From f84cd0a20e4385598a4cd490438dc0ba8a7d1dea Mon Sep 17 00:00:00 2001
From: Jesse McConnell <jmcconnell@apache.org>
Date: Tue, 12 Sep 2006 18:44:16 +0000
Subject: [PATCH] moderately working authz on many of the important jsp pages
 and improvements in the corresponding actions

git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@442672 13f79535-47bb-0310-9956-ffa450edef68
---
 .../AbstractConfigureRepositoryAction.java    |  2 +-
 .../web/action/admin/NewUserAction.java       |  1 +
 .../action/admin/UserManagementAction.java    |  2 +-
 .../archiva/web/util/DefaultRoleManager.java  | 25 +++++--
 archiva-webapp/src/main/resources/xwork.xml   |  2 +-
 .../main/webapp/WEB-INF/jsp/admin/index.jsp   | 13 ++--
 .../webapp/WEB-INF/jsp/decorators/default.jsp | 66 ++++++++++---------
 .../main/webapp/WEB-INF/jsp/loginRegister.jsp |  4 ++
 .../src/main/webapp/WEB-INF/jsp/user.jsp      | 47 +++++++++----
 9 files changed, 105 insertions(+), 57 deletions(-)

diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java
index 93c560619..33b82da30 100644
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java
+++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java
@@ -98,7 +98,7 @@ public abstract class AbstractConfigureRepositoryAction
     {
         addRepository();
 
-        roleManager.addRepository( getRepoId() );
+        roleManager.addRepository( repository.getId() );
 
         configurationStore.storeConfiguration( configuration );
 
diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/NewUserAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/NewUserAction.java
index 3f28833fc..c3baf970c 100644
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/NewUserAction.java
+++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/NewUserAction.java
@@ -115,6 +115,7 @@ public class NewUserAction
             }
             roleManager.addUser( user.getPrincipal().toString() );
 
+            addActionMessage( "user " + username + " was successfully registered!");
         }
         
         if ( hasActionErrors() )
diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java
index 3212e6a53..f5faaa4f5 100644
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java
+++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java
@@ -106,7 +106,7 @@ public class UserManagementAction
         // for displaying the potential repositories to be displayed, remove the global resource
         // from the list
         resources = rbacManager.getAllResources();
-        resources.remove( rbacManager.getGlobalResource() );
+        //resources.remove( rbacManager.getGlobalResource() );
 
         // check if the user has any roles assigned to them, and populate the lists for
         // rendering assign and remove roles links
diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java
index 9fc9ac4a7..c5a3a065e 100644
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java
+++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java
@@ -112,6 +112,12 @@ public class DefaultRoleManager
             manager.saveOperation( operation );
         }
 
+        if ( !manager.operationExists( "grant-roles" ) )
+        {
+            Operation operation = manager.createOperation( "grant-roles" );
+            manager.saveOperation( operation );
+        }
+
         if ( !manager.operationExists( "remove-roles" ) )
         {
             Operation operation = manager.createOperation( "remove-roles" );
@@ -150,12 +156,20 @@ public class DefaultRoleManager
                 manager.savePermission( editAllUsers );
             }
 
+            if ( !manager.permissionExists( "Grant Roles" ) )
+            {
+                Permission granRoles = manager.createPermission( "Grant Roles", "grant-roles",
+                                                                    manager.getGlobalResource().getIdentifier() );
+
+                manager.savePermission( granRoles );
+            }
+            
             if ( !manager.permissionExists( "Remove Roles" ) )
             {
-                Permission editAllUsers = manager.createPermission( "Remove Roles", "remove-roles",
+                Permission removeRoles = manager.createPermission( "Remove Roles", "remove-roles",
                                                                     manager.getGlobalResource().getIdentifier() );
 
-                manager.savePermission( editAllUsers );
+                manager.savePermission( removeRoles );
             }
 
             if ( !manager.permissionExists( "Regenerate Index" ) )
@@ -171,6 +185,7 @@ public class DefaultRoleManager
                 Role userAdmin = manager.createRole( "User Administrator" );
                 userAdmin.addPermission( manager.getPermission( "Edit All Users" ) );
                 userAdmin.addPermission( manager.getPermission( "Remove Roles" ) );
+                userAdmin.addPermission( manager.getPermission( "Grant Roles" ) );
                 userAdmin.setAssignable( true );
                 manager.saveRole( userAdmin );
             }
@@ -178,7 +193,7 @@ public class DefaultRoleManager
             if ( !manager.roleExists( "System Administrator" ) )
             {
                 Role admin = manager.createRole( "System Administrator" );
-                admin.addChildRole( manager.getRole( "User Administrator" ) );
+                admin.addChildRoleName( manager.getRole( "User Administrator" ).getName() );
                 admin.addPermission( manager.getPermission( "Edit Configuration" ) );
                 admin.addPermission( manager.getPermission( "Run Indexer" ) );
                 admin.addPermission( manager.getPermission( "Add Repository" ) );
@@ -250,7 +265,7 @@ public class DefaultRoleManager
             regenReports = manager.savePermission( regenReports );
 
             // make the roles
-            Role repositoryObserver = manager.createRole( "Repository Manager - " + repositoryName );
+            Role repositoryObserver = manager.createRole( "Repository Observer - " + repositoryName );
             repositoryObserver.addPermission( editRepo );
             repositoryObserver.setAssignable( true );
             repositoryObserver = manager.saveRole( repositoryObserver );
@@ -259,7 +274,7 @@ public class DefaultRoleManager
             repositoryManager.addPermission( editRepo );
             repositoryManager.addPermission( deleteRepo );
             repositoryManager.addPermission( regenReports );
-            repositoryManager.addChildRole( repositoryObserver );
+            repositoryManager.addChildRoleName( repositoryObserver.getName() );
             repositoryManager.setAssignable( true );
             manager.saveRole( repositoryManager );
 
diff --git a/archiva-webapp/src/main/resources/xwork.xml b/archiva-webapp/src/main/resources/xwork.xml
index 3b98abb00..4b900e04f 100644
--- a/archiva-webapp/src/main/resources/xwork.xml
+++ b/archiva-webapp/src/main/resources/xwork.xml
@@ -238,7 +238,7 @@
     </action>
 
 
-    <action name="user" class="userManagement">
+    <action name="user" class="userManagement" method="display">
       <result name="success">/WEB-INF/jsp/user.jsp</result>
     </action>
 
diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp
index a70ecbdfb..f2a220174 100644
--- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp
+++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp
@@ -97,11 +97,14 @@
 <c:forEach items="${repositories}" var="repository" varStatus="i">
   <div>
     <div style="float: right">
-        <%-- TODO replace with icons --%>
-      <a href="<ww:url action="editRepository" method="input"><ww:param name="repoId" value="%{'${repository.id}'}" /></ww:url>">Edit
-        Repository</a> | <a
-        href="<ww:url action="deleteRepository" method="input"><ww:param name="repoId" value="%{'${repository.id}'}" /></ww:url>">Delete
-      Repository</a>
+      <ww:url id="editRepositoryUrl" action="editRepository" method="input">
+        <ww:param name="repoId" value="%{'${repository.id}'}" />
+      </ww:url>
+      <ww:url id="deleteRepositoryUrl" action="deleteRepository" method="input">
+        <ww:param name="repoId" value="%{'${repository.id}'}" />
+      </ww:url>
+      <%-- TODO replace with icons --%>
+      <pss:ifAuthorized permission="edit-repository" resource="${repository.id}"><ww:a href="%{editRepositoryUrl}">Edit Repository</ww:a></pss:ifAuthorized> | <pss:ifAuthorized permission="delete-repository" resource="${repository.id}"><ww:a href="%{deleteRepositoryUrl}">Delete Repository</ww:a></pss:ifAuthorized>
     </div>
     <h3>${repository.name}</h3>
     <table class="infoTable">
diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp
index 3d25084f6..0260c3619 100644
--- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp
+++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp
@@ -107,39 +107,45 @@
         <my:currentWWUrl action="browse" namespace="/">Browse</my:currentWWUrl>
       </li>
     </ul>
-    <h5>Manage</h5>
-    <ul>
-      <li class="none">
-        <my:currentWWUrl action="reports" namespace="/admin">Reports</my:currentWWUrl>
-      </li>
-
-      <%-- TODO
-            <li class="none">
-              <a href="#">Synchronisation</a>
-            </li>
-      --%>
-
-      <li class="expanded">
-        <my:currentWWUrl action="index" namespace="/admin">Administration</my:currentWWUrl>
-        <ul>
+    <pss:ifAnyAuthorized permissions="edit-all-users,get-reports,edit-configuration">
+      <h5>Manage</h5>
+      <ul>
+        <pss:ifAuthorized permission="get-reports">
           <li class="none">
-            <my:currentWWUrl action="proxiedRepositories" namespace="/admin">Proxied Repositories</my:currentWWUrl>
+            <my:currentWWUrl action="reports" namespace="/admin">Reports</my:currentWWUrl>
           </li>
-
-          <%-- TODO: add back after synced repos are implemented
-                    <li class="none">
-                      <my:currentWWUrl action="syncedRepositories" namespace="/admin">Synced Repositories</my:currentWWUrl>
-                    </li>
+        </pss:ifAuthorized>
+          <%-- TODO
+                <li class="none">
+                  <a href="#">Synchronisation</a>
+                </li>
           --%>
-          <pss:ifAuthorized permission="edit-all-users">
-            <li class="none">
-              <my:currentWWUrl action="userManagement" namespace="/admin">User Management</my:currentWWUrl>
-            </li>
-          </pss:ifAuthorized>
-        </ul>
-      </li>
-    </ul>
-
+        <pss:ifAnyAuthorized permissions="edit-configuration,edit-all-users">
+          <li class="expanded">
+            <pss:ifAuthorized permission="edit-all-users">
+              <my:currentWWUrl action="userManagement" namespace="/admin">User Management</my:currentWWUrl>               
+            </pss:ifAuthorized>
+          </li>
+          <li>
+            <pss:ifAuthorized permission="edit-configuration">
+              <my:currentWWUrl action="index" namespace="/admin">Administration</my:currentWWUrl>
+            </pss:ifAuthorized>
+
+            <ul>
+              <li class="none">
+                <my:currentWWUrl action="proxiedRepositories" namespace="/admin">Proxied Repositories</my:currentWWUrl>
+              </li>
+
+                <%-- TODO: add back after synced repos are implemented
+                          <li class="none">
+                            <my:currentWWUrl action="syncedRepositories" namespace="/admin">Synced Repositories</my:currentWWUrl>
+                          </li>
+                --%>
+            </ul>
+          </li>
+        </pss:ifAnyAuthorized>
+      </ul>
+    </pss:ifAnyAuthorized>
     <br/>
   </div>
 </div>
diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/loginRegister.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/loginRegister.jsp
index 32965c5c6..c81485cd3 100644
--- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/loginRegister.jsp
+++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/loginRegister.jsp
@@ -32,6 +32,10 @@
 
     </div>
 
+    <p>
+      <ww:actionmessage/>
+    </p>
+
     <h2>Login</h2>
     <ww:form action="login">
       <table class="bodyTable">
diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/user.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/user.jsp
index fa8e5a853..ef0c9df95 100644
--- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/user.jsp
+++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/user.jsp
@@ -53,32 +53,51 @@
 
         <table class="bodyTable">
           <ww:iterator id="role" value="assignedRoles">
-            <ww:url id="removeAssignedRoleUrl" action="removeRoleFromUser">
-              <ww:param name="principal">${sessionScope.SecuritySessionUser.principal}</ww:param>
-              <ww:param name="roleName">${sessionScope.SecuritySessionUser.name}</ww:param>
-            </ww:url>
+
             <tr class="a">
              <td>
                <em>${role.name}</em><br/>
              </td>
               <td>
-                <ww:a href="%{removeAssignedRoleUrl}">Delete</ww:a>
+                <pss:ifAuthorized permission="remove-roles">
+                  <ww:url id="removeAssignedRoleUrl" action="removeRoleFromUser">
+                    <ww:param name="principal">${sessionScope.SecuritySessionUser.principal}</ww:param>
+                    <ww:param name="roleName">${role.name}</ww:param>
+                  </ww:url>
+                  <ww:a href="%{removeAssignedRoleUrl}">Delete</ww:a>
+                </pss:ifAuthorized>
               </td>
             </tr>
           </ww:iterator>
         </table>
 
+        <%-- this is for debug purposes only --%>
+         <div id="sidebar">
+           <ww:iterator id="role" value="availableRoles">
+              <ww:url id="addRoleUrl" action="assignRoleToUser">
+                <ww:param name="principal">${sessionScope.SecuritySessionUser.principal}</ww:param>
+                <ww:param name="roleName">${role.name}</ww:param>
+              </ww:url>
+              <ww:a href="%{addRoleUrl}">${role.name}</ww:a>
+              <br/>
+           </ww:iterator>
+         </div>
+
         <h2>Grant Roles</h2>
 
         <p>
-          <ww:iterator id="role" value="availableRoles">
-            <ww:url id="addRoleUrl" action="assignRoleToUser">
-              <ww:param name="principal">${sessionScope.SecuritySessionUser.principal}</ww:param>
-              <ww:param name="roleName">${role.name}</ww:param>
-            </ww:url>
-            <ww:a href="%{addRoleUrl}">${role.name}</ww:a><br/>
-          </ww:iterator>
+
            </p>
+         <pss:ifAuthorized permission="grant-roles">
+            <ww:iterator id="role" value="availableRoles">
+              <ww:url id="addRoleUrl" action="assignRoleToUser">
+                <ww:param name="principal">${sessionScope.SecuritySessionUser.principal}</ww:param>
+                <ww:param name="roleName">${role.name}</ww:param>
+              </ww:url>
+              <ww:a href="%{addRoleUrl}">${role.name}</ww:a>
+              <br/>
+            </ww:iterator>
+          </pss:ifAuthorized>
            <%--
           <p>
             This following screen needs have the various roles worked into it.
@@ -145,7 +164,7 @@
 
               </td>
             </tr>
-            --%>
+
             <tr class="a">
               <td></td>
               <td>
@@ -155,7 +174,7 @@
             </tr>
 
           </table>
-
+             --%>
       </div>
   </div>
 
-- 
2.39.5