // ------------------------------------------------------------------
408
409     public String getName()
410     {
411         return name;
412     }
413
414     public void setName( String roleName )
415     {
416         this.name = roleName;
417     }
418
419     public List<String> getChildRoleNames()
420     {
421         return childRoleNames;
422     }
423
424     public void setChildRoleNames( List<String> childRoleNames )
425     {
426         this.childRoleNames = childRoleNames;
427     }
428
429     public String getDescription()
430     {
431         return description;
432     }
433
434     public void setDescription( String description )
435     {
436         this.description = description;
437     }
438
439     public String getNewDescription()
440     {
441         return newDescription;
442     }
443
444     public void setNewDescription( String newDescription )
445     {
446         this.newDescription = newDescription;
447     }
448
449     public List<Permission> getPermissions()
450     {
451         return permissions;
452     }
453
454     public void setPermissions( List<Permission> permissions )
455     {
456         this.permissions = permissions;
457     }
458
459     public List<User> getUsers()
460     {
461         return users;
462     }
463
464     public void setUsers( List<User> users )
465     {
466         this.users = users;
467     }
468
469     public List<User> getAllUsers()
470     {
471         return allUsers;
472     }
473
474     public void setAllUsers( List<User> allUsers )
475     {
476         this.allUsers = allUsers;
477     }
478
479     public List<String> getUsersList()
480     {
481         return usersList;
482     }
483
484     public void setUsersList( List<String> usersList )
485     {
486         this.usersList = usersList;
487     }
488
489     public List<String> getAvailableUsers()
490     {
491         return availableUsers;
492     }
493
494     public void setAvailableUsers( List<String> availableUsers )
495     {
496         this.availableUsers = availableUsers;
497     }
498
499     public List<String> getCurrentUsers()
500     {
501         return currentUsers;
502     }
503
504     public void setCurrentUsers( List<String> currentUsers )
505     {
506         this.currentUsers = currentUsers;
507     }
508
509     public List<String> getParentRoleNames()
510     {
511         return parentRoleNames;
512     }
513
514     public void setParentRoleNames( List<String> parentRoleNames )
515     {
516         this.parentRoleNames = parentRoleNames;
517     }
518
519     public List<User> getParentUsers()
520     {
521         return parentUsers;
522     }
523
524     public void setParentUsers( List<User> parentUsers )
525     {
526         this.parentUsers = parentUsers;
527     }
528
529     // ------------------------------------------------------------------
530     // Internal Support Methods
531     // ------------------------------------------------------------------
532
533     public SecureActionBundle initSecureActionBundle()
534         throws SecureActionException
535     {
536         SecureActionBundle bundle = new SecureActionBundle();
537         bundle.setRequiresAuthentication( true );
538         bundle.addRequiredAuthorization( RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION, Resource.GLOBAL );
539         bundle.addRequiredAuthorization( RedbackRoleConstants.USER_MANAGEMENT_RBAC_ADMIN_OPERATION, Resource.GLOBAL );
540         bundle.addRequiredAuthorization( RedbackRoleConstants.USER_MANAGEMENT_ROLE_GRANT_OPERATION, Resource.GLOBAL );
541         bundle.addRequiredAuthorization( RedbackRoleConstants.USER_MANAGEMENT_ROLE_DROP_OPERATION, Resource.GLOBAL );
542         bundle.addRequiredAuthorization( RedbackRoleConstants.USER_MANAGEMENT_USER_ROLE_OPERATION, Resource.GLOBAL );
543         return bundle;
544     }
545 }
Apache Archiva Repository: https://github.com/apache/archiva