You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by ol...@apache.org on 2012/03/19 11:50:03 UTC
svn commit: r1302367 - in /archiva/trunk/archiva-modules/archiva-web:
archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/services/
archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/services/
archiva-rest/arch...
Author: olamy
Date: Mon Mar 19 10:50:02 2012
New Revision: 1302367
URL: http://svn.apache.org/viewvc?rev=1302367&view=rev
Log:
add REST method to know if user able to delete artifact on a repository
Modified:
archiva/trunk/archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/services/RepositoriesService.java
archiva/trunk/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/services/DefaultRepositoriesService.java
archiva/trunk/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/RepositoriesServiceTest.java
archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/DefaultUserRepositories.java
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/services/RepositoriesService.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/services/RepositoriesService.java?rev=1302367&r1=1302366&r2=1302367&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/services/RepositoriesService.java (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-rest/archiva-rest-api/src/main/java/org/apache/archiva/rest/api/services/RepositoriesService.java Mon Mar 19 10:50:02 2012
@@ -121,5 +121,11 @@ public interface RepositoriesService
Boolean deleteArtifact( @QueryParam( "" ) Artifact artifact, @QueryParam( "repositoryId" ) String repositoryId )
throws ArchivaRestServiceException;
+ @Path( "isAuthorizedToDeleteArtifacts/{repositoryId}" )
+ @GET
+ @Produces( { MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML, MediaType.TEXT_PLAIN } )
+ @RedbackAuthorization( noPermission = true, noRestriction = true)
+ Boolean isAuthorizedToDeleteArtifacts( @PathParam( "repositoryId" ) String repoId )
+ throws ArchivaRestServiceException;
}
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/services/DefaultRepositoriesService.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/services/DefaultRepositoriesService.java?rev=1302367&r1=1302366&r2=1302367&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/services/DefaultRepositoriesService.java (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/java/org/apache/archiva/rest/services/DefaultRepositoriesService.java Mon Mar 19 10:50:02 2012
@@ -65,6 +65,7 @@ import org.apache.archiva.scheduler.inde
import org.apache.archiva.scheduler.indexing.DownloadRemoteIndexScheduler;
import org.apache.archiva.scheduler.repository.RepositoryArchivaTaskScheduler;
import org.apache.archiva.scheduler.repository.RepositoryTask;
+import org.apache.archiva.security.ArchivaSecurityException;
import org.apache.archiva.security.common.ArchivaRoleConstants;
import org.apache.archiva.xml.XMLException;
import org.apache.commons.io.FilenameUtils;
@@ -85,6 +86,7 @@ import org.springframework.stereotype.Se
import javax.inject.Inject;
import javax.inject.Named;
+import javax.ws.rs.core.Response;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
@@ -624,13 +626,17 @@ public class DefaultRepositoriesService
public Boolean deleteArtifact( Artifact artifact, String repositoryId )
throws ArchivaRestServiceException
{
- String userName = (String) getAuditInformation().getUser().getUsername();
- if ( StringUtils.isBlank( userName ) )
+
+ if ( StringUtils.isEmpty( repositoryId ) )
{
- // TODO use constants from a class instead of magic number
- throw new ArchivaRestServiceException( "deleteArtifact call: userName not found", 403 );
+ throw new ArchivaRestServiceException( "repositoryId cannot be null", 400 );
+ }
+ if ( !isAuthorizedToDeleteArtifacts( repositoryId ) )
+ {
+ throw new ArchivaRestServiceException( "not authorized to delete artifacts", 403 );
}
+
if ( artifact == null )
{
throw new ArchivaRestServiceException( "artifact cannot be null", 400 );
@@ -646,11 +652,6 @@ public class DefaultRepositoriesService
throw new ArchivaRestServiceException( "artifact.artifactId cannot be null", 400 );
}
- if ( StringUtils.isEmpty( repositoryId ) )
- {
- throw new ArchivaRestServiceException( "repositoryId cannot be null", 400 );
- }
-
// TODO more control on artifact fields
RepositorySession repositorySession = repositorySessionFactory.createSession();
@@ -771,6 +772,24 @@ public class DefaultRepositoriesService
return Boolean.TRUE;
}
+ public Boolean isAuthorizedToDeleteArtifacts( String repoId )
+ throws ArchivaRestServiceException
+ {
+ String userName =
+ getAuditInformation().getUser() == null ? "guest" : getAuditInformation().getUser().getUsername();
+
+ try
+ {
+ boolean res = userRepositories.isAuthorizedToDeleteArtifacts( userName, repoId );
+ return res;
+ }
+ catch ( ArchivaSecurityException e )
+ {
+ throw new ArchivaRestServiceException( e.getMessage(),
+ Response.Status.INTERNAL_SERVER_ERROR.getStatusCode() );
+ }
+ }
+
public RepositoryScanStatistics scanRepositoryDirectoriesNow( String repositoryId )
throws ArchivaRestServiceException
{
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/RepositoriesServiceTest.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/RepositoriesServiceTest.java?rev=1302367&r1=1302366&r2=1302367&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/RepositoriesServiceTest.java (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/RepositoriesServiceTest.java Mon Mar 19 10:50:02 2012
@@ -152,12 +152,52 @@ public class RepositoriesServiceTest
}
}
+ @Test
+ public void authorizedToDeleteArtifacts()
+ throws Exception
+ {
+ ManagedRepository managedRepository = getTestManagedRepository( "SOURCE_REPO_ID", "SOURCE_REPO_ID" );
+ try
+ {
+ getManagedRepositoriesService( authorizationHeader ).addManagedRepository( managedRepository );
+ RepositoriesService repositoriesService = getRepositoriesService( authorizationHeader );
+ assertTrue( repositoriesService.isAuthorizedToDeleteArtifacts( managedRepository.getId() ) );
+ }
+ finally
+ {
+ getManagedRepositoriesService( authorizationHeader ).deleteManagedRepository( managedRepository.getId(),
+ true );
+ }
+ }
+
+ @Test
+ public void notAuthorizedToDeleteArtifacts()
+ throws Exception
+ {
+ ManagedRepository managedRepository = getTestManagedRepository( "SOURCE_REPO_ID", "SOURCE_REPO_ID" );
+ try
+ {
+ getManagedRepositoriesService( authorizationHeader ).addManagedRepository( managedRepository );
+ RepositoriesService repositoriesService = getRepositoriesService( guestAuthzHeader );
+ assertFalse( repositoriesService.isAuthorizedToDeleteArtifacts( managedRepository.getId() ) );
+ }
+ finally
+ {
+ getManagedRepositoriesService( authorizationHeader ).deleteManagedRepository( managedRepository.getId(),
+ true );
+ }
+ }
+
+ protected ManagedRepository getTestManagedRepository( String id, String path )
+ {
+ String location = new File( FileUtil.getBasedir(), "target/" + path ).getAbsolutePath();
+ return new ManagedRepository( id, id, location, "default", true, true, true, "2 * * * * ?", null, false, 80, 80,
+ true, false );
+ }
protected ManagedRepository getTestManagedRepository()
{
- String location = new File( FileUtil.getBasedir(), "target/test-repo" ).getAbsolutePath();
- return new ManagedRepository( "TEST", "test", location, "default", true, true, true, "2 * * * * ?", null, false,
- 80, 80, true, false );
+ return getTestManagedRepository( "TEST", "test-repo" );
}
}
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/DefaultUserRepositories.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/DefaultUserRepositories.java?rev=1302367&r1=1302366&r2=1302367&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/DefaultUserRepositories.java (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/DefaultUserRepositories.java Mon Mar 19 10:50:02 2012
@@ -205,7 +205,7 @@ public class DefaultUserRepositories
}
public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
- throws AccessDeniedException, ArchivaSecurityException
+ throws ArchivaSecurityException
{
try
{