operations.add( ArchivaRoleConstants.OPERATION_RUN_INDEXER );
operations.add( ArchivaRoleConstants.OPERATION_REGENERATE_INDEX );
operations.add( ArchivaRoleConstants.OPERATION_ACCESS_REPORT ); // TODO: does this need to be templated?
- operations.add( ArchivaRoleConstants.OPERATION_ADD_REPOSITORY );
- operations.add( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY );
- operations.add( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY );
// we don't add access/upload repository operations. This isn't a sys-admin function, and we don't want to
// encourage the use of the sys admin role for such operations. They can grant it as necessary.
return operations;
}
+
+
+ public List getChildRoles()
+ {
+ List childRoles = new ArrayList();
+ childRoles.add( ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE );
+ return childRoles;
+ }
public boolean isAssignable()
{
--- /dev/null
+package org.apache.maven.archiva.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.codehaus.plexus.rbac.profile.AbstractRoleProfile;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @plexus.component role="org.codehaus.plexus.rbac.profile.RoleProfile"
+ * role-hint="archiva-repository-administrator"
+ */
+public class GlobalRepositoryManagerRoleProfile
+ extends AbstractRoleProfile
+{
+ /**
+ * Create the Role name for a Repository Observer, using the provided repository id.
+ *
+ * @param repoId the repository id
+ */
+ public String getRoleName( )
+ {
+ return ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE;
+ }
+
+ public boolean isAssignable()
+ {
+ return true;
+ }
+
+ public List getOperations()
+ {
+ List operations = new ArrayList();
+ operations.add( ArchivaRoleConstants.OPERATION_ADD_REPOSITORY );
+ operations.add( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY );
+ operations.add( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY );
+ return operations;
+ }
+}
*/
import org.codehaus.plexus.rbac.profile.AbstractDynamicRoleProfile;
+import org.codehaus.plexus.rbac.profile.RoleProfileException;
+import org.codehaus.plexus.security.rbac.RbacManagerException;
+import org.codehaus.plexus.security.rbac.RbacObjectNotFoundException;
+import org.codehaus.plexus.security.rbac.Role;
import java.util.ArrayList;
import java.util.Collections;
{
return true;
}
+
+ public Role getRole( String resource )
+ throws RoleProfileException
+ {
+ try
+ {
+ if ( rbacManager.roleExists( getRoleName( resource ) ) )
+ {
+ return rbacManager.getRole( getRoleName( resource ) );
+ }
+ else
+ {
+ // first time assign the role to the group administrator since they need the access
+ Role newRole = generateRole( resource );
+
+ Role repoAdmin = rbacManager.getRole( ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE );
+ repoAdmin.addChildRoleName( newRole.getName() );
+ rbacManager.saveRole( repoAdmin );
+
+ return newRole;
+ }
+ }
+ catch ( RbacObjectNotFoundException ne )
+ {
+ throw new RoleProfileException( "unable to get role", ne );
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleProfileException( "system error with rbac manager", e );
+ }
+ }
}
projects / archiva.git / commitdiff