summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOlivier Lamy <olamy@apache.org>2012-03-19 10:50:02 +0000
committerOlivier Lamy <olamy@apache.org>2012-03-19 10:50:02 +0000
commit3b01da90b56a94ba43cf2b6b20ab32f0e73300e1 (patch)
tree72c62f7fc5702d5bdabca6e5b3280457698f2091
parent59e77fb4d6d299de2cfe6a54ef3f810d6f212c96 (diff)
downloadarchiva-3b01da90b56a94ba43cf2b6b20ab32f0e73300e1.tar.gz
archiva-3b01da90b56a94ba43cf2b6b20ab32f0e73300e1.zip
add REST method to know if user able to delete artifact on a repository
git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@1302367 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r--archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/services/RepositoriesService.java6
-rw-r--r--archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/services/DefaultRepositoriesService.java37
-rw-r--r--archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/RepositoriesServiceTest.java46
-rw-r--r--archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/DefaultUserRepositories.java2
4 files changed, 78 insertions, 13 deletions
diff --git a/archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/services/RepositoriesService.java b/archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/services/RepositoriesService.java
index 7d8ea76a7..3ad9a8714 100644
--- a/archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/services/RepositoriesService.java
+++ b/archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/services/RepositoriesService.java
@@ -121,5 +121,11 @@ public interface RepositoriesService
Boolean deleteArtifact( @QueryParam( "" ) Artifact artifact, @QueryParam( "repositoryId" ) String repositoryId )
throws ArchivaRestServiceException;
+ @Path( "isAuthorizedToDeleteArtifacts/{repositoryId}" )
+ @GET
+ @Produces( { MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML, MediaType.TEXT_PLAIN } )
+ @RedbackAuthorization( noPermission = true, noRestriction = true)
+ Boolean isAuthorizedToDeleteArtifacts( @PathParam( "repositoryId" ) String repoId )
+ throws ArchivaRestServiceException;
}
diff --git a/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/services/DefaultRepositoriesService.java b/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/services/DefaultRepositoriesService.java
index df6a28744..e5517dd5a 100644
--- a/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/services/DefaultRepositoriesService.java
+++ b/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/services/DefaultRepositoriesService.java
@@ -65,6 +65,7 @@ import org.apache.archiva.scheduler.indexing.DownloadRemoteIndexException;
import org.apache.archiva.scheduler.indexing.DownloadRemoteIndexScheduler;
import org.apache.archiva.scheduler.repository.RepositoryArchivaTaskScheduler;
import org.apache.archiva.scheduler.repository.RepositoryTask;
+import org.apache.archiva.security.ArchivaSecurityException;
import org.apache.archiva.security.common.ArchivaRoleConstants;
import org.apache.archiva.xml.XMLException;
import org.apache.commons.io.FilenameUtils;
@@ -85,6 +86,7 @@ import org.springframework.stereotype.Service;
import javax.inject.Inject;
import javax.inject.Named;
+import javax.ws.rs.core.Response;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
@@ -624,13 +626,17 @@ public class DefaultRepositoriesService
public Boolean deleteArtifact( Artifact artifact, String repositoryId )
throws ArchivaRestServiceException
{
- String userName = (String) getAuditInformation().getUser().getUsername();
- if ( StringUtils.isBlank( userName ) )
+
+ if ( StringUtils.isEmpty( repositoryId ) )
{
- // TODO use constants from a class instead of magic number
- throw new ArchivaRestServiceException( "deleteArtifact call: userName not found", 403 );
+ throw new ArchivaRestServiceException( "repositoryId cannot be null", 400 );
+ }
+ if ( !isAuthorizedToDeleteArtifacts( repositoryId ) )
+ {
+ throw new ArchivaRestServiceException( "not authorized to delete artifacts", 403 );
}
+
if ( artifact == null )
{
throw new ArchivaRestServiceException( "artifact cannot be null", 400 );
@@ -646,11 +652,6 @@ public class DefaultRepositoriesService
throw new ArchivaRestServiceException( "artifact.artifactId cannot be null", 400 );
}
- if ( StringUtils.isEmpty( repositoryId ) )
- {
- throw new ArchivaRestServiceException( "repositoryId cannot be null", 400 );
- }
-
// TODO more control on artifact fields
RepositorySession repositorySession = repositorySessionFactory.createSession();
@@ -771,6 +772,24 @@ public class DefaultRepositoriesService
return Boolean.TRUE;
}
+ public Boolean isAuthorizedToDeleteArtifacts( String repoId )
+ throws ArchivaRestServiceException
+ {
+ String userName =
+ getAuditInformation().getUser() == null ? "guest" : getAuditInformation().getUser().getUsername();
+
+ try
+ {
+ boolean res = userRepositories.isAuthorizedToDeleteArtifacts( userName, repoId );
+ return res;
+ }
+ catch ( ArchivaSecurityException e )
+ {
+ throw new ArchivaRestServiceException( e.getMessage(),
+ Response.Status.INTERNAL_SERVER_ERROR.getStatusCode() );
+ }
+ }
+
public RepositoryScanStatistics scanRepositoryDirectoriesNow( String repositoryId )
throws ArchivaRestServiceException
{
diff --git a/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/RepositoriesServiceTest.java b/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/RepositoriesServiceTest.java
index d9c120c89..c0ad360aa 100644
--- a/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/RepositoriesServiceTest.java
+++ b/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/RepositoriesServiceTest.java
@@ -152,12 +152,52 @@ public class RepositoriesServiceTest
}
}
+ @Test
+ public void authorizedToDeleteArtifacts()
+ throws Exception
+ {
+ ManagedRepository managedRepository = getTestManagedRepository( "SOURCE_REPO_ID", "SOURCE_REPO_ID" );
+ try
+ {
+ getManagedRepositoriesService( authorizationHeader ).addManagedRepository( managedRepository );
+ RepositoriesService repositoriesService = getRepositoriesService( authorizationHeader );
+ assertTrue( repositoriesService.isAuthorizedToDeleteArtifacts( managedRepository.getId() ) );
+ }
+ finally
+ {
+ getManagedRepositoriesService( authorizationHeader ).deleteManagedRepository( managedRepository.getId(),
+ true );
+ }
+ }
+
+ @Test
+ public void notAuthorizedToDeleteArtifacts()
+ throws Exception
+ {
+ ManagedRepository managedRepository = getTestManagedRepository( "SOURCE_REPO_ID", "SOURCE_REPO_ID" );
+ try
+ {
+ getManagedRepositoriesService( authorizationHeader ).addManagedRepository( managedRepository );
+ RepositoriesService repositoriesService = getRepositoriesService( guestAuthzHeader );
+ assertFalse( repositoriesService.isAuthorizedToDeleteArtifacts( managedRepository.getId() ) );
+ }
+ finally
+ {
+ getManagedRepositoriesService( authorizationHeader ).deleteManagedRepository( managedRepository.getId(),
+ true );
+ }
+ }
+
+ protected ManagedRepository getTestManagedRepository( String id, String path )
+ {
+ String location = new File( FileUtil.getBasedir(), "target/" + path ).getAbsolutePath();
+ return new ManagedRepository( id, id, location, "default", true, true, true, "2 * * * * ?", null, false, 80, 80,
+ true, false );
+ }
protected ManagedRepository getTestManagedRepository()
{
- String location = new File( FileUtil.getBasedir(), "target/test-repo" ).getAbsolutePath();
- return new ManagedRepository( "TEST", "test", location, "default", true, true, true, "2 * * * * ?", null, false,
- 80, 80, true, false );
+ return getTestManagedRepository( "TEST", "test-repo" );
}
}
diff --git a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/DefaultUserRepositories.java b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/DefaultUserRepositories.java
index cfd6da5c8..53dc150d8 100644
--- a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/DefaultUserRepositories.java
+++ b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/DefaultUserRepositories.java
@@ -205,7 +205,7 @@ public class DefaultUserRepositories
}
public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
- throws AccessDeniedException, ArchivaSecurityException
+ throws ArchivaSecurityException
{
try
{