From: Olivier Lamy <olamy@apache.org>
Date: Mon, 19 Mar 2012 10:50:02 +0000 (+0000)
Subject: add REST method to know if user able to delete artifact on a repository
X-Git-Tag: archiva-1.4-M3~1007
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=3b01da90b56a94ba43cf2b6b20ab32f0e73300e1;p=archiva.git

add REST method to know if user able to delete artifact on a repository

git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@1302367 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/services/RepositoriesService.java b/archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/services/RepositoriesService.java
index 7d8ea76a7..3ad9a8714 100644
--- a/archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/services/RepositoriesService.java
+++ b/archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/services/RepositoriesService.java
@@ -121,5 +121,11 @@ public interface RepositoriesService
     Boolean deleteArtifact( @QueryParam( "" ) Artifact artifact, @QueryParam( "repositoryId" ) String repositoryId )
         throws ArchivaRestServiceException;
 
+    @Path( "isAuthorizedToDeleteArtifacts/{repositoryId}" )
+    @GET
+    @Produces( { MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML, MediaType.TEXT_PLAIN } )
+    @RedbackAuthorization( noPermission = true, noRestriction = true)
+    Boolean isAuthorizedToDeleteArtifacts( @PathParam( "repositoryId" ) String repoId )
+        throws ArchivaRestServiceException;
 
 }
diff --git a/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/services/DefaultRepositoriesService.java b/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/services/DefaultRepositoriesService.java
index df6a28744..e5517dd5a 100644
--- a/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/services/DefaultRepositoriesService.java
+++ b/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/services/DefaultRepositoriesService.java
@@ -65,6 +65,7 @@ import org.apache.archiva.scheduler.indexing.DownloadRemoteIndexException;
 import org.apache.archiva.scheduler.indexing.DownloadRemoteIndexScheduler;
 import org.apache.archiva.scheduler.repository.RepositoryArchivaTaskScheduler;
 import org.apache.archiva.scheduler.repository.RepositoryTask;
+import org.apache.archiva.security.ArchivaSecurityException;
 import org.apache.archiva.security.common.ArchivaRoleConstants;
 import org.apache.archiva.xml.XMLException;
 import org.apache.commons.io.FilenameUtils;
@@ -85,6 +86,7 @@ import org.springframework.stereotype.Service;
 
 import javax.inject.Inject;
 import javax.inject.Named;
+import javax.ws.rs.core.Response;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
@@ -624,13 +626,17 @@ public class DefaultRepositoriesService
     public Boolean deleteArtifact( Artifact artifact, String repositoryId )
         throws ArchivaRestServiceException
     {
-        String userName = (String) getAuditInformation().getUser().getUsername();
-        if ( StringUtils.isBlank( userName ) )
+
+        if ( StringUtils.isEmpty( repositoryId ) )
         {
-            // TODO use constants from a class instead of magic number
-            throw new ArchivaRestServiceException( "deleteArtifact call: userName not found", 403 );
+            throw new ArchivaRestServiceException( "repositoryId cannot be null", 400 );
+        }
 
+        if ( !isAuthorizedToDeleteArtifacts( repositoryId ) )
+        {
+            throw new ArchivaRestServiceException( "not authorized to delete artifacts", 403 );
         }
+
         if ( artifact == null )
         {
             throw new ArchivaRestServiceException( "artifact cannot be null", 400 );
@@ -646,11 +652,6 @@ public class DefaultRepositoriesService
             throw new ArchivaRestServiceException( "artifact.artifactId cannot be null", 400 );
         }
 
-        if ( StringUtils.isEmpty( repositoryId ) )
-        {
-            throw new ArchivaRestServiceException( "repositoryId cannot be null", 400 );
-        }
-
         // TODO more control on artifact fields
 
         RepositorySession repositorySession = repositorySessionFactory.createSession();
@@ -771,6 +772,24 @@ public class DefaultRepositoriesService
         return Boolean.TRUE;
     }
 
+    public Boolean isAuthorizedToDeleteArtifacts( String repoId )
+        throws ArchivaRestServiceException
+    {
+        String userName =
+            getAuditInformation().getUser() == null ? "guest" : getAuditInformation().getUser().getUsername();
+
+        try
+        {
+            boolean res = userRepositories.isAuthorizedToDeleteArtifacts( userName, repoId );
+            return res;
+        }
+        catch ( ArchivaSecurityException e )
+        {
+            throw new ArchivaRestServiceException( e.getMessage(),
+                                                   Response.Status.INTERNAL_SERVER_ERROR.getStatusCode() );
+        }
+    }
+
     public RepositoryScanStatistics scanRepositoryDirectoriesNow( String repositoryId )
         throws ArchivaRestServiceException
     {
diff --git a/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/RepositoriesServiceTest.java b/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/RepositoriesServiceTest.java
index d9c120c89..c0ad360aa 100644
--- a/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/RepositoriesServiceTest.java
+++ b/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/RepositoriesServiceTest.java
@@ -152,12 +152,52 @@ public class RepositoriesServiceTest
         }
     }
 
+    @Test
+    public void authorizedToDeleteArtifacts()
+        throws Exception
+    {
+        ManagedRepository managedRepository = getTestManagedRepository( "SOURCE_REPO_ID", "SOURCE_REPO_ID" );
+        try
+        {
+            getManagedRepositoriesService( authorizationHeader ).addManagedRepository( managedRepository );
+            RepositoriesService repositoriesService = getRepositoriesService( authorizationHeader );
+            assertTrue( repositoriesService.isAuthorizedToDeleteArtifacts( managedRepository.getId() ) );
+        }
+        finally
+        {
+            getManagedRepositoriesService( authorizationHeader ).deleteManagedRepository( managedRepository.getId(),
+                                                                                          true );
+        }
+    }
+
+    @Test
+    public void notAuthorizedToDeleteArtifacts()
+        throws Exception
+    {
+        ManagedRepository managedRepository = getTestManagedRepository( "SOURCE_REPO_ID", "SOURCE_REPO_ID" );
+        try
+        {
+            getManagedRepositoriesService( authorizationHeader ).addManagedRepository( managedRepository );
+            RepositoriesService repositoriesService = getRepositoriesService( guestAuthzHeader );
+            assertFalse( repositoriesService.isAuthorizedToDeleteArtifacts( managedRepository.getId() ) );
+        }
+        finally
+        {
+            getManagedRepositoriesService( authorizationHeader ).deleteManagedRepository( managedRepository.getId(),
+                                                                                          true );
+        }
+    }
+
+    protected ManagedRepository getTestManagedRepository( String id, String path )
+    {
+        String location = new File( FileUtil.getBasedir(), "target/" + path ).getAbsolutePath();
+        return new ManagedRepository( id, id, location, "default", true, true, true, "2 * * * * ?", null, false, 80, 80,
+                                      true, false );
+    }
 
     protected ManagedRepository getTestManagedRepository()
     {
-        String location = new File( FileUtil.getBasedir(), "target/test-repo" ).getAbsolutePath();
-        return new ManagedRepository( "TEST", "test", location, "default", true, true, true, "2 * * * * ?", null, false,
-                                      80, 80, true, false );
+        return getTestManagedRepository( "TEST", "test-repo" );
     }
 
 }
diff --git a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/DefaultUserRepositories.java b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/DefaultUserRepositories.java
index cfd6da5c8..53dc150d8 100644
--- a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/DefaultUserRepositories.java
+++ b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/DefaultUserRepositories.java
@@ -205,7 +205,7 @@ public class DefaultUserRepositories
     }
 
     public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
-        throws AccessDeniedException, ArchivaSecurityException
+        throws ArchivaSecurityException
     {
         try
         {