From d671cfc524bee99e7795f33ab20771ee749331da Mon Sep 17 00:00:00 2001
From: Jesse McConnell <jmcconnell@apache.org>
Date: Tue, 12 Sep 2006 21:50:57 +0000
Subject: [PATCH] added additional checks for report viewing and generation

git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@442726 13f79535-47bb-0310-9956-ffa450edef68
---
 .../archiva/web/util/DefaultRoleManager.java  | 24 +++++----------
 .../plexus/plexus-security.properties         | 20 +++++++++++++
 .../webapp/WEB-INF/jsp/decorators/default.jsp |  4 +--
 .../webapp/WEB-INF/jsp/reports/reports.jsp    | 29 ++++++++++---------
 4 files changed, 45 insertions(+), 32 deletions(-)
 create mode 100644 archiva-webapp/src/main/resources/META-INF/plexus/plexus-security.properties

diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java
index 719f852d6..ce00d0906 100644
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java
+++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java
@@ -45,7 +45,7 @@ public class DefaultRoleManager
     private RBACManager manager;
 
     private boolean initialized;
-
+                           
     public void initialize()
         throws InitializationException
     {
@@ -164,13 +164,13 @@ public class DefaultRoleManager
                 manager.savePermission( editAllUsers );
             }
 
-            if ( !manager.permissionExists( "Generate All Reports" ) )
+            if ( !manager.permissionExists( "Generate Reports" ) )
             {
-                Permission editAllUsers = manager.createPermission( "Generate All Reports", "generate-reports",
+                Permission editAllUsers = manager.createPermission( "Generate Reports", "generate-reports",
                                                                     manager.getGlobalResource().getIdentifier() );
 
                 manager.savePermission( editAllUsers );
-            }
+            }           
 
             if ( !manager.permissionExists( "Grant Roles" ) )
             {
@@ -214,7 +214,7 @@ public class DefaultRoleManager
                 admin.addPermission( manager.getPermission( "Run Indexer" ) );
                 admin.addPermission( manager.getPermission( "Add Repository" ) );
                 admin.addPermission( manager.getPermission( "Access Reports") );
-                admin.addPermission( manager.getPermission( "Generate All Reports") );
+                admin.addPermission( manager.getPermission( "Generate Reports") );
                 admin.addPermission( manager.getPermission( "Regenerate Index" ) );
                 admin.setAssignable( true );
                 manager.saveRole( admin );
@@ -273,26 +273,16 @@ public class DefaultRoleManager
             deleteRepo.setResource( repoResource );
             deleteRepo = manager.savePermission( deleteRepo );
 
-            Permission getReports = manager.createPermission( "Access Reports - " + repositoryName );
-            getReports.setOperation( manager.getOperation( "access-reports" ) );
-            getReports.setResource( repoResource );
-            getReports = manager.savePermission( getReports );
-
-            Permission regenReports = manager.createPermission( "generate Reports - " + repositoryName );
-            regenReports.setOperation( manager.getOperation( "generate-reports" ) );
-            regenReports.setResource( repoResource );
-            regenReports = manager.savePermission( regenReports );
-
             // make the roles
             Role repositoryObserver = manager.createRole( "Repository Observer - " + repositoryName );
-            repositoryObserver.addPermission( getReports );
+            repositoryObserver.addPermission( manager.getPermission( "Access Reports" ) );
             repositoryObserver.setAssignable( true );
             repositoryObserver = manager.saveRole( repositoryObserver );
 
             Role repositoryManager = manager.createRole( "Repository Manager - " + repositoryName );
             repositoryManager.addPermission( editRepo );
             repositoryManager.addPermission( deleteRepo );
-            repositoryManager.addPermission( regenReports );
+            repositoryManager.addPermission( manager.getPermission( "Generate Reports" ) );
             repositoryManager.addChildRoleName( repositoryObserver.getName() );
             repositoryManager.setAssignable( true );
             manager.saveRole( repositoryManager );
diff --git a/archiva-webapp/src/main/resources/META-INF/plexus/plexus-security.properties b/archiva-webapp/src/main/resources/META-INF/plexus/plexus-security.properties
new file mode 100644
index 000000000..c47486b91
--- /dev/null
+++ b/archiva-webapp/src/main/resources/META-INF/plexus/plexus-security.properties
@@ -0,0 +1,20 @@
+#
+# operations
+#
+addRepositoryOperation=add-repository
+editRepositoryOperation=edit-repository
+deleteRepositoryOperation=delete-repository
+
+editConfiguration=edit-configuration
+
+runIndexer=run-indexer
+regenerateIndex=regenerate-index
+
+accessReports=access-reports
+generateReports=generate-reports
+
+editAllUsers=edit-all-users
+editUser=edit-user
+
+grantRoles=grant-roles
+removeRoles=remove-roles
\ No newline at end of file
diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp
index b7909d252..bc1c0505c 100644
--- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp
+++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp
@@ -108,10 +108,10 @@
         <my:currentWWUrl action="browse" namespace="/">Browse</my:currentWWUrl>
       </li>
     </ul>
-    <pss:ifAnyAuthorized permissions="edit-all-users,get-reports,edit-configuration">
+    <pss:ifAnyAuthorized permissions="edit-all-users,access-reports,edit-configuration">
       <h5>Manage</h5>
       <ul>
-        <pss:ifAuthorized permission="get-reports">
+        <pss:ifAuthorized permission="access-reports">
           <li class="none">
             <my:currentWWUrl action="reports" namespace="/admin">Reports</my:currentWWUrl>
           </li>
diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/reports/reports.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/reports/reports.jsp
index 948e322e8..5f68926d1 100644
--- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/reports/reports.jsp
+++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/reports/reports.jsp
@@ -18,6 +18,7 @@
 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
 <%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="pss" uri="plexusSecuritySystem" %>
 
 <html>
 <head>
@@ -33,14 +34,16 @@
 
 <div id="contentArea">
 
-<ww:form action="reports" namespace="/admin">
-  <ww:select list="reports" label="Report" name="reportGroup" onchange="document.reports.submit();"/>
-  <ww:select list="configuration.repositories" listKey="id" listValue="name" label="Repository" headerKey="-"
-             headerValue="(All repositories)" name="repositoryId" onchange="document.reports.submit();"/>
-  <ww:select list="reports[reportGroup].reports" label="Filter" headerKey="-" headerValue="(All Problems)"
-             name="filter" onchange="document.reports.submit();"/>
-  <ww:submit value="Get Report"/>
-</ww:form>
+<pss:ifAnyAuthorized permissions="generate-reports">
+  <ww:form action="reports" namespace="/admin">
+    <ww:select list="reports" label="Report" name="reportGroup" onchange="document.reports.submit();"/>
+    <ww:select list="configuration.repositories" listKey="id" listValue="name" label="Repository" headerKey="-"
+               headerValue="(All repositories)" name="repositoryId" onchange="document.reports.submit();"/>
+    <ww:select list="reports[reportGroup].reports" label="Filter" headerKey="-" headerValue="(All Problems)"
+               name="filter" onchange="document.reports.submit();"/>
+    <ww:submit value="Get Report"/>
+  </ww:form>
+</pss:ifAnyAuthorized>
 
 <ww:set name="databases" value="databases"/>
 <c:forEach items="${databases}" var="database">
@@ -52,13 +55,13 @@
     --%>
   <c:choose>
     <c:when test="${!database.inProgress}">
-      <c:set var="url">
-        <ww:url action="runReport" namespace="/admin">
-          <ww:param name="repositoryId" value="%{'${database.repository.id}'}"/>
+      <pss:ifAuthorized permission="generate-reports">
+        <ww:url id="regenerateReportUrl" action="runReport" namespace="/admin">
+          <ww:param name="repositoryId">${database.repository.id}</ww:param>
           <ww:param name="reportGroup" value="reportGroup"/>
         </ww:url>
-      </c:set>
-      <a href="${url}">Regenerate Report</a>
+        <ww:a href="%{regenerateReportUrl}">Regenerate Report</ww:a>
+      </pss:ifAuthorized>
     </c:when>
     <c:otherwise>
       <!-- TODO: would be good to have a generic task/job mechanism that tracked progress and ability to run
-- 
2.39.5