[MRM-216]

-copy temporary upload file to the target repository
-added check if user has upload permission to the repository

git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@636284 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java b/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java
index 88b740b191234c951470d237d6fa1d2008847c31..0d8c029bbe4a26064123e98686ff95d8b627230e 100644 (file)
--- a/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java
+++ b/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java
@@ -36,13 +36,11 @@ import org.codehaus.plexus.redback.users.User;
 import org.codehaus.plexus.redback.users.UserNotFoundException;
 
 /**
- * DefaultUserRepositories 
- *
+ * DefaultUserRepositories
+ * 
  * @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a>
  * @version $Id$
- * 
- * @plexus.component role="org.apache.maven.archiva.security.UserRepositories"
- *                   role-hint="default"
+ * @plexus.component role="org.apache.maven.archiva.security.UserRepositories" role-hint="default"
  */
 public class DefaultUserRepositories
     implements UserRepositories
@@ -61,12 +59,12 @@ public class DefaultUserRepositories
      * @plexus.requirement role-hint="default"
      */
     private RoleManager roleManager;
-    
+
     /**
      * @plexus.requirement
      */
     private ArchivaConfiguration archivaConfiguration;
-    
+
     public List<String> getObservableRepositoryIds( String principal )
         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
     {
@@ -79,20 +77,22 @@ public class DefaultUserRepositories
             {
                 throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
             }
-            
+
             AuthenticationResult authn = new AuthenticationResult( true, principal, null );
             SecuritySession securitySession = new DefaultSecuritySession( authn, user );
-            
+
             List<String> repoIds = new ArrayList<String>();
 
-            List<ManagedRepositoryConfiguration> repos = archivaConfiguration.getConfiguration().getManagedRepositories();
-            
+            List<ManagedRepositoryConfiguration> repos =
+                archivaConfiguration.getConfiguration().getManagedRepositories();
+
             for ( ManagedRepositoryConfiguration repo : repos )
             {
                 try
                 {
                     String repoId = repo.getId();
-                    if ( securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, repoId ) )
+                    if ( securitySystem.isAuthorized( securitySession,
+                                                      ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, repoId ) )
                     {
                         repoIds.add( repoId );
                     }
@@ -102,7 +102,7 @@ public class DefaultUserRepositories
                     // swallow.
                 }
             }
-            
+
             return repoIds;
         }
         catch ( UserNotFoundException e )
@@ -128,8 +128,38 @@ public class DefaultUserRepositories
         }
         catch ( RoleManagerException e )
         {
-            throw new ArchivaSecurityException( "Unable to create roles for configured repositories: " + e.getMessage(),
+            throw new ArchivaSecurityException(
+                                                "Unable to create roles for configured repositories: " + e.getMessage(),
                                                 e );
         }
     }
+
+    public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )
+        throws PrincipalNotFoundException, ArchivaSecurityException
+    {
+        try
+        {
+            User user = securitySystem.getUserManager().findUser( principal );
+
+            if ( user.isLocked() )
+            {
+                throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
+            }
+
+            AuthenticationResult authn = new AuthenticationResult( true, principal, null );
+            SecuritySession securitySession = new DefaultSecuritySession( authn, user );
+
+            return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
+                                                repoId );
+
+        }
+        catch ( UserNotFoundException e )
+        {
+            throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
+        }
+        catch ( AuthorizationException e )
+        {
+            throw new ArchivaSecurityException( e.getMessage() );
+        }
+    }
 }

diff --git a/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/UserRepositories.java b/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/UserRepositories.java
index c448a26b3f88eb49a1ef35db1423be7a87329266..4ea6c7f2dbe40a69c028170fba0f4e7ac52febb1 100644 (file)
--- a/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/UserRepositories.java
+++ b/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/UserRepositories.java
@@ -49,4 +49,17 @@ public interface UserRepositories
      */
     public void createMissingRepositoryRoles( String repoId )
         throws ArchivaSecurityException;
+    
+    /**
+     * Check if user is authorized to upload artifacts in the repository.
+     * 
+     * @param principal
+     * @param repoId
+     * @return
+     * @throws PrincipalNotFoundException
+     * @throws ArchivaSecurityException
+     */
+    public boolean isAuthorizedToUploadArtifacts( String principal, String repoId)
+        throws PrincipalNotFoundException, ArchivaSecurityException;
+    
 }

diff --git a/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/UploadAction.java b/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/UploadAction.java
index 6d6d6ac0b47405fd67fb52c5164913b64b21fa59..953577c2544a8c3bc9a3e00a9df877b57980e393 100644 (file)
--- a/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/UploadAction.java
+++ b/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/UploadAction.java
@@ -20,14 +20,24 @@ package org.apache.maven.archiva.web.action;
  */
 
 import org.codehaus.plexus.xwork.action.PlexusActionSupport;
-import org.apache.maven.archiva.configuration.Configuration; 
-// import org.apache.maven.archiva.configuration.ArchivaConfiguration;
-// import org.apache.maven.archiva.configuration.RepositoryConfiguration;
-// import org.apache.maven.archiva.repository.layout.BidirectionalRepositoryLayoutFactory;
-// import org.apache.maven.archiva.repository.layout.BidirectionalRepositoryLayout;
-// import org.apache.maven.archiva.repository.layout.LayoutException;
-import org.apache.maven.archiva.model.ArchivaArtifact;
+import org.apache.maven.archiva.configuration.ArchivaConfiguration;
+import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
+import org.apache.maven.archiva.model.ArtifactReference;
+import org.apache.maven.archiva.repository.ManagedRepositoryContent;
+import org.apache.maven.archiva.repository.RepositoryContentFactory;
+import org.apache.maven.archiva.repository.RepositoryException;
+import org.apache.maven.archiva.repository.RepositoryNotFoundException;
+import org.apache.maven.archiva.security.ArchivaSecurityException;
+import org.apache.maven.archiva.security.ArchivaUser;
+import org.apache.maven.archiva.security.PrincipalNotFoundException;
+import org.apache.maven.archiva.security.UserRepositories;
+
+import com.opensymphony.xwork.Validateable;
+
 import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
 
 /**
  * Upload an artifact.
@@ -37,8 +47,8 @@ import java.io.File;
  */
 public class UploadAction
     extends PlexusActionSupport
+    implements Validateable
 {
-
     private String groupId;
 
     private String artifactId;
@@ -58,13 +68,25 @@ public class UploadAction
     private String repositoryId;
 
     /**
-     * @plexus.requirement role-hint="default"
+     * @plexus.requirement role-hint="xwork"
      */
-    // private ArchivaConfiguration configuration;
+    private ArchivaUser archivaUser;
+
+    /**
+     * @plexus.requirement
+     */
+    private UserRepositories userRepositories;
+
     /**
      * @plexus.requirement role-hint="default"
      */
-    // private BidirectionalRepositoryLayoutFactory layoutFactory;
+    private ArchivaConfiguration configuration;
+
+    /**
+     * @plexus.requirement
+     */
+    private RepositoryContentFactory repositoryFactory;
+
     public void setUpload( File file )
     {
         this.file = file;
@@ -142,25 +164,124 @@ public class UploadAction
 
     public String upload()
     {
+        // TODO populate repository id field
+        // TODO form validation
+
         getLogger().debug( "upload" );
-        return SUCCESS;
+        return INPUT;
     }
 
     public String doUpload()
-    // throws LayoutException
     {
-        // TODO: adapt to changes in RepositoryConfiguration from the MRM-462 branch
-        // RepositoryConfiguration rc = configuration.getConfiguration().findRepositoryById( repositoryId );
-        // String layout = rc.getLayout();
-        // String url = rc.getUrl();
-        // ArchivaArtifact artifact = new ArchivaArtifact( groupId, artifactId, version, classifier, packaging );
-        // BidirectionalRepositoryLayout repositoryLayout = layoutFactory.getLayout( layout );
+        try
+        {
+            ManagedRepositoryConfiguration repoConfig =
+                configuration.getConfiguration().findManagedRepositoryById( repositoryId );
+
+            ArtifactReference artifactReference = new ArtifactReference();
+            artifactReference.setArtifactId( artifactId );
+            artifactReference.setGroupId( groupId );
+            artifactReference.setVersion( version );
+            artifactReference.setClassifier( classifier );
+            artifactReference.setType( packaging );
+
+            ManagedRepositoryContent repository = repositoryFactory.getManagedRepositoryContent( repositoryId );
+
+            String artifactPath = repository.toPath( artifactReference );
+
+            int lastIndex = artifactPath.lastIndexOf( '/' );
+
+            File targetPath = new File( repoConfig.getLocation(), artifactPath.substring( 0, lastIndex ) );
 
-        // output from getLogger().debug(...) not appearing in logs, so...
-        // System.out.println( "doUpload, file: " + file.getAbsolutePath() );
-        // System.out.println( "doUpload, path: " + repositoryLayout.toPath( artifact ) );
+            if ( !targetPath.exists() )
+            {
+                targetPath.mkdirs();
+            }
 
-        return SUCCESS;
+            copyFile( targetPath, artifactPath.substring( lastIndex + 1 ) );
+
+            // 1. check if user has permission to deploy to the repository
+            // - get writable user repositories (need to add new method
+            // for this in DefaultUserRepositories)
+
+            // 2. if user has write permission:
+            // - get repository path (consider the layout -- default or legacy)
+            // - if the artifact is not a pom, create pom file (use ProjectModel400Writer in archiva-repository-layer)
+            // - create directories in the repository (groupId, artifactId, version)
+            // - re-write uploaded jar file
+            // - write generated pom
+            // - update metadata
+
+            // TODO delete temporary file (upload)
+            // TODO improve action error messages below
+
+            return SUCCESS;
+        }
+        catch ( IOException ie )
+        {
+            addActionError( "Error encountered while uploading file: " + ie.getMessage() );
+            return ERROR;
+        }
+        catch ( RepositoryNotFoundException re )
+        {
+            addActionError( "Target repository cannot be found: " + re.getMessage() );
+            return ERROR;
+        }
+        catch ( RepositoryException rep )
+        {
+            addActionError( "Repository exception: " + rep.getMessage() );
+            return ERROR;
+        }
+    }
+
+    private String getPrincipal()
+    {
+        return archivaUser.getActivePrincipal();
+    }
+
+    private void copyFile( File targetPath, String artifactFilename )
+        throws IOException
+    {
+        FileOutputStream out = new FileOutputStream( new File( targetPath, artifactFilename ) );
+
+        try
+        {
+            FileInputStream input = new FileInputStream( file );
+            int i = 0;
+            while ( ( i = input.read() ) != -1 )
+            {
+                out.write( i );
+            }
+            out.flush();
+        }
+        finally
+        {
+            out.close();
+        }
+    }
+
+    private void generatePom()
+    {
+        // TODO: use ProjectModel400Writer
+    }
+
+    public void validate()
+    {
+        try
+        {
+            // is this enough check for the repository permission?
+            if ( !userRepositories.isAuthorizedToUploadArtifacts( getPrincipal(), repositoryId ) )
+            {
+                addActionError( "User is not authorized to upload in repository " + repositoryId );
+            }
+        }
+        catch ( PrincipalNotFoundException pe )
+        {
+            addActionError( pe.getMessage() );
+        }
+        catch ( ArchivaSecurityException ae )
+        {
+            addActionError( ae.getMessage() );
+        }
     }
-    
 }

diff --git a/archiva-web/archiva-webapp/src/main/resources/xwork.xml b/archiva-web/archiva-webapp/src/main/resources/xwork.xml
index c90ad778eb8ca52b51d29d82a96a7acf71515e4b..5413ff59084eff8191e93ead2902f8baa804535c 100644 (file)
--- a/archiva-web/archiva-webapp/src/main/resources/xwork.xml
+++ b/archiva-web/archiva-webapp/src/main/resources/xwork.xml
@@ -165,12 +165,9 @@
     </action>
 
     <action name="upload" class="uploadAction" method="upload">
-      <result>/WEB-INF/jsp/upload.jsp</result>
-    </action>
-
-    <action name="doUpload" class="uploadAction" method="doUpload">
       <interceptor-ref name="fileUpload"/>
       <interceptor-ref name="basicStack"/>
+      <result name="input">/WEB-INF/jsp/upload.jsp</result>
       <result name="success">/WEB-INF/jsp/upload.jsp</result>
     </action>
 

diff --git a/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/upload.jsp b/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/upload.jsp
index a2818052ccc5af354e6318262fb31fe4825fac66..4677e0821141bec3f286fbba58fe1130c8c9af46 100644 (file)
--- a/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/upload.jsp
+++ b/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/upload.jsp
@@ -32,7 +32,7 @@
 
 <h1>Upload Artifact</h1>
 <div id="contentArea">
-  <ww:form action="doUpload" method="post" enctype="multipart/form-data">
+  <ww:form action="upload!doUpload" method="post" enctype="multipart/form-data">
     <%@ include file="/WEB-INF/jsp/include/uploadForm.jspf" %>
     <ww:submit/>
   </ww:form>