From 13d43afbfe8c553d105b65480b9857add7399271 Mon Sep 17 00:00:00 2001
From: Brett Porter <brett@apache.org>
Date: Wed, 11 Mar 2009 17:33:31 +0000
Subject: [PATCH] [MRM-922] access to upload page with managed repository role

git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@752539 13f79535-47bb-0310-9956-ffa450edef68
---
 .../security/DefaultUserRepositories.java     | 18 +++++++++++--
 .../archiva/security/UserRepositories.java    | 12 +++++++++
 .../archiva/web/action/UploadAction.java      | 26 +++++++++++++++++--
 .../webapp/WEB-INF/jsp/decorators/default.jsp |  9 +++----
 .../security/UserRepositoriesStub.java        |  7 +++++
 5 files changed, 62 insertions(+), 10 deletions(-)

diff --git a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java
index d99b08932..3eb9166c6 100644
--- a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java
+++ b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java
@@ -73,7 +73,22 @@ public class DefaultUserRepositories
     public List<String> getObservableRepositoryIds( String principal )
         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
     {
+        String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
 
+        return getAccessibleRepositoryIds( principal, operation );
+    }
+
+    public List<String> getManagableRepositoryIds( String principal )
+        throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
+    {
+        String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
+
+        return getAccessibleRepositoryIds( principal, operation );
+    }
+
+    private List<String> getAccessibleRepositoryIds( String principal, String operation )
+        throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
+    {
         try
         {
             User user = securitySystem.getUserManager().findUser( principal );
@@ -100,8 +115,7 @@ public class DefaultUserRepositories
                 try
                 {
                     String repoId = repo.getId();
-                    if ( securitySystem.isAuthorized( securitySession,
-                                                      ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, repoId ) )
+                    if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
                     {
                         repoIds.add( repoId );
                     }
diff --git a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/UserRepositories.java b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/UserRepositories.java
index 9b3840ac6..b1d48b2c4 100644
--- a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/UserRepositories.java
+++ b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/UserRepositories.java
@@ -43,6 +43,18 @@ public interface UserRepositories
     public List<String> getObservableRepositoryIds( String principal )
         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException;
     
+    /**
+     * Get the list of writable repository ids for the user specified.
+     * 
+     * @param principal the principle to obtain the observable repository ids from.
+     * @return the list of observable repository ids.
+     * @throws PrincipalNotFoundException
+     * @throws AccessDeniedException
+     * @throws ArchivaSecurityException
+     */
+    public List<String> getManagableRepositoryIds( String principal )
+        throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException;
+    
     /**
      * Create any missing repository roles for the provided repository id.
      * 
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/UploadAction.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/UploadAction.java
index 27110c71e..242436882 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/UploadAction.java
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/UploadAction.java
@@ -57,6 +57,7 @@ import org.apache.maven.archiva.repository.metadata.RepositoryMetadataWriter;
 import org.apache.maven.archiva.repository.project.ProjectModelException;
 import org.apache.maven.archiva.repository.project.ProjectModelWriter;
 import org.apache.maven.archiva.repository.project.writers.ProjectModel400Writer;
+import org.apache.maven.archiva.security.AccessDeniedException;
 import org.apache.maven.archiva.security.ArchivaSecurityException;
 import org.apache.maven.archiva.security.PrincipalNotFoundException;
 import org.apache.maven.archiva.security.UserRepositories;
@@ -295,8 +296,7 @@ public class UploadAction
 
     public void prepare()
     {
-        managedRepoIdList =
-            new ArrayList<String>( configuration.getConfiguration().getManagedRepositoriesAsMap().keySet() );
+        managedRepoIdList = getManagableRepos();
     }
 
     public String input()
@@ -622,6 +622,28 @@ public class UploadAction
         this.auditListeners.remove( listener );
     }
     
+    private List<String> getManagableRepos()
+    {
+        try
+        {
+            return userRepositories.getManagableRepositoryIds( getPrincipal() );
+        }
+        catch ( PrincipalNotFoundException e )
+        {
+            getLogger().warn( e.getMessage(), e );
+        }
+        catch ( AccessDeniedException e )
+        {
+            getLogger().warn( e.getMessage(), e );
+            // TODO: pass this onto the screen.
+        }
+        catch ( ArchivaSecurityException e )
+        {
+            getLogger().warn( e.getMessage(), e );
+        }
+        return Collections.emptyList();
+    }
+
     private void triggerAuditEvent( String user, String repositoryId, String resource, String action )
     {
         AuditEvent event = new AuditEvent( repositoryId, user, resource, action );
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp
index e5f4c4ff1..52ec32bbe 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp
@@ -80,7 +80,7 @@
       </li>
     </ul>
 
-    <redback:ifAnyAuthorized permissions="archiva-delete-artifact,archiva-manage-users,archiva-access-reports,archiva-manage-configuration">
+    <redback:ifAnyAuthorized permissions="archiva-upload-repository,archiva-delete-artifact,archiva-manage-users,archiva-access-reports,archiva-manage-configuration">
       <h5>Manage</h5>
       <ul>
         <redback:ifAuthorized permission="archiva-access-reports">
@@ -88,11 +88,6 @@
             <my:currentWWUrl action="pickReport" namespace="/report">Reports</my:currentWWUrl>
           </li>
         </redback:ifAuthorized>
-          <%-- POSTPONED to 1.1 series
-                <li class="none">
-                  <a href="#">Synchronisation</a>
-                </li>
-          --%>
         <redback:ifAuthorized permission="archiva-manage-users">
           <li class="none">
             <my:currentWWUrl action="userlist" namespace="/security">User Management</my:currentWWUrl>
@@ -107,6 +102,8 @@
           <li class="none">
             <my:currentWWUrl action="configureAppearance" namespace="/admin">Appearance</my:currentWWUrl>
           </li>
+        </redback:ifAuthorized>
+        <redback:ifAuthorized permission="archiva-upload-repository">
           <li class="none">
             <my:currentWWUrl action="upload" namespace="/">Upload Artifact</my:currentWWUrl>
           </li>
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/security/UserRepositoriesStub.java b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/security/UserRepositoriesStub.java
index 43f43652e..88971d44f 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/security/UserRepositoriesStub.java
+++ b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/security/UserRepositoriesStub.java
@@ -67,4 +67,11 @@ public class UserRepositoriesStub
         return false;
     }
 
+    public List<String> getManagableRepositoryIds( String principal )
+        throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
+    {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
 }
-- 
2.39.5