From c818808b7c995d3ad7fe8f0a9ea372aea96835cf Mon Sep 17 00:00:00 2001 From: Martin Stockhammer Date: Mon, 20 Dec 2021 22:28:33 +0100 Subject: [PATCH] Adding additional operations for access control --- .../security/common/ArchivaRoleConstants.java | 12 +++-- .../resources/META-INF/redback/redback.xml | 11 ++++ .../maven/MavenManagedRepositoryService.java | 53 ++++++++++++------- .../DefaultMavenManagedRepositoryService.java | 4 +- 4 files changed, 57 insertions(+), 23 deletions(-) rename archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/v2/svc/{ => maven}/DefaultMavenManagedRepositoryService.java (99%) diff --git a/archiva-modules/archiva-base/archiva-security-common/src/main/java/org/apache/archiva/security/common/ArchivaRoleConstants.java b/archiva-modules/archiva-base/archiva-security-common/src/main/java/org/apache/archiva/security/common/ArchivaRoleConstants.java index 5be7c8b0e..e7a04e865 100644 --- a/archiva-modules/archiva-base/archiva-security-common/src/main/java/org/apache/archiva/security/common/ArchivaRoleConstants.java +++ b/archiva-modules/archiva-base/archiva-security-common/src/main/java/org/apache/archiva/security/common/ArchivaRoleConstants.java @@ -64,7 +64,7 @@ public class ArchivaRoleConstants /** * Permission to add a repository - * Scope: application + * Scope: global */ public static final String OPERATION_ADD_REPOSITORY = "archiva-add-repository"; @@ -118,10 +118,15 @@ public class ArchivaRoleConstants /** * Permission to upload a file to the upload workspace - * Scope: application + * Scope: global */ public static final String OPERATION_FILE_UPLOAD = "archiva-upload-file"; + /** + * Permission to list all available repositories + * Scope: global + */ + public static final String OPERATION_LIST_REPOSITORIES = "archiva-list-repositories"; public static final String OPERATION_MERGE_REPOSITORY = "archiva-merge-repository"; @@ -138,7 +143,8 @@ public class ArchivaRoleConstants public static final String TEMPLATE_SYSTEM_ADMIN = "archiva-system-administrator"; public static final String TEMPLATE_GUEST = "archiva-guest"; - + + public static String toRepositoryObserverRoleName( String repoId ) { return REPOSITORY_OBSERVER_ROLE_PREFIX + " - " + repoId; diff --git a/archiva-modules/archiva-base/archiva-security-common/src/main/resources/META-INF/redback/redback.xml b/archiva-modules/archiva-base/archiva-security-common/src/main/resources/META-INF/redback/redback.xml index e236e8218..35599374d 100644 --- a/archiva-modules/archiva-base/archiva-security-common/src/main/resources/META-INF/redback/redback.xml +++ b/archiva-modules/archiva-base/archiva-security-common/src/main/resources/META-INF/redback/redback.xml @@ -78,6 +78,11 @@ archiva-access-reports Access Archiva Reports + + archiva-list-repositories + archiva-list-repositories + List all repositories + archiva-add-repository archiva-add-repository @@ -253,6 +258,12 @@ Repository Manager true + + archiva-list-repositories + Archiva List Repositories + archiva-list-repositories + global + archiva-delete-namespace Archiva Delete Namespace (GroupId) diff --git a/archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/v2/svc/maven/MavenManagedRepositoryService.java b/archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/v2/svc/maven/MavenManagedRepositoryService.java index 98ac75419..f8e3f314c 100644 --- a/archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/v2/svc/maven/MavenManagedRepositoryService.java +++ b/archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/v2/svc/maven/MavenManagedRepositoryService.java @@ -32,7 +32,6 @@ import org.apache.archiva.rest.api.v2.model.MavenManagedRepository; import org.apache.archiva.rest.api.v2.model.MavenManagedRepositoryUpdate; import org.apache.archiva.rest.api.v2.svc.ArchivaRestError; import org.apache.archiva.rest.api.v2.svc.ArchivaRestServiceException; -import org.apache.archiva.security.common.ArchivaRoleConstants; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; @@ -53,12 +52,25 @@ import static org.apache.archiva.rest.api.v2.svc.RestConfiguration.DEFAULT_PAGE_ import static org.apache.archiva.security.common.ArchivaRoleConstants.*; /** + * * Service interface for update, delete, add of Managed Maven Repositories * + * The add, delete, update methods for a repository use "/{id}" with the classical CRUD actions. + * Where {id} is the repository ID. + * + * There are subpaths for certain repository management functions: + *
    + *
  • {@code /{id}/path/{groupsection1/groupsection2/... }/{project}/{version}/{artifact-file}} + * is used for accessing artifacts and directories by their repository path
    • + *
  • {@code /{id}/co/{groupid}/{artifactid}/{version} } is used to access Maven artifacts by their coordinates. + * Which means, {groupid} is a '.' separated string. + *
    • + *
+ * * @author Martin Stockhammer * @since 3.0 */ -@Schema( name = "ManagedRepositoryService", description = "Managing and configuration of managed repositories" ) +@Schema( name = "MavenManagedRepositoryService", description = "Managing and configuration of managed maven repositories" ) @Path( "repositories/maven/managed" ) @Tag(name = "v2") @Tag(name = "v2/Repositories") @@ -67,7 +79,7 @@ public interface MavenManagedRepositoryService @Path( "" ) @GET @Produces( {APPLICATION_JSON} ) - @RedbackAuthorization( permissions = OPERATION_MANAGE_CONFIGURATION ) + @RedbackAuthorization( permissions = { OPERATION_MANAGE_CONFIGURATION, OPERATION_LIST_REPOSITORIES } ) @Operation( summary = "Returns all managed repositories.", parameters = { @Parameter( name = "q", description = "Search term" ), @@ -79,7 +91,11 @@ public interface MavenManagedRepositoryService security = { @SecurityRequirement( name = OPERATION_MANAGE_CONFIGURATION + ), + @SecurityRequirement( + name = OPERATION_LIST_REPOSITORIES ) + }, responses = { @ApiResponse( responseCode = "200", @@ -159,7 +175,8 @@ public interface MavenManagedRepositoryService } ) Response deleteManagedRepository( @PathParam( "id" ) String repositoryId, - @QueryParam( "deleteContent" ) boolean deleteContent ) + @DefaultValue( "false" ) + @QueryParam( "deleteContent" ) Boolean deleteContent ) throws ArchivaRestServiceException; @@ -243,7 +260,7 @@ public interface MavenManagedRepositoryService permissions = { OPERATION_MANAGE_CONFIGURATION, OPERATION_READ_REPOSITORY}, resource = "{id}" ) - @Operation( summary = "Returns the status of a given file in the repository", + @Operation( summary = "Returns the status of a given artifact file in the repository", security = { @SecurityRequirement( name = OPERATION_MANAGE_CONFIGURATION @@ -277,7 +294,7 @@ public interface MavenManagedRepositoryService @POST @Produces({APPLICATION_JSON}) @RedbackAuthorization (noPermission = true) - @Operation( summary = "Copies a artifact from the source repository to the destination repository", + @Operation( summary = "Copies a artifact from the source repository to the destination repository with the same path", security = { @SecurityRequirement( name = OPERATION_READ_REPOSITORY, @@ -315,7 +332,7 @@ public interface MavenManagedRepositoryService permissions = { OPERATION_MANAGE_CONFIGURATION, OPERATION_DELETE_ARTIFACT }, resource = "{id}" ) - @Operation( summary = "Deletes a artifact in the repository.", + @Operation( summary = "Deletes a artifact from the repository.", security = { @SecurityRequirement( name = OPERATION_MANAGE_CONFIGURATION @@ -339,14 +356,14 @@ public interface MavenManagedRepositoryService Response deleteArtifact( @PathParam( "id" ) String repositoryId, @PathParam( "path" ) String path ) throws ArchivaRestServiceException; - @Path ( "{id}/co/{group}/{project}/{version}" ) + @Path ( "{id}/co/{groupid}/{artifactid}/{version}" ) @DELETE @Produces ({ MediaType.APPLICATION_JSON }) @RedbackAuthorization ( permissions = { OPERATION_MANAGE_CONFIGURATION, OPERATION_DELETE_VERSION}, resource = "{id}" ) - @Operation( summary = "Removes a version tree in the repository", + @Operation( summary = "Removes a version and all its content from the repository", security = { @SecurityRequirement( name = OPERATION_MANAGE_CONFIGURATION @@ -368,16 +385,16 @@ public interface MavenManagedRepositoryService } ) Response removeProjectVersion( @PathParam ( "id" ) String repositoryId, - @PathParam ( "group" ) String namespace, @PathParam ( "project" ) String projectId, + @PathParam ( "groupid" ) String namespace, @PathParam ( "artifactid" ) String projectId, @PathParam ( "version" ) String version ) throws org.apache.archiva.rest.api.services.ArchivaRestServiceException; - @Path ( "{id}/co/{group}/{project}" ) + @Path ( "{id}/co/{groupid}/{artifactid}" ) @DELETE @Produces ({ MediaType.APPLICATION_JSON }) @RedbackAuthorization (noPermission = true) - @Operation( summary = "Removes a project tree in the repository", + @Operation( summary = "Removes a artifact and all its versions from the repository", security = { @SecurityRequirement( name = OPERATION_MANAGE_CONFIGURATION @@ -394,21 +411,21 @@ public interface MavenManagedRepositoryService ), @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to delete in repositories", content = @Content( mediaType = APPLICATION_JSON, schema = @Schema( implementation = ArchivaRestError.class ) ) ), - @ApiResponse( responseCode = "404", description = "The managed repository with this id does not exist. Or the project does not exist.", + @ApiResponse( responseCode = "404", description = "The managed repository with this id does not exist. Or the artifact does not exist.", content = @Content( mediaType = APPLICATION_JSON, schema = @Schema( implementation = ArchivaRestError.class ) ) ) } ) - Response deleteProject( @PathParam ("id") String repositoryId, @PathParam ( "group" ) String namespace, @PathParam ( "project" ) String projectId ) + Response deleteProject( @PathParam ("id") String repositoryId, @PathParam ( "groupid" ) String namespace, @PathParam ( "artifactid" ) String projectId ) throws org.apache.archiva.rest.api.services.ArchivaRestServiceException; - @Path ( "{id}/co/{namespace}" ) + @Path ( "{id}/co/{groupid}" ) @DELETE @Produces ({ MediaType.APPLICATION_JSON }) @RedbackAuthorization ( permissions = { OPERATION_MANAGE_CONFIGURATION, OPERATION_DELETE_NAMESPACE }, resource = "{id}" ) - @Operation( summary = "Removes a namespace tree in the repository", + @Operation( summary = "Removes a group and all subfolders from the repository", security = { @SecurityRequirement( name = OPERATION_MANAGE_CONFIGURATION @@ -424,11 +441,11 @@ public interface MavenManagedRepositoryService ), @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to delete namespaces in repositories", content = @Content( mediaType = APPLICATION_JSON, schema = @Schema( implementation = ArchivaRestError.class ) ) ), - @ApiResponse( responseCode = "404", description = "The managed repository with this id does not exist. Or the namespace does not exist.", + @ApiResponse( responseCode = "404", description = "The managed repository with this id does not exist. Or the groupid does not exist.", content = @Content( mediaType = APPLICATION_JSON, schema = @Schema( implementation = ArchivaRestError.class ) ) ) } ) - Response deleteNamespace( @PathParam ("id") String repositoryId, @PathParam ( "namespace" ) String namespace ) + Response deleteNamespace( @PathParam ("id") String repositoryId, @PathParam ( "groupid" ) String namespace ) throws org.apache.archiva.rest.api.services.ArchivaRestServiceException; } diff --git a/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/v2/svc/DefaultMavenManagedRepositoryService.java b/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/v2/svc/maven/DefaultMavenManagedRepositoryService.java similarity index 99% rename from archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/v2/svc/DefaultMavenManagedRepositoryService.java rename to archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/v2/svc/maven/DefaultMavenManagedRepositoryService.java index 8296d0444..5e3c11ab4 100644 --- a/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/v2/svc/DefaultMavenManagedRepositoryService.java +++ b/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/v2/svc/maven/DefaultMavenManagedRepositoryService.java @@ -1,4 +1,4 @@ -package org.apache.archiva.rest.v2.svc; +package org.apache.archiva.rest.v2.svc.maven; /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file @@ -155,7 +155,7 @@ public class DefaultMavenManagedRepositoryService implements MavenManagedReposit } @Override - public Response deleteManagedRepository( String repositoryId, boolean deleteContent ) throws ArchivaRestServiceException + public Response deleteManagedRepository( String repositoryId, Boolean deleteContent ) throws ArchivaRestServiceException { ManagedRepository repo = repositoryRegistry.getManagedRepository( repositoryId ); if (repo==null) { -- 2.39.5