git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@1197359 13f79535-47bb-0310-9956-ffa450edef68tags/archiva-1.4-M2
@@ -141,6 +141,11 @@ | |||
<artifactId>redback-users-memory</artifactId> | |||
<scope>test</scope> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.codehaus.redback</groupId> | |||
<artifactId>redback-common-test-resources</artifactId> | |||
<scope>test</scope> | |||
</dependency> | |||
</dependencies> | |||
<build> | |||
<pluginManagement> |
@@ -1,247 +0,0 @@ | |||
<!-- | |||
~ Licensed to the Apache Software Foundation (ASF) under one | |||
~ or more contributor license agreements. See the NOTICE file | |||
~ distributed with this work for additional information | |||
~ regarding copyright ownership. The ASF licenses this file | |||
~ to you under the Apache License, Version 2.0 (the | |||
~ "License"); you may not use this file except in compliance | |||
~ with the License. You may obtain a copy of the License at | |||
~ | |||
~ http://www.apache.org/licenses/LICENSE-2.0 | |||
~ | |||
~ Unless required by applicable law or agreed to in writing, | |||
~ software distributed under the License is distributed on an | |||
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||
~ KIND, either express or implied. See the License for the | |||
~ specific language governing permissions and limitations | |||
~ under the License. | |||
--> | |||
<redback-role-model> | |||
<modelVersion>1.0.0</modelVersion> | |||
<applications> | |||
<application> | |||
<id>System</id> | |||
<description>Roles that apply system-wide, across all of the applications</description> | |||
<version>1.0.0</version> | |||
<resources> | |||
<resource> | |||
<id>global</id> | |||
<name>*</name> | |||
<permanent>true</permanent> | |||
<description>global resource implies full access for authorization</description> | |||
</resource> | |||
<resource> | |||
<id>username</id> | |||
<name>${username}</name> | |||
<permanent>true</permanent> | |||
<description>replaced with the username of the principal at authorization check time</description> | |||
</resource> | |||
</resources> | |||
<operations> | |||
<operation> | |||
<id>configuration-edit</id> | |||
<name>configuration-edit</name> | |||
<description>edit configuration</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-create</id> | |||
<name>user-management-user-create</name> | |||
<description>create user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-edit</id> | |||
<name>user-management-user-edit</name> | |||
<description>edit user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-role</id> | |||
<name>user-management-user-role</name> | |||
<description>user roles</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-delete</id> | |||
<name>user-management-user-delete</name> | |||
<description>delete user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-list</id> | |||
<name>user-management-user-list</name> | |||
<description>list users</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-role-grant</id> | |||
<name>user-management-role-grant</name> | |||
<description>grant role</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-role-drop</id> | |||
<name>user-management-role-drop</name> | |||
<description>drop role</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-rbac-admin</id> | |||
<name>user-management-rbac-admin</name> | |||
<description>administer rbac</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>guest-access</id> | |||
<name>guest-access</name> | |||
<description>access guest</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-manage-data</id> | |||
<name>user-management-manage-data</name> | |||
<description>manage data</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
</operations> | |||
<roles> | |||
<role> | |||
<id>system-administrator</id> | |||
<name>System Administrator</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>edit-redback-configuration</id> | |||
<name>Edit Redback Configuration</name> | |||
<operation>configuration-edit</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>manage-rbac-setup</id> | |||
<name>User RBAC Management</name> | |||
<operation>user-management-rbac-admin</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>manage-rbac-data</id> | |||
<name>RBAC Manage Data</name> | |||
<operation>user-management-manage-data</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
<childRoles> | |||
<childRole>user-administrator</childRole> | |||
</childRoles> | |||
</role> | |||
<role> | |||
<id>user-administrator</id> | |||
<name>User Administrator</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>drop-roles-for-anyone</id> | |||
<name>Drop Roles for Anyone</name> | |||
<operation>user-management-role-drop</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>grant-roles-for-anyone</id> | |||
<name>Grant Roles for Anyone</name> | |||
<operation>user-management-role-grant</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-create</id> | |||
<name>Create Users</name> | |||
<operation>user-management-user-create</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-delete</id> | |||
<name>Delete Users</name> | |||
<operation>user-management-user-delete</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-edit</id> | |||
<name>Edit Users</name> | |||
<operation>user-management-user-edit</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>access-users-roles</id> | |||
<name>Access Users Roles</name> | |||
<operation>user-management-user-role</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>access-user-list</id> | |||
<name>Access User List</name> | |||
<operation>user-management-user-list</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
<role> | |||
<id>edit-users-list</id> | |||
<name>edit users list</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>access-user-list</id> | |||
<name>Access User List</name> | |||
<operation>user-management-user-list</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
<role> | |||
<id>registered-user</id> | |||
<name>Registered User</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>edit-user-by-username</id> | |||
<name>Edit User Data by Username</name> | |||
<operation>user-management-user-edit</operation> | |||
<resource>username</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
<role> | |||
<id>guest</id> | |||
<name>Guest</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>guest-permission</id> | |||
<name>Guest Permission</name> | |||
<operation>guest-access</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
</roles> | |||
</application> | |||
</applications> | |||
</redback-role-model> |
@@ -143,6 +143,11 @@ | |||
<groupId>org.apache.archiva</groupId> | |||
<artifactId>archiva-security-common</artifactId> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.codehaus.redback</groupId> | |||
<artifactId>redback-common-test-resources</artifactId> | |||
<scope>test</scope> | |||
</dependency> | |||
</dependencies> | |||
<build> | |||
<plugins> |
@@ -1,232 +0,0 @@ | |||
<!-- | |||
~ Licensed to the Apache Software Foundation (ASF) under one | |||
~ or more contributor license agreements. See the NOTICE file | |||
~ distributed with this work for additional information | |||
~ regarding copyright ownership. The ASF licenses this file | |||
~ to you under the Apache License, Version 2.0 (the | |||
~ "License"); you may not use this file except in compliance | |||
~ with the License. You may obtain a copy of the License at | |||
~ | |||
~ http://www.apache.org/licenses/LICENSE-2.0 | |||
~ | |||
~ Unless required by applicable law or agreed to in writing, | |||
~ software distributed under the License is distributed on an | |||
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||
~ KIND, either express or implied. See the License for the | |||
~ specific language governing permissions and limitations | |||
~ under the License. | |||
--> | |||
<redback-role-model> | |||
<modelVersion>1.0.0</modelVersion> | |||
<applications> | |||
<application> | |||
<id>System</id> | |||
<description>Roles that apply system-wide, across all of the applications</description> | |||
<version>1.0.0</version> | |||
<resources> | |||
<resource> | |||
<id>global</id> | |||
<name>*</name> | |||
<permanent>true</permanent> | |||
<description>global resource implies full access for authorization</description> | |||
</resource> | |||
<resource> | |||
<id>username</id> | |||
<name>${username}</name> | |||
<permanent>true</permanent> | |||
<description>replaced with the username of the principal at authorization check time</description> | |||
</resource> | |||
</resources> | |||
<operations> | |||
<operation> | |||
<id>configuration-edit</id> | |||
<name>configuration-edit</name> | |||
<description>edit configuration</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-create</id> | |||
<name>user-management-user-create</name> | |||
<description>create user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-edit</id> | |||
<name>user-management-user-edit</name> | |||
<description>edit user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-role</id> | |||
<name>user-management-user-role</name> | |||
<description>user roles</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-delete</id> | |||
<name>user-management-user-delete</name> | |||
<description>delete user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-list</id> | |||
<name>user-management-user-list</name> | |||
<description>list users</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-role-grant</id> | |||
<name>user-management-role-grant</name> | |||
<description>grant role</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-role-drop</id> | |||
<name>user-management-role-drop</name> | |||
<description>drop role</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-rbac-admin</id> | |||
<name>user-management-rbac-admin</name> | |||
<description>administer rbac</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>guest-access</id> | |||
<name>guest-access</name> | |||
<description>access guest</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-manage-data</id> | |||
<name>user-management-manage-data</name> | |||
<description>manage data</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
</operations> | |||
<roles> | |||
<role> | |||
<id>system-administrator</id> | |||
<name>System Administrator</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>edit-redback-configuration</id> | |||
<name>Edit Redback Configuration</name> | |||
<operation>configuration-edit</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>manage-rbac-setup</id> | |||
<name>User RBAC Management</name> | |||
<operation>user-management-rbac-admin</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>manage-rbac-data</id> | |||
<name>RBAC Manage Data</name> | |||
<operation>user-management-manage-data</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
<childRoles> | |||
<childRole>user-administrator</childRole> | |||
</childRoles> | |||
</role> | |||
<role> | |||
<id>user-administrator</id> | |||
<name>User Administrator</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>drop-roles-for-anyone</id> | |||
<name>Drop Roles for Anyone</name> | |||
<operation>user-management-role-drop</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>grant-roles-for-anyone</id> | |||
<name>Grant Roles for Anyone</name> | |||
<operation>user-management-role-grant</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-create</id> | |||
<name>Create Users</name> | |||
<operation>user-management-user-create</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-delete</id> | |||
<name>Delete Users</name> | |||
<operation>user-management-user-delete</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-edit</id> | |||
<name>Edit Users</name> | |||
<operation>user-management-user-edit</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>access-users-roles</id> | |||
<name>Access Users Roles</name> | |||
<operation>user-management-user-role</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>access-user-list</id> | |||
<name>Access User List</name> | |||
<operation>user-management-user-list</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
<role> | |||
<id>registered-user</id> | |||
<name>Registered User</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>edit-user-by-username</id> | |||
<name>Edit User Data by Username</name> | |||
<operation>user-management-user-edit</operation> | |||
<resource>username</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
<role> | |||
<id>guest</id> | |||
<name>Guest</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>guest-permission</id> | |||
<name>Guest Permission</name> | |||
<operation>guest-access</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
</roles> | |||
</application> | |||
</applications> | |||
</redback-role-model> |
@@ -194,6 +194,12 @@ | |||
<scope>test</scope> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.codehaus.redback</groupId> | |||
<artifactId>redback-common-test-resources</artifactId> | |||
<scope>test</scope> | |||
</dependency> | |||
</dependencies> | |||
<build> |
@@ -1,232 +0,0 @@ | |||
<!-- | |||
~ Licensed to the Apache Software Foundation (ASF) under one | |||
~ or more contributor license agreements. See the NOTICE file | |||
~ distributed with this work for additional information | |||
~ regarding copyright ownership. The ASF licenses this file | |||
~ to you under the Apache License, Version 2.0 (the | |||
~ "License"); you may not use this file except in compliance | |||
~ with the License. You may obtain a copy of the License at | |||
~ | |||
~ http://www.apache.org/licenses/LICENSE-2.0 | |||
~ | |||
~ Unless required by applicable law or agreed to in writing, | |||
~ software distributed under the License is distributed on an | |||
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||
~ KIND, either express or implied. See the License for the | |||
~ specific language governing permissions and limitations | |||
~ under the License. | |||
--> | |||
<redback-role-model> | |||
<modelVersion>1.0.0</modelVersion> | |||
<applications> | |||
<application> | |||
<id>System</id> | |||
<description>Roles that apply system-wide, across all of the applications</description> | |||
<version>1.0.0</version> | |||
<resources> | |||
<resource> | |||
<id>global</id> | |||
<name>*</name> | |||
<permanent>true</permanent> | |||
<description>global resource implies full access for authorization</description> | |||
</resource> | |||
<resource> | |||
<id>username</id> | |||
<name>${username}</name> | |||
<permanent>true</permanent> | |||
<description>replaced with the username of the principal at authorization check time</description> | |||
</resource> | |||
</resources> | |||
<operations> | |||
<operation> | |||
<id>configuration-edit</id> | |||
<name>configuration-edit</name> | |||
<description>edit configuration</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-create</id> | |||
<name>user-management-user-create</name> | |||
<description>create user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-edit</id> | |||
<name>user-management-user-edit</name> | |||
<description>edit user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-role</id> | |||
<name>user-management-user-role</name> | |||
<description>user roles</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-delete</id> | |||
<name>user-management-user-delete</name> | |||
<description>delete user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-list</id> | |||
<name>user-management-user-list</name> | |||
<description>list users</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-role-grant</id> | |||
<name>user-management-role-grant</name> | |||
<description>grant role</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-role-drop</id> | |||
<name>user-management-role-drop</name> | |||
<description>drop role</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-rbac-admin</id> | |||
<name>user-management-rbac-admin</name> | |||
<description>administer rbac</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>guest-access</id> | |||
<name>guest-access</name> | |||
<description>access guest</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-manage-data</id> | |||
<name>user-management-manage-data</name> | |||
<description>manage data</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
</operations> | |||
<roles> | |||
<role> | |||
<id>system-administrator</id> | |||
<name>System Administrator</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>edit-redback-configuration</id> | |||
<name>Edit Redback Configuration</name> | |||
<operation>configuration-edit</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>manage-rbac-setup</id> | |||
<name>User RBAC Management</name> | |||
<operation>user-management-rbac-admin</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>manage-rbac-data</id> | |||
<name>RBAC Manage Data</name> | |||
<operation>user-management-manage-data</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
<childRoles> | |||
<childRole>user-administrator</childRole> | |||
</childRoles> | |||
</role> | |||
<role> | |||
<id>user-administrator</id> | |||
<name>User Administrator</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>drop-roles-for-anyone</id> | |||
<name>Drop Roles for Anyone</name> | |||
<operation>user-management-role-drop</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>grant-roles-for-anyone</id> | |||
<name>Grant Roles for Anyone</name> | |||
<operation>user-management-role-grant</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-create</id> | |||
<name>Create Users</name> | |||
<operation>user-management-user-create</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-delete</id> | |||
<name>Delete Users</name> | |||
<operation>user-management-user-delete</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-edit</id> | |||
<name>Edit Users</name> | |||
<operation>user-management-user-edit</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>access-users-roles</id> | |||
<name>Access Users Roles</name> | |||
<operation>user-management-user-role</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>access-user-list</id> | |||
<name>Access User List</name> | |||
<operation>user-management-user-list</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
<role> | |||
<id>registered-user</id> | |||
<name>Registered User</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>edit-user-by-username</id> | |||
<name>Edit User Data by Username</name> | |||
<operation>user-management-user-edit</operation> | |||
<resource>username</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
<role> | |||
<id>guest</id> | |||
<name>Guest</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>guest-permission</id> | |||
<name>Guest Permission</name> | |||
<operation>guest-access</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
</roles> | |||
</application> | |||
</applications> | |||
</redback-role-model> |
@@ -119,6 +119,13 @@ | |||
<artifactId>wagon-http</artifactId> | |||
<scope>provided</scope> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.codehaus.redback</groupId> | |||
<artifactId>redback-common-test-resources</artifactId> | |||
<scope>test</scope> | |||
</dependency> | |||
</dependencies> | |||
<build> |
@@ -1,247 +0,0 @@ | |||
<!-- | |||
~ Licensed to the Apache Software Foundation (ASF) under one | |||
~ or more contributor license agreements. See the NOTICE file | |||
~ distributed with this work for additional information | |||
~ regarding copyright ownership. The ASF licenses this file | |||
~ to you under the Apache License, Version 2.0 (the | |||
~ "License"); you may not use this file except in compliance | |||
~ with the License. You may obtain a copy of the License at | |||
~ | |||
~ http://www.apache.org/licenses/LICENSE-2.0 | |||
~ | |||
~ Unless required by applicable law or agreed to in writing, | |||
~ software distributed under the License is distributed on an | |||
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||
~ KIND, either express or implied. See the License for the | |||
~ specific language governing permissions and limitations | |||
~ under the License. | |||
--> | |||
<redback-role-model> | |||
<modelVersion>1.0.0</modelVersion> | |||
<applications> | |||
<application> | |||
<id>System</id> | |||
<description>Roles that apply system-wide, across all of the applications</description> | |||
<version>1.0.0</version> | |||
<resources> | |||
<resource> | |||
<id>global</id> | |||
<name>*</name> | |||
<permanent>true</permanent> | |||
<description>global resource implies full access for authorization</description> | |||
</resource> | |||
<resource> | |||
<id>username</id> | |||
<name>${username}</name> | |||
<permanent>true</permanent> | |||
<description>replaced with the username of the principal at authorization check time</description> | |||
</resource> | |||
</resources> | |||
<operations> | |||
<operation> | |||
<id>configuration-edit</id> | |||
<name>configuration-edit</name> | |||
<description>edit configuration</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-create</id> | |||
<name>user-management-user-create</name> | |||
<description>create user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-edit</id> | |||
<name>user-management-user-edit</name> | |||
<description>edit user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-role</id> | |||
<name>user-management-user-role</name> | |||
<description>user roles</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-delete</id> | |||
<name>user-management-user-delete</name> | |||
<description>delete user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-list</id> | |||
<name>user-management-user-list</name> | |||
<description>list users</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-role-grant</id> | |||
<name>user-management-role-grant</name> | |||
<description>grant role</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-role-drop</id> | |||
<name>user-management-role-drop</name> | |||
<description>drop role</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-rbac-admin</id> | |||
<name>user-management-rbac-admin</name> | |||
<description>administer rbac</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>guest-access</id> | |||
<name>guest-access</name> | |||
<description>access guest</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-manage-data</id> | |||
<name>user-management-manage-data</name> | |||
<description>manage data</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
</operations> | |||
<roles> | |||
<role> | |||
<id>system-administrator</id> | |||
<name>System Administrator</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>edit-redback-configuration</id> | |||
<name>Edit Redback Configuration</name> | |||
<operation>configuration-edit</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>manage-rbac-setup</id> | |||
<name>User RBAC Management</name> | |||
<operation>user-management-rbac-admin</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>manage-rbac-data</id> | |||
<name>RBAC Manage Data</name> | |||
<operation>user-management-manage-data</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
<childRoles> | |||
<childRole>user-administrator</childRole> | |||
</childRoles> | |||
</role> | |||
<role> | |||
<id>user-administrator</id> | |||
<name>User Administrator</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>drop-roles-for-anyone</id> | |||
<name>Drop Roles for Anyone</name> | |||
<operation>user-management-role-drop</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>grant-roles-for-anyone</id> | |||
<name>Grant Roles for Anyone</name> | |||
<operation>user-management-role-grant</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-create</id> | |||
<name>Create Users</name> | |||
<operation>user-management-user-create</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-delete</id> | |||
<name>Delete Users</name> | |||
<operation>user-management-user-delete</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-edit</id> | |||
<name>Edit Users</name> | |||
<operation>user-management-user-edit</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>access-users-roles</id> | |||
<name>Access Users Roles</name> | |||
<operation>user-management-user-role</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>access-user-list</id> | |||
<name>Access User List</name> | |||
<operation>user-management-user-list</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
<role> | |||
<id>edit-users-list</id> | |||
<name>edit users list</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>access-user-list</id> | |||
<name>Access User List</name> | |||
<operation>user-management-user-list</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
<role> | |||
<id>registered-user</id> | |||
<name>Registered User</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>edit-user-by-username</id> | |||
<name>Edit User Data by Username</name> | |||
<operation>user-management-user-edit</operation> | |||
<resource>username</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
<role> | |||
<id>guest</id> | |||
<name>Guest</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>guest-permission</id> | |||
<name>Guest Permission</name> | |||
<operation>guest-access</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
</roles> | |||
</application> | |||
</applications> | |||
</redback-role-model> |
@@ -147,6 +147,11 @@ | |||
<artifactId>spring-test</artifactId> | |||
<scope>test</scope> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.codehaus.redback</groupId> | |||
<artifactId>redback-common-test-resources</artifactId> | |||
<scope>test</scope> | |||
</dependency> | |||
</dependencies> | |||
<build> | |||
<plugins> |
@@ -1,222 +0,0 @@ | |||
<!-- | |||
~ Licensed to the Apache Software Foundation (ASF) under one | |||
~ or more contributor license agreements. See the NOTICE file | |||
~ distributed with this work for additional information | |||
~ regarding copyright ownership. The ASF licenses this file | |||
~ to you under the Apache License, Version 2.0 (the | |||
~ "License"); you may not use this file except in compliance | |||
~ with the License. You may obtain a copy of the License at | |||
~ | |||
~ http://www.apache.org/licenses/LICENSE-2.0 | |||
~ | |||
~ Unless required by applicable law or agreed to in writing, | |||
~ software distributed under the License is distributed on an | |||
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||
~ KIND, either express or implied. See the License for the | |||
~ specific language governing permissions and limitations | |||
~ under the License. | |||
--> | |||
<redback-role-model> | |||
<modelVersion>1.0.0</modelVersion> | |||
<applications> | |||
<application> | |||
<id>Redback XWork Integration Security Core</id> | |||
<version>1.0</version> | |||
<resources> | |||
<resource> | |||
<id>global</id> | |||
<name>*</name> | |||
<permanent>true</permanent> | |||
<description> | |||
global resource implies full access for authorization | |||
</description> | |||
</resource> | |||
<resource> | |||
<id>username</id> | |||
<name>${username}</name> | |||
<permanent>true</permanent> | |||
<description> | |||
replaced with the username of the principal at authorization | |||
check time | |||
</description> | |||
</resource> | |||
</resources> | |||
<operations> | |||
<operation> | |||
<id>configuration-edit</id> | |||
<name>configuration-edit</name> | |||
<description>edit configuration</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-create</id> | |||
<name>user-management-user-create</name> | |||
<description>create user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-edit</id> | |||
<name>user-management-user-edit</name> | |||
<description>edit user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-role</id> | |||
<name>user-management-user-role</name> | |||
<description>user roles</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-delete</id> | |||
<name>user-management-user-delete</name> | |||
<description>delete user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-list</id> | |||
<name>user-management-user-list</name> | |||
<description>list users</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-role-grant</id> | |||
<name>user-management-role-grant</name> | |||
<description>grant role</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-role-drop</id> | |||
<name>user-management-role-drop</name> | |||
<description>drop role</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-rbac-admin</id> | |||
<name>user-management-rbac-admin</name> | |||
<description>administer rbac</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>guest-access</id> | |||
<name>guest-access</name> | |||
<description>access guest</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
</operations> | |||
<roles> | |||
<role> | |||
<id>system-administrator</id> | |||
<name>System Administrator</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>edit-redback-configuration</id> | |||
<name>Edit Redback Configuration</name> | |||
<operation>configuration-edit</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>manage-rbac-setup</id> | |||
<name>User RBAC Management</name> | |||
<operation>user-management-rbac-admin</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
<childRoles> | |||
<childRole>user-administrator</childRole> | |||
</childRoles> | |||
</role> | |||
<role> | |||
<id>user-administrator</id> | |||
<name>User Administrator</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>drop-roles-for-anyone</id> | |||
<name>Drop Roles for Anyone</name> | |||
<operation>user-management-role-drop</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>grant-roles-for-anyone</id> | |||
<name>Grant Roles for Anyone</name> | |||
<operation>user-management-role-grant</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-create</id> | |||
<name>Create Users</name> | |||
<operation>user-management-user-create</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-delete</id> | |||
<name>Delete Users</name> | |||
<operation>user-management-user-delete</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-edit</id> | |||
<name>Edit Users</name> | |||
<operation>user-management-user-edit</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>access-users-roles</id> | |||
<name>Access Users Roles</name> | |||
<operation>user-management-user-role</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>access-user-list</id> | |||
<name>Access User List</name> | |||
<operation>user-management-user-list</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
<role> | |||
<id>registered-user</id> | |||
<name>Registered User</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>edit-user-by-username</id> | |||
<name>Edit User Data by Username</name> | |||
<operation>user-management-user-edit</operation> | |||
<resource>username</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
<role> | |||
<id>guest</id> | |||
<name>Guest</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>guest-permission</id> | |||
<name>Guest Permission</name> | |||
<operation>guest-access</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
</roles> | |||
</application> | |||
</applications> | |||
</redback-role-model> |
@@ -128,6 +128,11 @@ | |||
<groupId>org.apache.derby</groupId> | |||
<artifactId>derby</artifactId> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.codehaus.redback</groupId> | |||
<artifactId>redback-common-test-resources</artifactId> | |||
<scope>test</scope> | |||
</dependency> | |||
</dependencies> | |||
<build> | |||
<plugins> |
@@ -1,228 +0,0 @@ | |||
<!-- | |||
~ Licensed to the Apache Software Foundation (ASF) under one | |||
~ or more contributor license agreements. See the NOTICE file | |||
~ distributed with this work for additional information | |||
~ regarding copyright ownership. The ASF licenses this file | |||
~ to you under the Apache License, Version 2.0 (the | |||
~ "License"); you may not use this file except in compliance | |||
~ with the License. You may obtain a copy of the License at | |||
~ | |||
~ http://www.apache.org/licenses/LICENSE-2.0 | |||
~ | |||
~ Unless required by applicable law or agreed to in writing, | |||
~ software distributed under the License is distributed on an | |||
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||
~ KIND, either express or implied. See the License for the | |||
~ specific language governing permissions and limitations | |||
~ under the License. | |||
--> | |||
<redback-role-model> | |||
<modelVersion>1.0.0</modelVersion> | |||
<applications> | |||
<application> | |||
<id>Redback XWork Integration Security Core</id> | |||
<version>1.0</version> | |||
<resources> | |||
<resource> | |||
<id>global</id> | |||
<name>*</name> | |||
<permanent>true</permanent> | |||
<description> | |||
global resource implies full access for authorization | |||
</description> | |||
</resource> | |||
<resource> | |||
<id>username</id> | |||
<name>${username}</name> | |||
<permanent>true</permanent> | |||
<description> | |||
replaced with the username of the principal at authorization | |||
check time | |||
</description> | |||
</resource> | |||
</resources> | |||
<operations> | |||
<operation> | |||
<id>configuration-edit</id> | |||
<name>configuration-edit</name> | |||
<description>edit configuration</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-create</id> | |||
<name>user-management-user-create</name> | |||
<description>create user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-edit</id> | |||
<name>user-management-user-edit</name> | |||
<description>edit user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-role</id> | |||
<name>user-management-user-role</name> | |||
<description>user roles</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-delete</id> | |||
<name>user-management-user-delete</name> | |||
<description>delete user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-list</id> | |||
<name>user-management-user-list</name> | |||
<description>list users</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-role-grant</id> | |||
<name>user-management-role-grant</name> | |||
<description>grant role</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-role-drop</id> | |||
<name>user-management-role-drop</name> | |||
<description>drop role</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-rbac-admin</id> | |||
<name>user-management-rbac-admin</name> | |||
<description>administer rbac</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>guest-access</id> | |||
<name>guest-access</name> | |||
<description>access guest</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>add-repository</id> | |||
<name>add-repository</name> | |||
<description>add repository</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
</operations> | |||
<roles> | |||
<role> | |||
<id>system-administrator</id> | |||
<name>System Administrator</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>edit-redback-configuration</id> | |||
<name>Edit Redback Configuration</name> | |||
<operation>configuration-edit</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>manage-rbac-setup</id> | |||
<name>User RBAC Management</name> | |||
<operation>user-management-rbac-admin</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
<childRoles> | |||
<childRole>user-administrator</childRole> | |||
</childRoles> | |||
</role> | |||
<role> | |||
<id>user-administrator</id> | |||
<name>User Administrator</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>drop-roles-for-anyone</id> | |||
<name>Drop Roles for Anyone</name> | |||
<operation>user-management-role-drop</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>grant-roles-for-anyone</id> | |||
<name>Grant Roles for Anyone</name> | |||
<operation>user-management-role-grant</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-create</id> | |||
<name>Create Users</name> | |||
<operation>user-management-user-create</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-delete</id> | |||
<name>Delete Users</name> | |||
<operation>user-management-user-delete</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-edit</id> | |||
<name>Edit Users</name> | |||
<operation>user-management-user-edit</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>access-users-roles</id> | |||
<name>Access Users Roles</name> | |||
<operation>user-management-user-role</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>access-user-list</id> | |||
<name>Access User List</name> | |||
<operation>user-management-user-list</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
<role> | |||
<id>registered-user</id> | |||
<name>Registered User</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>edit-user-by-username</id> | |||
<name>Edit User Data by Username</name> | |||
<operation>user-management-user-edit</operation> | |||
<resource>username</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
<role> | |||
<id>guest</id> | |||
<name>Guest</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>guest-permission</id> | |||
<name>Guest Permission</name> | |||
<operation>guest-access</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
</roles> | |||
</application> | |||
</applications> | |||
</redback-role-model> |
@@ -142,6 +142,11 @@ | |||
<artifactId>redback-users-memory</artifactId> | |||
<scope>test</scope> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.codehaus.redback</groupId> | |||
<artifactId>redback-common-test-resources</artifactId> | |||
<scope>test</scope> | |||
</dependency> | |||
</dependencies> | |||
<build> | |||
<pluginManagement> |
@@ -1,247 +0,0 @@ | |||
<!-- | |||
~ Licensed to the Apache Software Foundation (ASF) under one | |||
~ or more contributor license agreements. See the NOTICE file | |||
~ distributed with this work for additional information | |||
~ regarding copyright ownership. The ASF licenses this file | |||
~ to you under the Apache License, Version 2.0 (the | |||
~ "License"); you may not use this file except in compliance | |||
~ with the License. You may obtain a copy of the License at | |||
~ | |||
~ http://www.apache.org/licenses/LICENSE-2.0 | |||
~ | |||
~ Unless required by applicable law or agreed to in writing, | |||
~ software distributed under the License is distributed on an | |||
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||
~ KIND, either express or implied. See the License for the | |||
~ specific language governing permissions and limitations | |||
~ under the License. | |||
--> | |||
<redback-role-model> | |||
<modelVersion>1.0.0</modelVersion> | |||
<applications> | |||
<application> | |||
<id>System</id> | |||
<description>Roles that apply system-wide, across all of the applications</description> | |||
<version>1.0.0</version> | |||
<resources> | |||
<resource> | |||
<id>global</id> | |||
<name>*</name> | |||
<permanent>true</permanent> | |||
<description>global resource implies full access for authorization</description> | |||
</resource> | |||
<resource> | |||
<id>username</id> | |||
<name>${username}</name> | |||
<permanent>true</permanent> | |||
<description>replaced with the username of the principal at authorization check time</description> | |||
</resource> | |||
</resources> | |||
<operations> | |||
<operation> | |||
<id>configuration-edit</id> | |||
<name>configuration-edit</name> | |||
<description>edit configuration</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-create</id> | |||
<name>user-management-user-create</name> | |||
<description>create user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-edit</id> | |||
<name>user-management-user-edit</name> | |||
<description>edit user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-role</id> | |||
<name>user-management-user-role</name> | |||
<description>user roles</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-delete</id> | |||
<name>user-management-user-delete</name> | |||
<description>delete user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-list</id> | |||
<name>user-management-user-list</name> | |||
<description>list users</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-role-grant</id> | |||
<name>user-management-role-grant</name> | |||
<description>grant role</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-role-drop</id> | |||
<name>user-management-role-drop</name> | |||
<description>drop role</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-rbac-admin</id> | |||
<name>user-management-rbac-admin</name> | |||
<description>administer rbac</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>guest-access</id> | |||
<name>guest-access</name> | |||
<description>access guest</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-manage-data</id> | |||
<name>user-management-manage-data</name> | |||
<description>manage data</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
</operations> | |||
<roles> | |||
<role> | |||
<id>system-administrator</id> | |||
<name>System Administrator</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>edit-redback-configuration</id> | |||
<name>Edit Redback Configuration</name> | |||
<operation>configuration-edit</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>manage-rbac-setup</id> | |||
<name>User RBAC Management</name> | |||
<operation>user-management-rbac-admin</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>manage-rbac-data</id> | |||
<name>RBAC Manage Data</name> | |||
<operation>user-management-manage-data</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
<childRoles> | |||
<childRole>user-administrator</childRole> | |||
</childRoles> | |||
</role> | |||
<role> | |||
<id>user-administrator</id> | |||
<name>User Administrator</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>drop-roles-for-anyone</id> | |||
<name>Drop Roles for Anyone</name> | |||
<operation>user-management-role-drop</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>grant-roles-for-anyone</id> | |||
<name>Grant Roles for Anyone</name> | |||
<operation>user-management-role-grant</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-create</id> | |||
<name>Create Users</name> | |||
<operation>user-management-user-create</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-delete</id> | |||
<name>Delete Users</name> | |||
<operation>user-management-user-delete</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-edit</id> | |||
<name>Edit Users</name> | |||
<operation>user-management-user-edit</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>access-users-roles</id> | |||
<name>Access Users Roles</name> | |||
<operation>user-management-user-role</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>access-user-list</id> | |||
<name>Access User List</name> | |||
<operation>user-management-user-list</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
<role> | |||
<id>edit-users-list</id> | |||
<name>edit users list</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>access-user-list</id> | |||
<name>Access User List</name> | |||
<operation>user-management-user-list</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
<role> | |||
<id>registered-user</id> | |||
<name>Registered User</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>edit-user-by-username</id> | |||
<name>Edit User Data by Username</name> | |||
<operation>user-management-user-edit</operation> | |||
<resource>username</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
<role> | |||
<id>guest</id> | |||
<name>Guest</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>guest-permission</id> | |||
<name>Guest Permission</name> | |||
<operation>guest-access</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
</roles> | |||
</application> | |||
</applications> | |||
</redback-role-model> |