You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@continuum.apache.org by oc...@apache.org on 2007/02/20 03:41:40 UTC
svn commit: r509415 [1/3] - in /maven/continuum/trunk:
continuum-security/src/main/java/org/apache/maven/continuum/security/profile/
continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/
continuum-webapp/src/main/java/org/apache/maven/c...
Author: oching
Date: Mon Feb 19 18:41:37 2007
New Revision: 509415
URL: http://svn.apache.org/viewvc?view=rev&rev=509415
Log:
Added isAuthorized* methods in ContinuumActionSupport for checking authorization in action classes with different permissions. Implemented SecureAction in some of the action classes that has a specific permission. Also added 'modify-project-notifier' operation in ProjectDeveloperDynamicRoleProfile.
Added:
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/exception/AuthenticationRequiredException.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/exception/AuthorizationRequiredException.java
maven/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/error/authorizationError.jsp
Modified:
maven/continuum/trunk/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ProjectGroupDeveloperDynamicRoleProfile.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildDefinitionAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildProjectAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildResultAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildResultsListAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/CancelBuildAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ContinuumActionSupport.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/DeleteProjectAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/GroupSummaryAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ProjectEditAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ProjectGroupAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ProjectViewAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ReleaseCleanupAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ReleaseInProgressAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ReleasePerformAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ReleasePrepareAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ReleaseProjectAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ReleaseProjectGoalAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ReleaseRollbackAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/SummaryAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/SurefireReportAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/WorkingCopyAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/component/BuildDefinitionSummaryAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/component/NotifierSummaryAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/AbstractGroupNotifierEditAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/AbstractNotifierEditActionSupport.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/AbstractProjectNotifierEditAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/AddGroupNotifierAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/AddProjectNotifierAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/DeleteGroupNotifierAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/DeleteProjectNotifierAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/exception/ContinuumActionException.java
maven/continuum/trunk/continuum-webapp/src/main/resources/xwork.xml
maven/continuum/trunk/continuum-webapp/src/test/java/org/apache/maven/continuum/web/action/ReleasePrepareActionTest.java
Modified: maven/continuum/trunk/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ProjectGroupDeveloperDynamicRoleProfile.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ProjectGroupDeveloperDynamicRoleProfile.java?view=diff&rev=509415&r1=509414&r2=509415
==============================================================================
--- maven/continuum/trunk/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ProjectGroupDeveloperDynamicRoleProfile.java (original)
+++ maven/continuum/trunk/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ProjectGroupDeveloperDynamicRoleProfile.java Mon Feb 19 18:41:37 2007
@@ -61,6 +61,7 @@
operations.add( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_BUILD_DEFINITION_OPERATION );
operations.add( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_NOTIFIER_OPERATION );
operations.add( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_BUILD_DEFINITION_OPERATION );
+ operations.add( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_NOTIFIER_OPERATION );
operations.add( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_IN_GROUP_OPERATION );
operations.add( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_BUILD_DEFINITION_OPERATION );
operations.add( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_NOTIFIER_OPERATION );
Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildDefinitionAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildDefinitionAction.java?view=diff&rev=509415&r1=509414&r2=509415
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildDefinitionAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildDefinitionAction.java Mon Feb 19 18:41:37 2007
@@ -24,6 +24,8 @@
import org.apache.maven.continuum.model.project.Schedule;
import org.apache.maven.continuum.model.project.Project;
import org.apache.maven.continuum.web.exception.ContinuumActionException;
+import org.apache.maven.continuum.web.exception.AuthorizationRequiredException;
+import org.apache.maven.continuum.web.exception.AuthenticationRequiredException;
import java.util.Collection;
import java.util.HashMap;
@@ -71,6 +73,8 @@
private boolean groupBuildDefinition = false;
+ private String projectGroupName = "";
+
public void prepare()
throws Exception
{
@@ -96,7 +100,6 @@
profiles = new HashMap();
}
-
}
/**
@@ -107,48 +110,67 @@
public String input()
throws ContinuumException
{
- if ( executor == null )
+ try
{
- if ( projectId != 0 )
+ if ( executor == null )
+ {
+ if ( projectId != 0 )
+ {
+ executor = getContinuum().getProject( projectId ).getExecutorId();
+ }
+ else
+ {
+ List projects = getContinuum().getProjectGroupWithProjects( projectGroupId ).getProjects();
+
+ if( projects.size() > 0 )
+ {
+ Project project = (Project) projects.get( 0 );
+ executor = project.getExecutorId();
+ }
+ }
+ }
+
+ if ( buildDefinitionId != 0 )
{
- executor = getContinuum().getProject( projectId ).getExecutorId();
+ if( isAuthorizedModifyProjectBuildDefinition( getProjectGroupName() ) ||
+ isAuthorizedModifyGroupBuildDefinition( getProjectGroupName() ) )
+ {
+ BuildDefinition buildDefinition = getContinuum().getBuildDefinition( buildDefinitionId );
+ goals = buildDefinition.getGoals();
+ arguments = buildDefinition.getArguments();
+ buildFile = buildDefinition.getBuildFile();
+ buildFresh = buildDefinition.isBuildFresh();
+ scheduleId = buildDefinition.getSchedule().getId();
+ defaultBuildDefinition = buildDefinition.isDefaultForProject();
+ }
}
else
{
- List projects = getContinuum().getProjectGroupWithProjects( projectGroupId ).getProjects();
-
- if( projects.size() > 0 )
+ if( isAuthorizedAddProjectBuildDefinition( getProjectGroupName() ) ||
+ isAuthorizedAddGroupBuildDefinition( getProjectGroupName() ) )
{
- Project project = (Project) projects.get( 0 );
- executor = project.getExecutorId();
+ if ( "maven2".equals(executor) )
+ {
+ buildFile = "pom.xml";
+ }
+ else if ( "maven-1".equals(executor) )
+ {
+ buildFile = "project.xml";
+ }
+ else if ( "ant".equals(executor) )
+ {
+ buildFile = "build.xml";
+ }
}
}
}
-
- if ( buildDefinitionId != 0 )
+ catch ( AuthenticationRequiredException authnE )
{
- BuildDefinition buildDefinition = getContinuum().getBuildDefinition( buildDefinitionId );
- goals = buildDefinition.getGoals();
- arguments = buildDefinition.getArguments();
- buildFile = buildDefinition.getBuildFile();
- buildFresh = buildDefinition.isBuildFresh();
- scheduleId = buildDefinition.getSchedule().getId();
- defaultBuildDefinition = buildDefinition.isDefaultForProject();
+ return REQUIRES_AUTHENTICATION;
}
- else
+ catch ( AuthorizationRequiredException authzE )
{
- if ( "maven2".equals(executor) )
- {
- buildFile = "pom.xml";
- }
- else if ( "maven-1".equals(executor) )
- {
- buildFile = "project.xml";
- }
- else if ( "ant".equals(executor) )
- {
- buildFile = "build.xml";
- }
+ return REQUIRES_AUTHORIZATION;
}
return SUCCESS;
@@ -175,11 +197,17 @@
{
if ( buildDefinitionId == 0 )
{
- getContinuum().addBuildDefinitionToProject( projectId, getBuildDefinitionFromInput() );
+ if ( isAuthorizedAddProjectBuildDefinition( getProjectGroupName() ) )
+ {
+ getContinuum().addBuildDefinitionToProject( projectId, getBuildDefinitionFromInput() );
+ }
}
else
{
- getContinuum().updateBuildDefinitionForProject( projectId, getBuildDefinitionFromInput() );
+ if( isAuthorizedModifyProjectBuildDefinition( getProjectGroupName() ) )
+ {
+ getContinuum().updateBuildDefinitionForProject( projectId, getBuildDefinitionFromInput() );
+ }
}
}
catch ( ContinuumActionException cae )
@@ -187,6 +215,15 @@
addActionError( cae.getMessage() );
return INPUT;
}
+ catch ( AuthorizationRequiredException authzE )
+ {
+ addActionError( authzE.getMessage() );
+ return REQUIRES_AUTHORIZATION;
+ }
+ catch ( AuthenticationRequiredException authnE )
+ {
+ return REQUIRES_AUTHENTICATION;
+ }
return SUCCESS;
}
@@ -205,11 +242,17 @@
if ( buildDefinitionId == 0 )
{
- getContinuum().addBuildDefinitionToProjectGroup( projectGroupId, newBuildDef );
+ if ( isAuthorizedAddGroupBuildDefinition( getProjectGroupName() ) )
+ {
+ getContinuum().addBuildDefinitionToProjectGroup( projectGroupId, newBuildDef );
+ }
}
else
{
- getContinuum().updateBuildDefinitionForProjectGroup( projectGroupId, newBuildDef );
+ if ( isAuthorizedModifyGroupBuildDefinition( getProjectGroupName() ) )
+ {
+ getContinuum().updateBuildDefinitionForProjectGroup( projectGroupId, newBuildDef );
+ }
}
}
catch ( ContinuumActionException cae )
@@ -217,6 +260,15 @@
addActionError( cae.getMessage() );
return INPUT;
}
+ catch ( AuthorizationRequiredException authzE )
+ {
+ addActionError( authzE.getMessage() );
+ return REQUIRES_AUTHORIZATION;
+ }
+ catch ( AuthenticationRequiredException authnE )
+ {
+ return REQUIRES_AUTHENTICATION;
+ }
if ( projectId != 0 )
{
@@ -231,31 +283,65 @@
public String removeFromProject()
throws ContinuumException
{
- if ( confirmed )
+ try
{
- getContinuum().removeBuildDefinitionFromProject( projectId, buildDefinitionId );
+ if ( isAuthorizedRemoveProjectFromGroup( getProjectGroupName() ) )
+ {
+ if ( confirmed )
+ {
+ getContinuum().removeBuildDefinitionFromProject( projectId, buildDefinitionId );
- return SUCCESS;
+ return SUCCESS;
+ }
+ else
+ {
+ return CONFIRM;
+ }
+ }
}
- else
- {
- return CONFIRM;
+ catch ( AuthorizationRequiredException authzE )
+ {
+ addActionError( authzE.getMessage() );
+ return REQUIRES_AUTHORIZATION;
}
+ catch ( AuthenticationRequiredException authnE )
+ {
+ return REQUIRES_AUTHENTICATION;
+ }
+
+ return SUCCESS;
}
public String removeFromProjectGroup()
throws ContinuumException
{
- if ( confirmed )
+ try
{
- getContinuum().removeBuildDefinitionFromProjectGroup( projectGroupId, buildDefinitionId );
+ if ( isAuthorizedRemoveProjectGroup( getProjectGroupName() ) )
+ {
+ if ( confirmed )
+ {
+ getContinuum().removeBuildDefinitionFromProjectGroup( projectGroupId, buildDefinitionId );
- return SUCCESS;
+ return SUCCESS;
+ }
+ else
+ {
+ return CONFIRM;
+ }
+ }
}
- else
+ catch ( AuthorizationRequiredException authzE )
+ {
+ addActionError( authzE.getMessage() );
+ return REQUIRES_AUTHORIZATION;
+ }
+ catch ( AuthenticationRequiredException authnE )
{
- return CONFIRM;
+ return REQUIRES_AUTHENTICATION;
}
+
+ return SUCCESS;
}
private BuildDefinition getBuildDefinitionFromInput()
@@ -428,5 +514,23 @@
public void setGroupBuildDefinition( boolean groupBuildDefinition )
{
this.groupBuildDefinition = groupBuildDefinition;
+ }
+
+ public String getProjectGroupName()
+ throws ContinuumException
+ {
+ if ( projectGroupName == null || "".equals( projectGroupName ) )
+ {
+ if ( projectGroupId != 0 )
+ {
+ projectGroupName = getContinuum().getProjectGroup( projectGroupId ).getName();
+ }
+ else
+ {
+ projectGroupName = getContinuum().getProjectGroupByProjectId( projectId ).getName();
+ }
+ }
+
+ return projectGroupName;
}
}
Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildProjectAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildProjectAction.java?view=diff&rev=509415&r1=509414&r2=509415
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildProjectAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildProjectAction.java Mon Feb 19 18:41:37 2007
@@ -20,6 +20,11 @@
*/
import org.apache.maven.continuum.ContinuumException;
+import org.apache.maven.continuum.security.ContinuumRoleConstants;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
+import org.codehaus.plexus.util.StringUtils;
/**
* @author <a href="mailto:evenisse@apache.org">Emmanuel Venisse</a>
@@ -31,6 +36,7 @@
*/
public class BuildProjectAction
extends ContinuumActionSupport
+ implements SecureAction
{
private int projectId;
@@ -42,9 +48,12 @@
private boolean fromProjectPage = false;
+ private String projectGroupName = "";
+
public String execute()
throws ContinuumException
- {
+ {
+
if ( projectId > 0 )
{
if ( buildDefinitionId > 0 )
@@ -80,6 +89,7 @@
}
}
+
return SUCCESS;
}
@@ -131,5 +141,42 @@
public void setFromProjectPage( boolean fromProjectPage )
{
this.fromProjectPage = fromProjectPage;
+ }
+
+ public String getProjectGroupName()
+ throws ContinuumException
+ {
+ if( projectGroupName == null || "".equals( projectGroupName ) )
+ {
+ if ( projectGroupId != 0 )
+ {
+ projectGroupName = getContinuum().getProjectGroup( projectGroupId ).getName();
+ }
+ else
+ {
+ projectGroupName = getContinuum().getProjectGroupByProjectId( projectId ).getName();
+ }
+ }
+
+ return projectGroupName;
+ }
+
+ public SecureActionBundle getSecureActionBundle()
+ throws SecureActionException
+ {
+ SecureActionBundle bundle = new SecureActionBundle();
+ bundle.setRequiresAuthentication( true );
+
+ try
+ {
+ bundle.addRequiredAuthorization( ContinuumRoleConstants.CONTINUUM_BUILD_PROJECT_IN_GROUP_OPERATION,
+ getProjectGroupName() );
+ }
+ catch ( ContinuumException e )
+ {
+ throw new SecureActionException( e.getMessage() );
+ }
+
+ return bundle;
}
}
Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildResultAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildResultAction.java?view=diff&rev=509415&r1=509414&r2=509415
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildResultAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildResultAction.java Mon Feb 19 18:41:37 2007
@@ -24,13 +24,15 @@
import java.util.List;
import org.apache.maven.continuum.ContinuumException;
+import org.apache.maven.continuum.security.ContinuumRoleConstants;
import org.apache.maven.continuum.web.util.StateGenerator;
import org.apache.maven.continuum.configuration.ConfigurationException;
import org.apache.maven.continuum.model.project.BuildResult;
import org.apache.maven.continuum.model.project.Project;
import org.codehaus.plexus.util.FileUtils;
-
-import javax.servlet.jsp.PageContext;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
import com.opensymphony.webwork.ServletActionContext;
@@ -44,6 +46,7 @@
*/
public class BuildResultAction
extends ContinuumActionSupport
+ implements SecureAction
{
private Project project;
@@ -61,9 +64,12 @@
private String state;
+ private String projectGroupName = "";
+
public String execute()
throws ContinuumException, ConfigurationException, IOException
{
+
//todo get this working for other types of test case rendering other then just surefire
// check if there are surefire results to display
project = getContinuum().getProject( getProjectId() );
@@ -82,6 +88,7 @@
state = StateGenerator.generate( buildResult.getState(), ServletActionContext.getRequest().getContextPath() );
+
return SUCCESS;
}
@@ -139,6 +146,36 @@
public String getState()
{
return state;
+ }
+
+ public String getProjectGroupName()
+ throws ContinuumException
+ {
+ if( projectGroupName == null || "".equals( projectGroupName ) )
+ {
+ projectGroupName = getContinuum().getProjectGroupByProjectId( getProjectId() ).getName();
+ }
+
+ return projectGroupName;
+ }
+
+ public SecureActionBundle getSecureActionBundle()
+ throws SecureActionException
+ {
+ SecureActionBundle bundle = new SecureActionBundle();
+ bundle.setRequiresAuthentication( true );
+
+ try
+ {
+ bundle.addRequiredAuthorization( ContinuumRoleConstants.CONTINUUM_VIEW_GROUP_OPERATION,
+ getProjectGroupName() );
+ }
+ catch ( ContinuumException e )
+ {
+
+ }
+
+ return bundle;
}
}
Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildResultsListAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildResultsListAction.java?view=diff&rev=509415&r1=509414&r2=509415
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildResultsListAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildResultsListAction.java Mon Feb 19 18:41:37 2007
@@ -20,7 +20,11 @@
*/
import org.apache.maven.continuum.ContinuumException;
+import org.apache.maven.continuum.security.ContinuumRoleConstants;
import org.apache.maven.continuum.model.project.Project;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
import java.util.Collection;
@@ -34,6 +38,7 @@
*/
public class BuildResultsListAction
extends ContinuumActionSupport
+ implements SecureAction
{
private Project project;
@@ -43,6 +48,8 @@
private String projectName;
+ private String projectGroupName = "";
+
public String execute()
throws ContinuumException
{
@@ -81,5 +88,34 @@
public Project getProject()
{
return project;
+ }
+
+ public String getProjectGroupName()
+ throws ContinuumException
+ {
+ if( projectGroupName == null || "".equals( projectGroupName ) )
+ {
+ projectGroupName = getContinuum().getProject( projectId ).getProjectGroup().getName();
+ }
+
+ return projectGroupName;
+ }
+
+ public SecureActionBundle getSecureActionBundle()
+ throws SecureActionException
+ {
+ SecureActionBundle bundle = new SecureActionBundle();
+ bundle.setRequiresAuthentication( true );
+
+ try
+ {
+ bundle.addRequiredAuthorization( ContinuumRoleConstants.CONTINUUM_VIEW_GROUP_OPERATION, getProjectGroupName() );
+ }
+ catch ( ContinuumException e )
+ {
+ throw new SecureActionException( e.getMessage() );
+ }
+
+ return bundle;
}
}
Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/CancelBuildAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/CancelBuildAction.java?view=diff&rev=509415&r1=509414&r2=509415
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/CancelBuildAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/CancelBuildAction.java Mon Feb 19 18:41:37 2007
@@ -20,9 +20,13 @@
*/
import org.apache.maven.continuum.ContinuumException;
+import org.apache.maven.continuum.security.ContinuumRoleConstants;
import org.apache.maven.continuum.buildqueue.BuildProjectTask;
import org.codehaus.plexus.taskqueue.Task;
import org.codehaus.plexus.taskqueue.execution.TaskQueueExecutor;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
/**
* @author <a href="mailto:evenisse@apache.org">Emmanuel Venisse</a>
@@ -32,15 +36,19 @@
*/
public class CancelBuildAction
extends ContinuumActionSupport
+ implements SecureAction
{
/** @plexus.requirement role-hint='build-project' */
private TaskQueueExecutor taskQueueExecutor;
private int projectId;
+ private String projectGroupName = "";
+
public String execute()
throws ContinuumException
{
+
Task task = taskQueueExecutor.getCurrentTask();
getLogger().info("TaskQueueExecutor: " + taskQueueExecutor );
@@ -70,11 +78,41 @@
getLogger().warn( "No task running - not cancelling" );
}
+
return SUCCESS;
}
public void setProjectId( int projectId )
{
this.projectId = projectId;
+ }
+
+ public String getProjectGroupName()
+ throws ContinuumException
+ {
+ if( projectGroupName == null || "".equals( projectGroupName ) )
+ {
+ projectGroupName = getContinuum().getProjectGroupByProjectId( projectId ).getName();
+ }
+
+ return projectGroupName;
+ }
+
+ public SecureActionBundle getSecureActionBundle()
+ throws SecureActionException {
+ SecureActionBundle bundle = new SecureActionBundle();
+ bundle.setRequiresAuthentication( true );
+
+ try
+ {
+ bundle.addRequiredAuthorization( ContinuumRoleConstants.CONTINUUM_BUILD_PROJECT_IN_GROUP_OPERATION,
+ getProjectGroupName() );
+ }
+ catch ( ContinuumException e )
+ {
+ throw new SecureActionException( e.getMessage() );
+ }
+
+ return bundle;
}
}
Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ContinuumActionSupport.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ContinuumActionSupport.java?view=diff&rev=509415&r1=509414&r2=509415
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ContinuumActionSupport.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ContinuumActionSupport.java Mon Feb 19 18:41:37 2007
@@ -20,9 +20,18 @@
*/
import org.apache.maven.continuum.Continuum;
+import org.apache.maven.continuum.web.exception.AuthenticationRequiredException;
+import org.apache.maven.continuum.web.exception.AuthorizationRequiredException;
+import org.apache.maven.continuum.security.ContinuumRoleConstants;
import org.codehaus.plexus.xwork.action.PlexusActionSupport;
+import org.codehaus.plexus.security.system.SecuritySession;
+import org.codehaus.plexus.security.system.SecuritySystem;
+import org.codehaus.plexus.security.system.SecuritySystemConstants;
+import org.codehaus.plexus.security.authorization.AuthorizationException;
+import org.codehaus.plexus.component.repository.exception.ComponentLookupException;
import com.opensymphony.xwork.Preparable;
+import com.opensymphony.xwork.ActionContext;
/**
* ContinuumActionSupport
@@ -33,7 +42,23 @@
public class ContinuumActionSupport
extends PlexusActionSupport
implements Preparable
-{
+{
+ private SecuritySession securitySession;
+
+ /**
+ * @plexus.requirement
+ */
+ private SecuritySystem securitySystem;
+
+ protected static final String REQUIRES_AUTHENTICATION = "requires-authentication";
+
+ protected static final String REQUIRES_AUTHORIZATION = "requires-authorization";
+
+ protected static final String ERROR_MSG_AUTHORIZATION_REQUIRED = "You are not authorized to access this page. " +
+ "Please contact your administrator to be granted the appropriate permissions.";
+
+ protected static final String ERROR_MSG_PROCESSING_AUTHORIZATION = "An error occurred while performing authorization.";
+
/**
* @plexus.requirement
*/
@@ -42,7 +67,10 @@
public void prepare()
throws Exception
{
-
+ if( securitySession == null )
+ {
+ securitySession = (SecuritySession) getContext().getSession().get( SecuritySystemConstants.SECURITY_SESSION_KEY );
+ }
}
public Continuum getContinuum()
@@ -53,5 +81,1128 @@
public void setContinuum( Continuum continuum )
{
this.continuum = continuum;
+ }
+
+ /**
+ * Check if the current user is authorized to view the specified project group
+ *
+ * @param resource the operation resource
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedViewProjectGroup( String resource )
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( resource != null && !"".equals( resource.trim() ) )
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_VIEW_GROUP_OPERATION, resource ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ else
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_VIEW_GROUP_OPERATION ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Check if the current user is authorized to add a project group
+ *
+ * @param resource the operation resource
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedAddProjectGroup( String resource )
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( resource != null && !"".equals( resource.trim() ) )
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_ADD_GROUP_OPERATION, resource ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ else
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_ADD_GROUP_OPERATION ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Check if the current user is authorized to delete the specified project group
+ *
+ * @param resource the operation resource
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedRemoveProjectGroup( String resource )
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( resource != null && !"".equals( resource.trim() ) )
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_OPERATION, resource ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ else
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_OPERATION ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Check if the current user is authorized to build the specified project group
+ *
+ * @param resource the operation resource
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedBuildProjectGroup( String resource )
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( resource != null && !"".equals( resource.trim() ) )
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_BUILD_GROUP_OPERATION, resource ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ else
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_BUILD_GROUP_OPERATION ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Check if the current user is authorized to modify the specified project group
+ *
+ * @param resource the operation resource
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedModifyProjectGroup( String resource )
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( resource != null && !"".equals( resource.trim() ) )
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_OPERATION, resource ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ else
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_OPERATION ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Check if the current user is authorized to add a project to a specific project group
+ *
+ * @param resource the operation resource
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedAddProjectToGroup( String resource )
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( resource != null && !"".equals( resource.trim() ) )
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_TO_GROUP_OPERATION, resource ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ else
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_TO_GROUP_OPERATION ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Check if the current user is authorized to delete a project from a specified group
+ *
+ * @param resource the operation resource
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedRemoveProjectFromGroup( String resource )
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( resource != null && !"".equals( resource.trim() ) )
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_FROM_GROUP_OPERATION, resource ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ else
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_FROM_GROUP_OPERATION ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Check if the current user is authorized to modify a project in the specified group
+ *
+ * @param resource the operation resource
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedModifyProjectInGroup( String resource )
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( resource != null && !"".equals( resource.trim() ) )
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_IN_GROUP_OPERATION, resource ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ else
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_IN_GROUP_OPERATION ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Check if the current user is authorized to build a project in the specified group
+ *
+ * @param resource the operation resource
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedBuildProjectInGroup( String resource )
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( resource != null && !"".equals( resource.trim() ) )
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_BUILD_PROJECT_IN_GROUP_OPERATION, resource ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ else
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_BUILD_PROJECT_IN_GROUP_OPERATION ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Check if the current user is authorized to add a build definition for the specified
+ * project group
+ *
+ * @param resource the operation resource
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedAddGroupBuildDefinition( String resource )
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( resource != null && !"".equals( resource.trim() ) )
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_ADD_GROUP_BUILD_DEFINTION_OPERATION, resource ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ else
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_ADD_GROUP_BUILD_DEFINTION_OPERATION ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Check if the current user is authorized to delete a build definition in the specified
+ * project group
+ *
+ * @param resource the operation resource
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedRemoveGroupBuildDefinition( String resource )
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( resource != null && !"".equals( resource.trim() ) )
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_BUILD_DEFINITION_OPERATION, resource ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ else
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_BUILD_DEFINITION_OPERATION ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Check if the current user is authorized to modify a build definition in the specified
+ * project group
+ *
+ * @param resource the operation resource
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedModifyGroupBuildDefinition( String resource )
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( resource != null && !"".equals( resource.trim() ) )
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_BUILD_DEFINITION_OPERATION, resource ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ else
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_BUILD_DEFINITION_OPERATION ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Check if the current user is authorized to add a group build definition to a specific
+ * project
+ *
+ * @param resource the operation resource
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedAddProjectBuildDefinition( String resource )
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( resource != null && !"".equals( resource.trim() ) )
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_BUILD_DEFINTION_OPERATION, resource ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ else
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_BUILD_DEFINTION_OPERATION ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Check if the current user is authorized to modify a build definition of a specific project
+ *
+ * @param resource the operation resource
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedModifyProjectBuildDefinition( String resource )
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( resource != null && !"".equals( resource.trim() ) )
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_BUILD_DEFINITION_OPERATION, resource ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ else
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_BUILD_DEFINITION_OPERATION ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Check if the current user is authorized to delete a build definition of a specific
+ * project
+ *
+ * @param resource the operation resource
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedRemoveProjectBuildDefinition( String resource )
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( resource != null && !"".equals( resource.trim() ) )
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_BUILD_DEFINITION_OPERATION, resource ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ else
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_BUILD_DEFINITION_OPERATION ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Check if the current user is authorized to add a notifier to the specified
+ * project group
+ *
+ * @param resource the operation resource
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedAddProjectGroupNotifier( String resource )
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( resource != null && !"".equals( resource.trim() ) )
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_ADD_GROUP_NOTIFIER_OPERATION, resource ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ else
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_ADD_GROUP_NOTIFIER_OPERATION ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Check if the current user is authorized to delete a notifier in the specified
+ * project group
+ *
+ * @param resource the operation resource
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedRemoveProjectGroupNotifier( String resource )
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( resource != null && !"".equals( resource.trim() ) )
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_NOTIFIER_OPERATION, resource ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ else
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_NOTIFIER_OPERATION ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Check if the current user is authorized to modify a notifier in the specified
+ * project group
+ *
+ * @param resource the operartion resource
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedModifyProjectGroupNotifier( String resource )
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( resource != null && !"".equals( resource.trim() ) )
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_NOTIFIER_OPERATION, resource ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ else
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_NOTIFIER_OPERATION ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Check if the current user is authorized to add a notifier to a specific project
+ *
+ * @param resource the operation resource
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedAddProjectNotifier( String resource )
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( resource != null && !"".equals( resource.trim() ) )
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_NOTIFIER_OPERATION, resource ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ else
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_NOTIFIER_OPERATION ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Check if the current user is authorized to delete a notifier in a specific project
+ *
+ * @param resource the operation resource
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedRemoveProjectNotifier( String resource )
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( resource != null && !"".equals( resource.trim() ) )
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_NOTIFIER_OPERATION, resource ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ else
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_NOTIFIER_OPERATION ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Check if the current user is authorized to modify a notifier in a specific project
+ *
+ * @param resource the operation resource
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedModifyProjectNotifier( String resource )
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( resource != null && !"".equals( resource.trim() ) )
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_NOTIFIER_OPERATION, resource ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ else
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_NOTIFIER_OPERATION ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Check if the current user is authorized to manage the application's configuration
+ *
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedManageConfiguration()
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_MANAGE_CONFIGURATION ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Check if the current user is authorized to manage the project build schedules
+ *
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthorizationRequiredException
+ */
+ protected boolean isAuthorizedManageSchedules()
+ throws AuthenticationRequiredException, AuthorizationRequiredException
+ {
+ if( !isAuthenticated() )
+ {
+ throw new AuthenticationRequiredException( "Authentication required." );
+ }
+
+ try
+ {
+ if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+ ContinuumRoleConstants.CONTINUUM_MANAGE_SCHEDULES ) )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+ }
+ }
+ catch ( ComponentLookupException cle )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+ }
+
+ return true;
+ }
+
+ /**
+ * Get the security session
+ *
+ * @return current SecuritySession
+ */
+ private SecuritySession getSecuritySession()
+ {
+
+ return securitySession;
+ }
+
+ /**
+ * Get the action context
+ *
+ * @return action context
+ */
+ private ActionContext getContext()
+ {
+
+ return ActionContext.getContext();
+ }
+
+ /**
+ * Get the security system
+ *
+ * @return
+ * @throws ComponentLookupException
+ */
+ private SecuritySystem getSecuritySystem()
+ throws ComponentLookupException
+ {
+
+ return securitySystem;
+ }
+
+ protected boolean requiresAuthentication()
+ {
+ return true;
+ }
+
+ /**
+ * Check if the current user is already authenticated
+ *
+ * @return
+ */
+ public boolean isAuthenticated()
+ {
+ if ( requiresAuthentication() )
+ {
+ if ( getSecuritySession() == null || !getSecuritySession().isAuthenticated() )
+ {
+ return false;
+ }
+ }
+
+ return true;
}
}
Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/DeleteProjectAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/DeleteProjectAction.java?view=diff&rev=509415&r1=509414&r2=509415
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/DeleteProjectAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/DeleteProjectAction.java Mon Feb 19 18:41:37 2007
@@ -20,7 +20,11 @@
*/
import org.apache.maven.continuum.ContinuumException;
+import org.apache.maven.continuum.security.ContinuumRoleConstants;
import org.apache.maven.continuum.model.project.Project;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
/**
* @author <a href="mailto:evenisse@apache.org">Emmanuel Venisse</a>
@@ -32,6 +36,7 @@
*/
public class DeleteProjectAction
extends ContinuumActionSupport
+ implements SecureAction
{
private int projectId;
@@ -39,6 +44,8 @@
private int projectGroupId;
+ private String projectGroupName = "";
+
public String execute()
throws ContinuumException
{
@@ -50,6 +57,7 @@
public String doDefault()
throws ContinuumException
{
+
Project project = getContinuum().getProject( projectId );
projectName = project.getName();
@@ -85,4 +93,41 @@
{
return projectGroupId;
}
+
+ public String getProjectGroupName()
+ throws ContinuumException
+ {
+ if ( projectGroupName == null || "".equals( projectGroupName ) )
+ {
+ if ( projectGroupId != 0 )
+ {
+ projectGroupName = getContinuum().getProjectGroup( projectGroupId ).getName();
+ }
+ else
+ {
+ projectGroupName = getContinuum().getProjectGroupByProjectId( projectId ).getName();
+ }
+ }
+
+ return projectGroupName;
+ }
+
+ public SecureActionBundle getSecureActionBundle()
+ throws SecureActionException {
+ SecureActionBundle bundle = new SecureActionBundle();
+ bundle.setRequiresAuthentication( true );
+
+ try
+ {
+ bundle.addRequiredAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_FROM_GROUP_OPERATION,
+ getProjectGroupName() );
+ }
+ catch ( ContinuumException e )
+ {
+ throw new SecureActionException( e.getMessage() );
+ }
+
+ return bundle;
+ }
+
}
Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/GroupSummaryAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/GroupSummaryAction.java?view=diff&rev=509415&r1=509414&r2=509415
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/GroupSummaryAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/GroupSummaryAction.java Mon Feb 19 18:41:37 2007
@@ -19,21 +19,14 @@
* under the License.
*/
-import com.opensymphony.xwork.ActionContext;
import org.apache.maven.continuum.ContinuumException;
import org.apache.maven.continuum.model.project.BuildResult;
import org.apache.maven.continuum.model.project.Project;
import org.apache.maven.continuum.model.project.ProjectGroup;
-import org.apache.maven.continuum.security.ContinuumRoleConstants;
import org.apache.maven.continuum.web.model.GroupSummary;
import org.apache.maven.continuum.web.model.ProjectSummary;
-import org.codehaus.plexus.PlexusContainer;
-import org.codehaus.plexus.component.repository.exception.ComponentLookupException;
-import org.codehaus.plexus.security.authorization.AuthorizationException;
-import org.codehaus.plexus.security.system.SecuritySession;
-import org.codehaus.plexus.security.system.SecuritySystem;
-import org.codehaus.plexus.security.system.SecuritySystemConstants;
-import org.codehaus.plexus.xwork.PlexusLifecycleListener;
+import org.apache.maven.continuum.web.exception.AuthorizationRequiredException;
+import org.apache.maven.continuum.web.exception.AuthenticationRequiredException;
import java.util.ArrayList;
import java.util.Collection;
@@ -64,7 +57,7 @@
{
ProjectGroup projectGroup = (ProjectGroup) j.next();
- if ( isAuthorized( projectGroup ) )
+ if ( isAuthorized( projectGroup.getName() ) )
{
getLogger().debug( "GroupSummaryAction: building group " + projectGroup.getName() );
@@ -198,34 +191,19 @@
this.infoMessage = infoMessage;
}
- private boolean isAuthorized( ProjectGroup projectGroup )
+ private boolean isAuthorized( String projectGroupName )
{
- // do the authz bit
- ActionContext context = ActionContext.getContext();
-
- PlexusContainer container = (PlexusContainer) context.getApplication().get( PlexusLifecycleListener.KEY );
- SecuritySession securitySession =
- (SecuritySession) context.getSession().get( SecuritySystemConstants.SECURITY_SESSION_KEY );
-
try
{
- SecuritySystem securitySystem = (SecuritySystem) container.lookup( SecuritySystem.ROLE );
-
- if ( !securitySystem.isAuthorized( securitySession, ContinuumRoleConstants.CONTINUUM_VIEW_GROUP_OPERATION,
- projectGroup.getName() ) )
- {
- return false;
- }
+ return isAuthorizedViewProjectGroup( projectGroupName );
}
- catch ( ComponentLookupException cle )
+ catch ( AuthorizationRequiredException authzE )
{
return false;
}
- catch ( AuthorizationException ae )
+ catch ( AuthenticationRequiredException authnE )
{
return false;
}
-
- return true;
}
}
Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ProjectEditAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ProjectEditAction.java?view=diff&rev=509415&r1=509414&r2=509415
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ProjectEditAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ProjectEditAction.java Mon Feb 19 18:41:37 2007
@@ -20,7 +20,11 @@
*/
import org.apache.maven.continuum.ContinuumException;
+import org.apache.maven.continuum.security.ContinuumRoleConstants;
import org.apache.maven.continuum.model.project.Project;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
/**
* @author <a href="mailto:evenisse@apache.org">Emmanuel Venisse</a>
@@ -32,6 +36,7 @@
*/
public class ProjectEditAction
extends ContinuumActionSupport
+ implements SecureAction
{
private Project project;
@@ -188,4 +193,30 @@
{
return scmUseCache;
}
+
+ public String getProjectGroupName()
+ throws ContinuumException
+ {
+ return getProject( projectId ).getProjectGroup().getName();
+ }
+
+ public SecureActionBundle getSecureActionBundle()
+ throws SecureActionException
+ {
+ SecureActionBundle bundle = new SecureActionBundle();
+ bundle.setRequiresAuthentication( true );
+
+ try
+ {
+ bundle.addRequiredAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_IN_GROUP_OPERATION,
+ getProjectGroupName() );
+ }
+ catch ( ContinuumException e )
+ {
+ throw new SecureActionException( e.getMessage() );
+ }
+
+ return bundle;
+ }
+
}