diff options
| author | Brett Porter <brett@apache.org> | 2010-01-19 08:15:44 +0000 |
|---|---|---|
| committer | Brett Porter <brett@apache.org> | 2010-01-19 08:15:44 +0000 |
| commit | 70fc5323d6b52c1f2000e4ea6a68fbc46f5e9b94 (patch) | |
| tree | 9beae0d278355f40c046c6108f7956ee861cf3c6 /archiva-modules | |
| parent | 06a035aacd3acaf98eddea5a110d4593323137a1 (diff) | |
| download | archiva-70fc5323d6b52c1f2000e4ea6a68fbc46f5e9b94.tar.gz archiva-70fc5323d6b52c1f2000e4ea6a68fbc46f5e9b94.zip | |
[MRM-1316] restrict audit log report to repositories that you are a manager of
git-svn-id: https://svn.apache.org/repos/asf/archiva/branches/MRM-1025@900696 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'archiva-modules')
4 files changed, 52 insertions, 50 deletions
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/reports/ViewAuditLogReportAction.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/reports/ViewAuditLogReportAction.java index d2244cfa5..1b06ed199 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/reports/ViewAuditLogReportAction.java +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/reports/ViewAuditLogReportAction.java @@ -21,12 +21,13 @@ package org.apache.maven.archiva.web.action.reports; import java.util.ArrayList; import java.util.Calendar; +import java.util.Collection; import java.util.Collections; import java.util.Date; import java.util.List; - import javax.servlet.http.HttpServletRequest; +import com.opensymphony.xwork2.Preparable; import org.apache.archiva.audit.AuditManager; import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.time.DateUtils; @@ -41,8 +42,6 @@ import org.codehaus.redback.integration.interceptor.SecureAction; import org.codehaus.redback.integration.interceptor.SecureActionBundle; import org.codehaus.redback.integration.interceptor.SecureActionException; -import com.opensymphony.xwork2.Preparable; - /** * @plexus.component role="com.opensymphony.xwork2.Action" role-hint="viewAuditLogReport" * instantiation-strategy="per-lookup" @@ -106,7 +105,13 @@ public class ViewAuditLogReportAction public SecureActionBundle getSecureActionBundle() throws SecureActionException { - return null; + SecureActionBundle bundle = new SecureActionBundle(); + + // TODO: should require this, but for now we trust in the list of repositories +// bundle.setRequiresAuthentication( true ); +// bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_VIEW_AUDIT_LOG ); + + return bundle; } public void setServletRequest( HttpServletRequest request ) @@ -120,7 +125,8 @@ public class ViewAuditLogReportAction { repositories = new ArrayList<String>(); repositories.add( ALL_REPOSITORIES ); - repositories.addAll( getObservableRepositories() ); + List<String> repos = getManagableRepositories(); + repositories.addAll( repos ); auditLogs = null; groupId = ""; @@ -136,7 +142,7 @@ public class ViewAuditLogReportAction headerName = HEADER_RESULTS; } - auditLogs = auditManager.getMostRecentAuditEvents(); + auditLogs = auditManager.getMostRecentAuditEvents( repos ); } public String execute() @@ -177,9 +183,20 @@ public class ViewAuditLogReportAction range[0] = ( page - 1 ) * rowCount; range[1] = ( page * rowCount ) + 1; - String repo = repository.equals( ALL_REPOSITORIES ) ? null : repository; + Collection<String> repos = getManagableRepositories(); + if ( !repository.equals( ALL_REPOSITORIES ) ) + { + if ( repos.contains( repository ) ) + { + repos = Collections.singletonList( repository ); + } + else + { + repos = Collections.emptyList(); + } + } // TODO: query by artifact - auditLogs = auditManager.getAuditEventsInRange( repo, startDateInDF, endDateInDF ); + auditLogs = auditManager.getAuditEventsInRange( repos, startDateInDF, endDateInDF ); if( auditLogs.isEmpty() ) { @@ -223,11 +240,11 @@ public class ViewAuditLogReportAction next = StringUtils.replace( next, " ", "%20" ); } - private List<String> getObservableRepositories() + private List<String> getManagableRepositories() { try { - return userRepositories.getObservableRepositoryIds( getPrincipal() ); + return userRepositories.getManagableRepositoryIds( getPrincipal() ); } catch ( PrincipalNotFoundException e ) { diff --git a/archiva-modules/plugins/audit/src/main/java/org/apache/archiva/audit/AuditManager.java b/archiva-modules/plugins/audit/src/main/java/org/apache/archiva/audit/AuditManager.java index addb9c0e3..137e0a83f 100644 --- a/archiva-modules/plugins/audit/src/main/java/org/apache/archiva/audit/AuditManager.java +++ b/archiva-modules/plugins/audit/src/main/java/org/apache/archiva/audit/AuditManager.java @@ -19,6 +19,7 @@ package org.apache.archiva.audit; * under the License. */ +import java.util.Collection; import java.util.Date; import java.util.List; @@ -26,11 +27,11 @@ import org.apache.maven.archiva.repository.audit.AuditEvent; public interface AuditManager { - List<AuditEvent> getMostRecentAuditEvents(); + List<AuditEvent> getMostRecentAuditEvents( List<String> repositoryIds ); void addAuditEvent( AuditEvent event ); void deleteAuditEvents( String repositoryId ); - List<AuditEvent> getAuditEventsInRange( String repositoryId, Date startTime, Date endTime ); + List<AuditEvent> getAuditEventsInRange( Collection<String> repositoryIds, Date startTime, Date endTime ); }
\ No newline at end of file diff --git a/archiva-modules/plugins/audit/src/main/java/org/apache/archiva/audit/DefaultAuditManager.java b/archiva-modules/plugins/audit/src/main/java/org/apache/archiva/audit/DefaultAuditManager.java index e8161f982..ffa34dd02 100644 --- a/archiva-modules/plugins/audit/src/main/java/org/apache/archiva/audit/DefaultAuditManager.java +++ b/archiva-modules/plugins/audit/src/main/java/org/apache/archiva/audit/DefaultAuditManager.java @@ -48,11 +48,11 @@ public class DefaultAuditManager private static final Logger log = LoggerFactory.getLogger( DefaultAuditManager.class ); - public List<AuditEvent> getMostRecentAuditEvents() + public List<AuditEvent> getMostRecentAuditEvents( List<String> repositoryIds ) { // TODO: consider a more efficient implementation that directly gets the last ten from the content repository List<AuditRecord> records = new ArrayList<AuditRecord>(); - for ( String repositoryId : metadataRepository.getRepositories() ) + for ( String repositoryId : repositoryIds ) { List<String> timestamps = metadataRepository.getMetadataFacets( repositoryId, AuditEvent.FACET_ID ); for ( String timestamp : timestamps ) @@ -88,11 +88,8 @@ public class DefaultAuditManager metadataRepository.removeMetadataFacets( repositoryId, AuditEvent.FACET_ID ); } - public List<AuditEvent> getAuditEventsInRange( String repoId, Date startTime, Date endTime ) + public List<AuditEvent> getAuditEventsInRange( Collection<String> repositoryIds, Date startTime, Date endTime ) { - Collection<String> repositoryIds = - repoId != null ? Collections.singletonList( repoId ) : metadataRepository.getRepositories(); - List<AuditEvent> results = new ArrayList<AuditEvent>(); for ( String repositoryId : repositoryIds ) { diff --git a/archiva-modules/plugins/audit/src/test/java/org/apache/archiva/audit/AuditManagerTest.java b/archiva-modules/plugins/audit/src/test/java/org/apache/archiva/audit/AuditManagerTest.java index a384a83dc..2666a852b 100644 --- a/archiva-modules/plugins/audit/src/test/java/org/apache/archiva/audit/AuditManagerTest.java +++ b/archiva-modules/plugins/audit/src/test/java/org/apache/archiva/audit/AuditManagerTest.java @@ -91,9 +91,6 @@ public class AuditManagerTest public void testGetMostRecentEvents() throws ParseException { - metadataRepositoryControl.expectAndReturn( metadataRepository.getRepositories(), - Collections.singletonList( TEST_REPO_ID ) ); - int numEvents = 11; List<String> eventNames = new ArrayList<String>( numEvents ); for ( int i = 0; i < numEvents; i++ ) @@ -113,7 +110,7 @@ public class AuditManagerTest } metadataRepositoryControl.replay(); - List<AuditEvent> events = auditManager.getMostRecentAuditEvents(); + List<AuditEvent> events = auditManager.getMostRecentAuditEvents( Collections.singletonList( TEST_REPO_ID ) ); assertNotNull( events ); assertEquals( numEvents - 1, events.size() ); int expectedTimestampCounter = numEvents - 1; @@ -149,8 +146,6 @@ public class AuditManagerTest public void testGetMostRecentEventsLessThan10() throws ParseException { - metadataRepositoryControl.expectAndReturn( metadataRepository.getRepositories(), - Collections.singletonList( TEST_REPO_ID ) ); int numEvents = 5; List<String> eventNames = new ArrayList<String>( numEvents ); for ( int i = 0; i < numEvents; i++ ) @@ -170,7 +165,7 @@ public class AuditManagerTest } metadataRepositoryControl.replay(); - List<AuditEvent> events = auditManager.getMostRecentAuditEvents(); + List<AuditEvent> events = auditManager.getMostRecentAuditEvents( Collections.singletonList( TEST_REPO_ID ) ); assertNotNull( events ); assertEquals( numEvents, events.size() ); int expectedTimestampCounter = numEvents - 1; @@ -187,8 +182,6 @@ public class AuditManagerTest public void testGetMostRecentEventsInterleavedRepositories() throws ParseException { - metadataRepositoryControl.expectAndReturn( metadataRepository.getRepositories(), - Arrays.asList( TEST_REPO_ID, TEST_REPO_ID_2 ) ); int numEvents = 11; Map<String, List<String>> eventNames = new LinkedHashMap<String, List<String>>(); List<AuditEvent> events = new ArrayList<AuditEvent>(); @@ -216,7 +209,7 @@ public class AuditManagerTest } metadataRepositoryControl.replay(); - events = auditManager.getMostRecentAuditEvents(); + events = auditManager.getMostRecentAuditEvents( Arrays.asList( TEST_REPO_ID, TEST_REPO_ID_2 ) ); assertNotNull( events ); assertEquals( numEvents - 1, events.size() ); int expectedTimestampCounter = numEvents - 1; @@ -248,14 +241,11 @@ public class AuditManagerTest public void testGetMostRecentEventsWhenEmpty() { - metadataRepositoryControl.expectAndReturn( metadataRepository.getRepositories(), - Collections.singletonList( TEST_REPO_ID ) ); - metadataRepositoryControl.expectAndReturn( metadataRepository.getMetadataFacets( TEST_REPO_ID, AuditEvent.FACET_ID ), Collections.emptyList() ); metadataRepositoryControl.replay(); - assertTrue( auditManager.getMostRecentAuditEvents().isEmpty() ); + assertTrue( auditManager.getMostRecentAuditEvents( Collections.singletonList( TEST_REPO_ID ) ).isEmpty() ); metadataRepositoryControl.verify(); } @@ -322,9 +312,9 @@ public class AuditManagerTest metadataRepositoryControl.replay(); - List<AuditEvent> events = - auditManager.getAuditEventsInRange( TEST_REPO_ID, new Date( current.getTime() - 4000 ), - new Date( current.getTime() - 2000 ) ); + List<AuditEvent> events = auditManager.getAuditEventsInRange( Collections.singletonList( TEST_REPO_ID ), + new Date( current.getTime() - 4000 ), + new Date( current.getTime() - 2000 ) ); assertEquals( 1, events.size() ); assertEvent( events.get( 0 ), name2, expectedEvent.getResource() ); @@ -355,8 +345,8 @@ public class AuditManagerTest metadataRepositoryControl.replay(); - List<AuditEvent> events = - auditManager.getAuditEventsInRange( TEST_REPO_ID, new Date( current.getTime() - 4000 ), current ); + List<AuditEvent> events = auditManager.getAuditEventsInRange( Collections.singletonList( TEST_REPO_ID ), + new Date( current.getTime() - 4000 ), current ); assertEquals( 2, events.size() ); assertEvent( events.get( 0 ), name3, expectedEvent3.getResource() ); @@ -388,9 +378,9 @@ public class AuditManagerTest metadataRepositoryControl.replay(); - List<AuditEvent> events = - auditManager.getAuditEventsInRange( TEST_REPO_ID, new Date( current.getTime() - 20000 ), - new Date( current.getTime() - 2000 ) ); + List<AuditEvent> events = auditManager.getAuditEventsInRange( Collections.singletonList( TEST_REPO_ID ), + new Date( current.getTime() - 20000 ), + new Date( current.getTime() - 2000 ) ); assertEquals( 2, events.size() ); assertEvent( events.get( 0 ), name2, expectedEvent2.getResource() ); @@ -425,8 +415,8 @@ public class AuditManagerTest metadataRepositoryControl.replay(); - List<AuditEvent> events = - auditManager.getAuditEventsInRange( TEST_REPO_ID, new Date( current.getTime() - 20000 ), current ); + List<AuditEvent> events = auditManager.getAuditEventsInRange( Collections.singletonList( TEST_REPO_ID ), + new Date( current.getTime() - 20000 ), current ); assertEquals( 3, events.size() ); assertEvent( events.get( 0 ), name3, expectedEvent3.getResource() ); @@ -439,9 +429,6 @@ public class AuditManagerTest public void testGetEventsRangeMultipleRepositories() throws ParseException { - metadataRepositoryControl.expectAndReturn( metadataRepository.getRepositories(), - Arrays.asList( TEST_REPO_ID, TEST_REPO_ID_2 ) ); - Date current = new Date(); String name1 = TIMESTAMP_FORMAT.format( new Date( current.getTime() - 12345 ) ); @@ -466,8 +453,8 @@ public class AuditManagerTest metadataRepositoryControl.replay(); - List<AuditEvent> events = - auditManager.getAuditEventsInRange( null, new Date( current.getTime() - 20000 ), current ); + List<AuditEvent> events = auditManager.getAuditEventsInRange( Arrays.asList( TEST_REPO_ID, TEST_REPO_ID_2 ), + new Date( current.getTime() - 20000 ), current ); assertEquals( 3, events.size() ); assertEvent( events.get( 0 ), name3, expectedEvent3.getResource() ); @@ -496,9 +483,9 @@ public class AuditManagerTest metadataRepositoryControl.replay(); - List<AuditEvent> events = - auditManager.getAuditEventsInRange( TEST_REPO_ID, new Date( current.getTime() - 20000 ), - new Date( current.getTime() - 16000 ) ); + List<AuditEvent> events = auditManager.getAuditEventsInRange( Collections.singletonList( TEST_REPO_ID ), + new Date( current.getTime() - 20000 ), + new Date( current.getTime() - 16000 ) ); assertEquals( 0, events.size() ); |