import org.apache.maven.archiva.security.ArchivaRoleConstants;
import org.codehaus.plexus.xwork.action.PlexusActionSupport;
import org.codehaus.plexus.security.rbac.RbacManagerException;
+import org.codehaus.plexus.security.rbac.Resource;
import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
{
SecureActionBundle bundle = new SecureActionBundle();
+ bundle.setRequiresAuthentication( true );
+
if ( getRepoId() != null )
{
- bundle.setRequiresAuthentication( true );
- // TODO: this is not right. It needs to change based on method
+ // TODO: this is not right. It needs to change based on method. But is this really the right way to restrict this area?
+ // TODO: not right. We only care about this permission on managed repositories. Otherwise, it's configuration
bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY, getRepoId() );
}
+ else
+ {
+ bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION, Resource.GLOBAL );
+ }
return bundle;
}
import org.apache.maven.archiva.configuration.ConfigurationStore;
import org.apache.maven.archiva.configuration.ConfigurationStoreException;
import org.apache.maven.archiva.configuration.InvalidConfigurationException;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
import org.codehaus.plexus.xwork.action.PlexusActionSupport;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
+import org.codehaus.plexus.security.rbac.Resource;
import java.io.IOException;
*/
public abstract class AbstractDeleteRepositoryAction
extends PlexusActionSupport
+ implements SecureAction
{
/**
* @plexus.requirement
{
this.operation = operation;
}
+
+ public SecureActionBundle getSecureActionBundle()
+ throws SecureActionException
+ {
+ SecureActionBundle bundle = new SecureActionBundle();
+
+ bundle.setRequiresAuthentication( true );
+
+ if ( getRepoId() != null )
+ {
+ // TODO: not right. We only care about this permission on managed repositories. Otherwise, it's configuration
+ bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY, getRepoId() );
+ }
+ else
+ {
+ bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION, Resource.GLOBAL );
+ }
+
+ return bundle;
+ }
}
import org.apache.maven.archiva.scheduler.RepositoryTaskScheduler;
import org.apache.maven.archiva.scheduler.TaskExecutionException;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
import org.codehaus.plexus.xwork.action.PlexusActionSupport;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.rbac.Resource;
/**
* Configures the application.
*/
public class RunRepositoryTaskAction
extends PlexusActionSupport
+ implements SecureAction
{
/**
* @plexus.requirement
return SUCCESS;
}
+
+ public SecureActionBundle getSecureActionBundle()
+ throws SecureActionException
+ {
+ SecureActionBundle bundle = new SecureActionBundle();
+
+ bundle.setRequiresAuthentication( true );
+ bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_RUN_INDEXER, Resource.GLOBAL );
+
+ return bundle;
+ }
}
projects / archiva.git / commitdiff