add role profiles

git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@450822 13f79535-47bb-0310-9956-ffa450edef68
author: Brett Porter <brett@apache.org> 2006-09-28 12:06:45 +0000
committer: Brett Porter <brett@apache.org> 2006-09-28 12:06:45 +0000
commit: 46926538b885383dd37db1649c5836da4348240b (patch)
tree: 2dd88f15987641734e1bcdfbefa0411b76d6eb3d /archiva-security/src/main
parent: 1e99374aee61d603ad8211ae9cbc5dbd97ac697b (diff)
download: archiva-46926538b885383dd37db1649c5836da4348240b.tar.gz
archiva-46926538b885383dd37db1649c5836da4348240b.zip
5 files changed, 162 insertions, 0 deletions
diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
index adef01f19..17e085878 100644
--- a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
+++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
@@ -18,14 +18,42 @@ package org.apache.maven.archiva.security;
 
 public class ArchivaRoleConstants
 {
+    public static final String DELIMITER = " - ";
+
     // globalish roles
     public static final String SYSTEM_ADMINISTRATOR_ROLE = "System Administrator";
+
     public static final String USER_ADMINISTRATOR_ROLE = "User Administrator";
+
     public static final String REGISTERED_USER_ROLE = "Registered User";
+
     public static final String GUEST_ROLE = "Guest";
 
+    // dynamic role prefixes
+    public static final String REPOSITORY_MANAGER_ROLE_PREFIX = "Repository Manager";
+
+    public static final String REPOSITORY_OBSERVER_ROLE_PREFIX = "Repository Observer";
+
     // operations
     public static final String OPERATION_MANAGE_USERS = "archiva-manage-users";
+
     public static final String OPERATION_MANAGE_CONFIGURATION = "archiva-manage-configuration";
+
     public static final String OPERATION_ACTIVE_GUEST = "archiva-guest";
+
+    public static final String OPERATION_RUN_INDEXER = "archiva-run-indexer";
+
+    public static final String OPERATION_REGENERATE_INDEX = "archiva-regenerate-index";
+
+    public static final String OPERATION_ACCESS_REPORT = "archiva-access-reports";
+
+    public static final String OPERATION_ADD_REPOSITORY = "archiva-add-repository";
+
+    public static final String OPERATION_REPOSITORY_ACCESS = "archiva-read-repository";
+
+    public static final String OPERATION_DELETE_REPOSITORY = "archiva-delete-repository";
+
+    public static final String OPERATION_EDIT_REPOSITORY = "archiva-edit-repository";
+
+    public static final String OPERATION_REPOSITORY_UPLOAD = "archiva-upload-repository";
 }
diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java
index 81d354176..facb4dfad 100644
--- a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java
+++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java
@@ -39,6 +39,12 @@ public class ArchivaSystemAdministratorRoleProfile
         List operations = new ArrayList();
         operations.add( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION );
         operations.add( ArchivaRoleConstants.OPERATION_MANAGE_USERS );
+        operations.add( ArchivaRoleConstants.OPERATION_RUN_INDEXER );
+        operations.add( ArchivaRoleConstants.OPERATION_REGENERATE_INDEX );
+        operations.add( ArchivaRoleConstants.OPERATION_ACCESS_REPORT ); // TODO: does this need to be templated?
+        operations.add( ArchivaRoleConstants.OPERATION_ADD_REPOSITORY );
+        operations.add( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY );
+        operations.add( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY );
         return operations;
     }
 
diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryManagerDynamicRoleProfile.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryManagerDynamicRoleProfile.java
new file mode 100644
index 000000000..564f4a0b7
--- /dev/null
+++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryManagerDynamicRoleProfile.java
@@ -0,0 +1,61 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.rbac.profile.AbstractDynamicRoleProfile;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * @plexus.component role="org.codehaus.plexus.rbac.profile.DynamicRoleProfile"
+ * role-hint="archiva-repository-manager"
+ */
+public class RepsitoryManagerDynamicRoleProfile
+    extends AbstractDynamicRoleProfile
+{
+    public String getRoleName( String string )
+    {
+        return ArchivaRoleConstants.REPOSITORY_MANAGER_ROLE_PREFIX + ArchivaRoleConstants.DELIMITER + string;
+    }
+
+    public List getOperations()
+    {
+        List operations = new ArrayList();
+
+        // I'm not sure these are appropriate roles.
+        operations.add( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY );
+        operations.add( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY );
+
+        operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
+        operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD );
+        return operations;
+    }
+
+    public List getDynamicChildRoles( String string )
+    {
+        return Collections.singletonList(
+            ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + ArchivaRoleConstants.DELIMITER + string );
+    }
+
+    public boolean isAssignable()
+    {
+        return true;
+    }
+}
+
diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryObserverDynamicRoleProfile.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryObserverDynamicRoleProfile.java
new file mode 100644
index 000000000..9b0338bf5
--- /dev/null
+++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryObserverDynamicRoleProfile.java
@@ -0,0 +1,47 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.rbac.profile.AbstractDynamicRoleProfile;
+
+import java.util.List;
+import java.util.ArrayList;
+
+/**
+ * @plexus.component role="org.codehaus.plexus.rbac.profile.DynamicRoleProfile"
+ * role-hint="archiva-repository-observer"
+ */
+public class RepsitoryObserverDynamicRoleProfile
+    extends AbstractDynamicRoleProfile
+{
+    public String getRoleName( String string )
+    {
+        return ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + ArchivaRoleConstants.DELIMITER + string;
+    }
+
+    public List getOperations()
+    {
+        List operations = new ArrayList();
+        operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
+        return operations;
+    }
+
+    public boolean isAssignable()
+    {
+        return true;
+    }
+}
diff --git a/archiva-security/src/main/resources/META-INF/plexus/components.xml b/archiva-security/src/main/resources/META-INF/plexus/components.xml
index 9fc5dbf18..8accc36fe 100644
--- a/archiva-security/src/main/resources/META-INF/plexus/components.xml
+++ b/archiva-security/src/main/resources/META-INF/plexus/components.xml
@@ -63,5 +63,25 @@
         </requirement>
       </requirements>
     </component>
+    <component>
+      <role>org.codehaus.plexus.rbac.profile.DynamicRoleProfile</role>
+      <role-hint>archiva-repository-manager</role-hint>
+      <implementation>org.apache.maven.archiva.security.RepositoryManagerDynamicRoleProfile</implementation>
+      <requirements>
+        <requirement>
+          <role>org.codehaus.plexus.security.rbac.RBACManager</role>
+        </requirement>
+      </requirements>
+    </component>
+    <component>
+      <role>org.codehaus.plexus.rbac.profile.DynamicRoleProfile</role>
+      <role-hint>archiva-repository-observer</role-hint>
+      <implementation>org.apache.maven.archiva.security.RepositoryObserverDynamicRoleProfile</implementation>
+      <requirements>
+        <requirement>
+          <role>org.codehaus.plexus.security.rbac.RBACManager</role>
+        </requirement>
+      </requirements>
+    </component>
   </components>
 </component-set>
author	Brett Porter <brett@apache.org>	2006-09-28 12:06:45 +0000
committer	Brett Porter <brett@apache.org>	2006-09-28 12:06:45 +0000
commit	46926538b885383dd37db1649c5836da4348240b (patch)
tree	2dd88f15987641734e1bcdfbefa0411b76d6eb3d /archiva-security/src/main
parent	1e99374aee61d603ad8211ae9cbc5dbd97ac697b (diff)
download	archiva-46926538b885383dd37db1649c5836da4348240b.tar.gz archiva-46926538b885383dd37db1649c5836da4348240b.zip