This is an automated email from the ASF dual-hosted git repository. martin_s pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/archiva-redback-core.git
commit 4e8adffac299202482e3867e2192356475613fab Author: Martin Stockhammer <[email protected]> AuthorDate: Mon Nov 16 12:01:06 2020 +0100 Adding model information to roles --- redback-rbac/redback-rbac-model/pom.xml | 4 + .../archiva/redback/rbac/AbstractRBACManager.java | 21 ++ .../apache/archiva/redback/rbac/RBACManager.java | 250 ++++++++++++++++----- .../java/org/apache/archiva/redback/rbac/Role.java | 4 +- .../redback/rbac/cached/CachedRbacManager.java | 72 +++++- .../src/main/resources/META-INF/spring-context.xml | 11 + .../redback-rbac-jpa/pom.xml | 5 + .../archiva/redback/rbac/jpa/JpaRbacManager.java | 65 +++++- .../archiva/redback/rbac/jpa/model/JpaRole.java | 5 + .../archiva/redback/rbac/ldap/LdapRbacManager.java | 82 +++++-- .../redback/rbac/memory/MemoryRbacManager.java | 43 +++- .../archiva/redback/role/DefaultRoleManager.java | 27 ++- .../apache/archiva/redback/role/RoleManager.java | 14 +- .../role/processor/DefaultRoleModelProcessor.java | 3 + .../template/DefaultRoleTemplateProcessor.java | 7 +- .../redback/role/AbstractRoleManagerTest.java | 4 +- 16 files changed, 503 insertions(+), 114 deletions(-) diff --git a/redback-rbac/redback-rbac-model/pom.xml b/redback-rbac/redback-rbac-model/pom.xml index 64e7362..99b88e8 100644 --- a/redback-rbac/redback-rbac-model/pom.xml +++ b/redback-rbac/redback-rbac-model/pom.xml @@ -56,6 +56,10 @@ <groupId>jakarta.annotation</groupId> <artifactId>jakarta.annotation-api</artifactId> </dependency> + <dependency> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + </dependency> </dependencies> diff --git a/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/AbstractRBACManager.java b/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/AbstractRBACManager.java index 9ba04b4..8ace7e6 100644 --- a/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/AbstractRBACManager.java +++ b/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/AbstractRBACManager.java @@ -16,6 +16,7 @@ package org.apache.archiva.redback.rbac; * limitations under the License. */ +import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; @@ -186,6 +187,12 @@ public abstract class AbstractRBACManager } @Override + public Role createRole(String name) { + final String id = DigestUtils.sha1Hex( name ); + return createRole( id, name ); + } + + @Override public void removeRole( String roleName ) throws RbacObjectNotFoundException, RbacManagerException { @@ -193,6 +200,12 @@ public abstract class AbstractRBACManager } @Override + public void removeRoleById( String id ) throws RbacManagerException + { + removeRole( getRoleById( id ) ); + } + + @Override public void removePermission( String permissionName ) throws RbacObjectNotFoundException, RbacManagerException { @@ -359,6 +372,14 @@ public abstract class AbstractRBACManager } @Override + public boolean roleExistsById( final String id ) + throws RbacManagerException + { + return getAllRoles( ).stream( ).filter( role -> StringUtils.equals( role.getId( ), id ) ) + .findAny( ).isPresent( ); + } + + @Override public boolean userAssignmentExists( String principal ) { try diff --git a/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/RBACManager.java b/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/RBACManager.java index 9299cb0..11b56db 100644 --- a/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/RBACManager.java +++ b/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/RBACManager.java @@ -25,11 +25,12 @@ import java.util.Map; import java.util.Set; /** - * RBACManager + * Manages the roles, permissions and operations of the RBAC system. * * @author Jesse McConnell * @author <a href="mailto:[email protected]";>Joakim Erdfelt</a> - * TODO expand on javadoc + * @author Martin Stockhammer <[email protected]> + * */ public interface RBACManager { @@ -55,71 +56,171 @@ public interface RBACManager Role createRole( String name ); /** + * Creates a new role with the given id and role name. + * @param id the role identifier, which must be unique + * @param name the role name, which must be unique + * @return the new role instance + */ + Role createRole(String id, String name); + + /** * Tests for the existence of a Role. * * @return true if role exists in store. - * @throws RbacManagerException + * @throws RbacManagerException if the access to the backend datastore failed */ boolean roleExists( String name ) throws RbacManagerException; + /** + * Returns <code>true</code>, if a role with the given id exists. + * @param id the role id + * @return <code>true</code>, if the role with the given id exists, otherwise <code>false</code> + * @throws RbacManagerException if the access to the backend datastore failed + */ + boolean roleExistsById( String id ) throws RbacManagerException; + + /** + * Returns true, if the given role exists. + * + * @param role the role to check + * @return <code>true</code>, if the role exists, otherwise <code>false</code> + * @throws RbacManagerException if the access to the backend datastore failed + */ boolean roleExists( Role role ) throws RbacManagerException; + /** + * Persists the given role to the backend datastore. + * + * @param role the role to save + * @return the persisted role, if the method was successful + * @throws RbacObjectInvalidException if the given role object was not valid + * @throws RbacManagerException if the access to the backend datastore failed + */ Role saveRole( Role role ) throws RbacObjectInvalidException, RbacManagerException; + /** + * Persists all of the given roles to the backend datastore. + * Implementations should try to save all role instances and throw exceptions afterwards. + * + * @param roles the list of roles to save + * @throws RbacObjectInvalidException if one of the given role objects was not valid + * @throws RbacManagerException if the access to the backend datastore failed + */ void saveRoles( Collection<Role> roles ) throws RbacObjectInvalidException, RbacManagerException; /** - * @param roleName - * @return - * @throws RbacObjectNotFoundException - * @throws RbacManagerException + * Returns the role identified by the given name + * + * @param roleName the role name + * @return the role instance, if a role by this name was found + * @throws RbacObjectNotFoundException if not role was found with the given name + * @throws RbacManagerException if the access to the underlying datastore failed */ Role getRole( String roleName ) throws RbacObjectNotFoundException, RbacManagerException; + /** + * Returns the role identified by the given ID + * @param id the role id + * @return the role object, if the role with the given id exists + * @throws RbacObjectNotFoundException if no role was found with the given id + * @throws RbacManagerException if the access to the underlying datastore failed + */ + Role getRoleById( String id ) throws RbacObjectNotFoundException, RbacManagerException; + + /** + * Returns the role instances for the given role names. + * + * @param roleNames the list of role names. + * @return a map of (name,role) pairs + * @throws RbacObjectNotFoundException if one of the given roles was not found + * @throws RbacManagerException if the access to the backend datastore failed + */ Map<String, ? extends Role> getRoles( Collection<String> roleNames ) throws RbacObjectNotFoundException, RbacManagerException; + /** + * Adds a child to a role. + * + * @param role the parent role + * @param childRole the child role, that is added to the parent role + * @throws RbacObjectInvalidException if one of the role objects was not valid + * @throws RbacManagerException if the access to the backend datastore failed + */ void addChildRole( Role role, Role childRole ) throws RbacObjectInvalidException, RbacManagerException; + /** + * Returns all the child roles of a given role. + * @param role the parent role + * @return the list of child roles + * @throws RbacManagerException if the access to the backend datastore failed + */ Map<String, ? extends Role> getChildRoles( Role role ) throws RbacManagerException; + /** + * Returns all the parent roles of a given role. + * @param role the role to check for parent roles + * @return the list of parent roles that have <code>role</code> als child + * @throws RbacManagerException if the access to the backend datastore failed + */ Map<String, ? extends Role> getParentRoles( Role role ) throws RbacManagerException; /** - * Method getRoles + * Returns all roles defined in the datastore. + * + * @return the list of roles defined in the datastore + * @throws RbacManagerException if the access to the backend datastore failed */ List<? extends Role> getAllRoles() throws RbacManagerException; /** - * Method getEffectiveRoles + * Returns all effective roles. Which means a list with the current role and all child roles recursively. + * + * @param role the role to use as starting point + * @return the set of roles that are found as children of the given role + * @throws RbacObjectNotFoundException if the given role was not found + * @throws RbacManagerException if the access to the backend datastore failed */ Set<? extends Role> getEffectiveRoles( Role role ) throws RbacObjectNotFoundException, RbacManagerException; /** - * Method removeRole + * Removes the given role from the datastore. * - * @param role + * @param role the role to remove + * @throws RbacManagerException if the access to the backend datastore failed + * @throws RbacObjectNotFoundException if the given role was not found + * @throws RbacObjectInvalidException if the given role has invalid data */ void removeRole( Role role ) throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException; /** - * Method removeRole + * Removes the role with the given name from the datastore. * - * @param roleName + * @param roleName the role name + * @throws RbacObjectNotFoundException if the role with the given name was not found + * @throws RbacManagerException if the access to the backend datastore failed */ void removeRole( String roleName ) - throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException; + throws RbacObjectNotFoundException, RbacManagerException; + + /** + * Removes the role with the given id from the datastore. + * + * @param id the role id + * @throws RbacObjectNotFoundException if no role with the given id was found + * @throws RbacManagerException if the access to the backend datastore failed + */ + void removeRoleById( String id ) throws RbacObjectNotFoundException, RbacManagerException; // ------------------------------------------------------------------ // Permission Methods @@ -133,7 +234,7 @@ public interface RBACManager * * @param name the name. * @return the new Permission. - * @throws RbacManagerException + * @throws RbacManagerException if the access to the backend datastore failed */ Permission createPermission( String name ) throws RbacManagerException; @@ -148,7 +249,7 @@ public interface RBACManager * @param operationName the {@link Operation#setName(String)} value * @param resourceIdentifier the {@link Resource#setIdentifier(String)} value * @return the new Permission. - * @throws RbacManagerException + * @throws RbacManagerException if the access to the backend datastore failed */ Permission createPermission( String name, String operationName, String resourceIdentifier ) throws RbacManagerException; @@ -163,18 +264,22 @@ public interface RBACManager boolean permissionExists( Permission permission ); + @SuppressWarnings( "DuplicateThrows" ) Permission savePermission( Permission permission ) throws RbacObjectInvalidException, RbacManagerException; + @SuppressWarnings( "DuplicateThrows" ) Permission getPermission( String permissionName ) throws RbacObjectNotFoundException, RbacManagerException; List<? extends Permission> getAllPermissions() throws RbacManagerException; + @SuppressWarnings( "DuplicateThrows" ) void removePermission( Permission permission ) throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException; + @SuppressWarnings( "DuplicateThrows" ) void removePermission( String permissionName ) throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException; @@ -190,7 +295,7 @@ public interface RBACManager * * @param name the name. * @return the new Operation. - * @throws RbacManagerException + * @throws RbacManagerException if the access to the backend datastore failed */ Operation createOperation( String name ) throws RbacManagerException; @@ -204,21 +309,24 @@ public interface RBACManager * * @param operation the operation to save (new or existing) * @return the Operation that was saved. - * @throws RbacObjectInvalidException - * @throws RbacManagerException + * @throws RbacObjectInvalidException if the object is not valid and cannot be saved + * @throws RbacManagerException if the access to the backend datastore failed */ Operation saveOperation( Operation operation ) throws RbacObjectInvalidException, RbacManagerException; + @SuppressWarnings( "DuplicateThrows" ) Operation getOperation( String operationName ) throws RbacObjectNotFoundException, RbacManagerException; List<? extends Operation> getAllOperations() throws RbacManagerException; + @SuppressWarnings( "DuplicateThrows" ) void removeOperation( Operation operation ) throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException; + @SuppressWarnings( "DuplicateThrows" ) void removeOperation( String operationName ) throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException; @@ -234,7 +342,7 @@ public interface RBACManager * * @param identifier the identifier. * @return the new Resource. - * @throws RbacManagerException + * @throws RbacManagerException if the access to the backend datastore failed */ Resource createResource( String identifier ) throws RbacManagerException; @@ -243,18 +351,22 @@ public interface RBACManager boolean resourceExists( Resource resource ); + @SuppressWarnings( "DuplicateThrows" ) Resource saveResource( Resource resource ) throws RbacObjectInvalidException, RbacManagerException; + @SuppressWarnings( "DuplicateThrows" ) Resource getResource( String resourceIdentifier ) throws RbacObjectNotFoundException, RbacManagerException; List<? extends Resource> getAllResources() throws RbacManagerException; + @SuppressWarnings( "DuplicateThrows" ) void removeResource( Resource resource ) throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException; + @SuppressWarnings( "DuplicateThrows" ) void removeResource( String resourceIdentifier ) throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException; @@ -270,7 +382,7 @@ public interface RBACManager * * @param principal the principal reference to the user. * @return the new UserAssignment object. - * @throws RbacManagerException + * @throws RbacManagerException if the access to the backend datastore failed */ UserAssignment createUserAssignment( String principal ) throws RbacManagerException; @@ -282,22 +394,29 @@ public interface RBACManager /** * Method saveUserAssignment * - * @param userAssignment + * @param userAssignment the user assignment instance to save + * @throws RbacObjectInvalidException if the instance has invalid data and cannot be saved + * @throws RbacManagerException if the access to the backend datastore failed */ UserAssignment saveUserAssignment( UserAssignment userAssignment ) throws RbacObjectInvalidException, RbacManagerException; + @SuppressWarnings( "DuplicateThrows" ) UserAssignment getUserAssignment( String principal ) throws RbacObjectNotFoundException, RbacManagerException; /** - * Method getAssignments + * Returns all user assignments defined + * @return list of assignments + * @throws RbacManagerException if the access to the backend datastore failed */ List<? extends UserAssignment> getAllUserAssignments() throws RbacManagerException; /** - * Method getUserAssignmentsForRoless + * Returns the assignments for the given roles + * @param roleNames collection of role names + * @throws RbacManagerException if the access to the backend datastore failed */ List<? extends UserAssignment> getUserAssignmentsForRoles( Collection<String> roleNames ) throws RbacManagerException; @@ -305,7 +424,10 @@ public interface RBACManager /** * Method removeAssignment * - * @param userAssignment + * @param userAssignment the assignment to remove + * @throws RbacObjectNotFoundException if the assignment was not found + * @throws RbacObjectInvalidException if the provided assignment instance has invalid data + * @throws RbacManagerException if the access to the backend datastore failed */ void removeUserAssignment( UserAssignment userAssignment ) throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException; @@ -313,7 +435,10 @@ public interface RBACManager /** * Method removeAssignment * - * @param principal + * @param principal the principal for which the assignment should be removed + * @throws RbacObjectNotFoundException if the user with the given principal name was not found + * @throws RbacObjectInvalidException if the principal string was invalid + * @throws RbacManagerException if the access to the backend datastore failed */ void removeUserAssignment( String principal ) throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException; @@ -323,15 +448,15 @@ public interface RBACManager // ------------------------------------------------------------------ /** - * returns the active roles for a given principal + * Returns the active roles for a given principal * - * NOTE: roles that are returned might have have roles themselves, if + * NOTE: roles that are returned might have parent roles themselves, if * you just want all permissions then use {@link #getAssignedPermissions(String principal)} * - * @param principal + * @param principal the user principal to search for assignments * @return Collection of {@link Role} objects. - * @throws RbacObjectNotFoundException - * @throws RbacManagerException + * @throws RbacObjectNotFoundException if the user with the given principal name was not found + * @throws RbacManagerException if the access to the backend datastore failed */ Collection<? extends Role> getAssignedRoles( String principal ) throws RbacObjectNotFoundException, RbacManagerException; @@ -339,8 +464,10 @@ public interface RBACManager /** * Get the Collection of {@link Role} objects for this UserAssignment. * - * @param userAssignment + * @param userAssignment the user assignment instance * @return Collection of {@link Role} objects for the provided UserAssignment. + * @throws RbacObjectNotFoundException if the assignment could not be found + * @throws RbacManagerException if the access to the backend datastore failed */ Collection<? extends Role> getAssignedRoles( UserAssignment userAssignment ) throws RbacObjectNotFoundException, RbacManagerException; @@ -349,10 +476,10 @@ public interface RBACManager * Get a list of all assignable roles that are currently not effectively assigned to the specific user, * meaning, not a child of any already granted role * - * @param principal - * @return - * @throws RbacManagerException - * @throws RbacObjectNotFoundException + * @param principal the user principal + * @return the list of roles, that are currently not assigned to the user, or a empty list, if no such role was found. + * @throws RbacManagerException if the access to the backend datastore failed + * @throws RbacObjectNotFoundException if the user with the given principal was not found */ Collection<? extends Role> getEffectivelyUnassignedRoles( String principal ) throws RbacManagerException, RbacObjectNotFoundException; @@ -360,10 +487,10 @@ public interface RBACManager /** * Get a list of the effectively assigned roles to the specified user, this includes child roles * - * @param principal - * @return - * @throws RbacObjectNotFoundException - * @throws RbacManagerException + * @param principal the user principal + * @return the list of roles effectively assigned to the given user + * @throws RbacObjectNotFoundException if the user with the given principal was not found + * @throws RbacManagerException if the access to the backend datastore failed */ Collection<? extends Role> getEffectivelyAssignedRoles( String principal ) throws RbacObjectNotFoundException, RbacManagerException; @@ -371,22 +498,22 @@ public interface RBACManager /** * Get a list of all assignable roles that are currently not assigned to the specific user. * - * @param principal - * @return - * @throws RbacManagerException - * @throws RbacObjectNotFoundException + * @param principal the user principal name + * @return the list of roles not assigned to the given user + * @throws RbacManagerException if the access to the backend datastore failed + * @throws RbacObjectNotFoundException if the user with the given principal was not found */ Collection<? extends Role> getUnassignedRoles( String principal ) throws RbacManagerException, RbacObjectNotFoundException; /** - * returns a set of all permissions that are in all active roles for a given - * principal + * Returns a set of all permissions that are in all active roles for a given + * principal. This includes permissions from all assigned parent roles. * - * @param principal - * @return - * @throws RbacObjectNotFoundException - * @throws RbacManagerException + * @param principal the user principal name + * @return the list of all permissions assigned to the user + * @throws RbacObjectNotFoundException if the user with the given principal name was not found + * @throws RbacManagerException if the access to the backend datastore failed */ Set<? extends Permission> getAssignedPermissions( String principal ) throws RbacObjectNotFoundException, RbacManagerException; @@ -394,29 +521,28 @@ public interface RBACManager /** * returns a map of assigned permissions keyed off of operation with a list value of Permissions * - * @param principal - * @return - * @throws RbacObjectNotFoundException - * @throws RbacManagerException + * @param principal the user principal name + * @return the map of (operation,permission list) pairs + * @throws RbacObjectNotFoundException if the user with the given principal was not found + * @throws RbacManagerException if the access to the backend datastore failed */ Map<String, List<? extends Permission>> getAssignedPermissionMap( String principal ) throws RbacObjectNotFoundException, RbacManagerException; /** - * returns a list of all assignable roles + * Returns a list of all assignable roles * - * @return - * @throws RbacManagerException - * @throws RbacObjectNotFoundException + * @return list of assignable roles + * @throws RbacManagerException if the access to the backend datastore failed */ List<? extends Role> getAllAssignableRoles() - throws RbacManagerException, RbacObjectNotFoundException; + throws RbacManagerException; /** - * returns the global resource object + * Returns the global resource object * - * @return - * @throws RbacManagerException + * @return the global resource object + * @throws RbacManagerException if the access to the backend datastore failed */ Resource getGlobalResource() throws RbacManagerException; diff --git a/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/Role.java b/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/Role.java index 6990273..407be44 100644 --- a/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/Role.java +++ b/redback-rbac/redback-rbac-model/src/main/java/org/apache/archiva/redback/rbac/Role.java @@ -157,9 +157,7 @@ public interface Role * @since 3.0 * @return the role identifier */ - default String getId() { - return StringUtils.isEmpty( getModelId() )?getName():(isTemplateInstance()?getModelId()+"."+getResource():getModelId()); - } + String getId(); /** * Sets the role id diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-cached/src/main/java/org/apache/archiva/redback/rbac/cached/CachedRbacManager.java b/redback-rbac/redback-rbac-providers/redback-rbac-cached/src/main/java/org/apache/archiva/redback/rbac/cached/CachedRbacManager.java index 01bbc50..8ffc360 100644 --- a/redback-rbac/redback-rbac-providers/redback-rbac-cached/src/main/java/org/apache/archiva/redback/rbac/cached/CachedRbacManager.java +++ b/redback-rbac/redback-rbac-providers/redback-rbac-cached/src/main/java/org/apache/archiva/redback/rbac/cached/CachedRbacManager.java @@ -74,6 +74,10 @@ public class CachedRbacManager private Cache<String, Role> rolesCache; @Inject + @Named( value = "cache#rolesById" ) + private Cache<String, Role> rolesByIdCache; + + @Inject @Named( value = "cache#userAssignments" ) private Cache<String, UserAssignment> userAssignmentsCache; @@ -147,11 +151,26 @@ public class CachedRbacManager @Override public Role createRole( String name ) { - rolesCache.remove( name ); + if (rolesCache.hasKey( name )) + { + Role role = rolesCache.remove( name ); + rolesByIdCache.remove( role.getId( ) ); + } return this.rbacImpl.createRole( name ); } @Override + public Role createRole( String id, String name ) + { + if (rolesByIdCache.hasKey( id )) + { + Role role = rolesByIdCache.remove( id ); + rolesCache.remove( role.getName( ) ); + } + return this.rbacImpl.createRole( id, name ); + } + + @Override public UserAssignment createUserAssignment( String principal ) throws RbacManagerException { @@ -397,11 +416,22 @@ public class CachedRbacManager { Role role = this.rbacImpl.getRole( roleName ); rolesCache.put( roleName, role ); + rolesByIdCache.put( role.getId( ), role ); return role; } } @Override + public Role getRoleById( String id ) throws RbacObjectNotFoundException, RbacManagerException + { + if (rolesByIdCache.hasKey( id )) { + return rolesByIdCache.get( id ); + } else { + return this.rbacImpl.getRoleById( id ); + } + } + + @Override public Map<String, ? extends Role> getRoles( Collection<String> roleNames ) throws RbacObjectNotFoundException, RbacManagerException { @@ -508,6 +538,7 @@ public class CachedRbacManager this.operationsCache.clear(); this.permissionsCache.clear(); this.rolesCache.clear(); + this.rolesByIdCache.clear(); this.userAssignmentsCache.clear(); this.userPermissionsCache.clear(); } @@ -644,11 +675,24 @@ public class CachedRbacManager public void removeRole( String roleName ) throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException { - rolesCache.remove( roleName ); + Role role = rolesCache.remove( roleName ); + if (role!=null) { + rolesByIdCache.remove( role.getId( ) ); + } this.rbacImpl.removeRole( roleName ); } @Override + public void removeRoleById( String id ) throws RbacObjectNotFoundException, RbacManagerException + { + Role role = rolesByIdCache.remove( id ); + if (role!=null) { + rolesCache.remove( role.getName( ) ); + } + this.rbacImpl.removeRoleById( id ); + } + + @Override public void removeUserAssignment( String principal ) throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException { @@ -690,7 +734,7 @@ public class CachedRbacManager public boolean roleExists( Role role ) throws RbacManagerException { - if ( rolesCache.hasKey( role.getName() ) ) + if ( rolesByIdCache.hasKey( role.getId() ) ) { return true; } @@ -711,6 +755,16 @@ public class CachedRbacManager } @Override + public boolean roleExistsById( String id ) throws RbacManagerException + { + if (rolesByIdCache.hasKey( id )) { + return true; + } else { + return this.rbacImpl.roleExistsById( id ); + } + } + + @Override public Operation saveOperation( Operation operation ) throws RbacObjectInvalidException, RbacManagerException { @@ -819,6 +873,7 @@ public class CachedRbacManager if ( role != null ) { rolesCache.remove( role.getName() ); + rolesByIdCache.remove( role.getId( ) ); // if a role changes we need to invalidate the entire effective role set cache // since we have no concept of the heirarchy involved in the role sets effectiveRoleSetCache.clear(); @@ -909,12 +964,23 @@ public class CachedRbacManager return rolesCache; } + @SuppressWarnings( "unchecked" ) public void setRolesCache( Cache<String, ? extends Role> rolesCache ) { this.rolesCache = (Cache<String, Role>) rolesCache; } + public Cache<String, ? extends Role> getRolesByIdCache( ) + { + return rolesByIdCache; + } + + public void setRolesByIdCache( Cache<String, ? extends Role> rolesByIdCache ) + { + this.rolesByIdCache = (Cache<String, Role>) rolesByIdCache; + } + public Cache<String, ? extends UserAssignment> getUserAssignmentsCache() { return userAssignmentsCache; diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-cached/src/main/resources/META-INF/spring-context.xml b/redback-rbac/redback-rbac-providers/redback-rbac-cached/src/main/resources/META-INF/spring-context.xml index b1054ca..33541b8 100644 --- a/redback-rbac/redback-rbac-providers/redback-rbac-cached/src/main/resources/META-INF/spring-context.xml +++ b/redback-rbac/redback-rbac-providers/redback-rbac-cached/src/main/resources/META-INF/spring-context.xml @@ -75,6 +75,17 @@ <property name="timeToLiveSeconds" value="14400"/> </bean> + <bean name="cache#rolesById" class="org.apache.archiva.components.cache.ehcache.EhcacheCache" + init-method="initialize"> + <property name="diskPersistent" value="false"/> + <property name="eternal" value="false"/> + <property name="maxElementsInMemory" value="1000"/> + <property name="memoryEvictionPolicy" value="LRU"/> + <property name="name" value="roles"/> + <property name="timeToIdleSeconds" value="1800"/> + <property name="timeToLiveSeconds" value="14400"/> + </bean> + <bean name="cache#effectiveRoleSet" class="org.apache.archiva.components.cache.ehcache.EhcacheCache" init-method="initialize"> <property name="diskPersistent" value="false"/> diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-jpa/pom.xml b/redback-rbac/redback-rbac-providers/redback-rbac-jpa/pom.xml index 51c8c95..9b89d7d 100644 --- a/redback-rbac/redback-rbac-providers/redback-rbac-jpa/pom.xml +++ b/redback-rbac/redback-rbac-providers/redback-rbac-jpa/pom.xml @@ -108,6 +108,11 @@ <artifactId>hsqldb</artifactId> <scope>test</scope> </dependency> + + <dependency> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + </dependency> </dependencies> <build> diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-jpa/src/main/java/org/apache/archiva/redback/rbac/jpa/JpaRbacManager.java b/redback-rbac/redback-rbac-providers/redback-rbac-jpa/src/main/java/org/apache/archiva/redback/rbac/jpa/JpaRbacManager.java index c423370..0c7a9da 100644 --- a/redback-rbac/redback-rbac-providers/redback-rbac-jpa/src/main/java/org/apache/archiva/redback/rbac/jpa/JpaRbacManager.java +++ b/redback-rbac/redback-rbac-providers/redback-rbac-jpa/src/main/java/org/apache/archiva/redback/rbac/jpa/JpaRbacManager.java @@ -35,6 +35,7 @@ import org.apache.archiva.redback.rbac.jpa.model.JpaPermission; import org.apache.archiva.redback.rbac.jpa.model.JpaResource; import org.apache.archiva.redback.rbac.jpa.model.JpaRole; import org.apache.archiva.redback.rbac.jpa.model.JpaUserAssignment; +import org.apache.commons.codec.digest.DigestUtils; import org.springframework.stereotype.Service; import javax.persistence.EntityManager; @@ -43,6 +44,9 @@ import javax.persistence.PersistenceContext; import javax.persistence.Query; import javax.persistence.TypedQuery; import javax.transaction.Transactional; +import java.io.UnsupportedEncodingException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.Collection; import java.util.List; @@ -68,14 +72,51 @@ public class JpaRbacManager extends AbstractRBACManager { } - @Override - public Role createRole(String name) { - JpaRole role = new JpaRole(); - role.setName(name); + public Role createRole( String id, String name ) + { + JpaRole role = new JpaRole( ); + role.setId( id ); + role.setName( name ); return role; } + @Override + public boolean roleExistsById( String id ) throws RbacManagerException + { + final EntityManager em = getEm(); + TypedQuery<Long> q = em.createQuery("SELECT COUNT(r) FROM JpaRole r WHERE r.id = :roleid", Long.class); + q.setParameter("roleid",id); + Long num; + try { + num = q.getSingleResult(); + } catch (NoResultException ex) { + return false; + } + return num>0; + } + + @Override + public boolean roleExists( String name ) throws RbacManagerException + { + final EntityManager em = getEm(); + TypedQuery<Long> q = em.createQuery("SELECT COUNT(r) FROM JpaRole r WHERE r.name = :rolename", Long.class); + q.setParameter("rolename",name); + Long num; + try { + num = q.getSingleResult(); + } catch (NoResultException ex) { + return false; + } + return num>0; + } + + @Override + public boolean roleExists( Role role ) throws RbacManagerException + { + return this.roleExistsById( role.getId() ); + } + @Transactional @Override public Role saveRole(Role role) throws RbacObjectInvalidException, RbacManagerException { @@ -144,6 +185,22 @@ public class JpaRbacManager extends AbstractRBACManager { } @Override + public Role getRoleById( String id ) throws RbacObjectNotFoundException, RbacManagerException + { + final EntityManager em = getEm(); + TypedQuery<JpaRole> q = em.createQuery("SELECT r FROM JpaRole r WHERE r.id = :roleid", JpaRole.class); + q.setParameter("roleid",id); + Role role; + try { + role = q.getSingleResult(); + } catch (NoResultException ex) { + log.warn("Role {} not found", id); + throw new RbacObjectNotFoundException("Role not found "+id); + } + return role; + } + + @Override public List<? extends Role> getAllRoles() throws RbacManagerException { final EntityManager em = getEm(); TypedQuery<JpaRole> q = em.createQuery("SELECT r FROM JpaRole r", JpaRole.class); diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-jpa/src/main/java/org/apache/archiva/redback/rbac/jpa/model/JpaRole.java b/redback-rbac/redback-rbac-providers/redback-rbac-jpa/src/main/java/org/apache/archiva/redback/rbac/jpa/model/JpaRole.java index 323a73f..d21eb6a 100644 --- a/redback-rbac/redback-rbac-providers/redback-rbac-jpa/src/main/java/org/apache/archiva/redback/rbac/jpa/model/JpaRole.java +++ b/redback-rbac/redback-rbac-providers/redback-rbac-jpa/src/main/java/org/apache/archiva/redback/rbac/jpa/model/JpaRole.java @@ -40,6 +40,7 @@ import java.util.List; public class JpaRole extends AbstractRole implements Serializable { private static final Logger log = LoggerFactory.getLogger( JpaRole.class ); + private static final long serialVersionUID = 4564608138465995665L; @Id @Column(name="NAME") @@ -83,6 +84,10 @@ public class JpaRole extends AbstractRole implements Serializable { @Column(name="RESOURCE",nullable = false) private String resource = ""; + public JpaRole( ) + { + } + @Override public void addPermission(Permission permission) { if (permission instanceof JpaPermission) { diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java index 599edc9..df05dcf 100644 --- a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java +++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java @@ -169,9 +169,9 @@ public class LdapRbacManager } @Override - public Role createRole( String name ) + public Role createRole( String id, String name ) { - return this.rbacImpl.createRole( name ); + return this.rbacImpl.createRole( id, name ); } @Override @@ -459,6 +459,10 @@ public class LdapRbacManager catch ( LdapException e ) { throw new RbacManagerException( e.getMessage(), e ); + } finally + { + closeContext( context ); + closeLdapConnection( ldapConnection ); } } @@ -544,6 +548,28 @@ public class LdapRbacManager { return role; } + if ( !checkIfLdapRole( roleName ) ) return null; + role = this.rbacImpl.getRole( roleName ); + if (role==null) + { + try + { + String groupName = ldapRoleMapperConfiguration.getLdapGroupMappings( ).entrySet( ).stream( ) + .filter( entry -> entry.getValue( ).contains( roleName ) ) + .map( entry -> entry.getKey( ) ).findFirst( ).orElseGet( String::new ); + role = new RoleImpl( groupName + roleName, roleName ); + } + catch ( MappingException e ) + { + role = new RoleImpl( roleName ); + } + }; + rolesCache.put( roleName, role ); + return role; + } + + protected boolean checkIfLdapRole( String roleName ) throws RbacManagerException + { LdapConnection ldapConnection = null; DirContext context = null; //verify it's a ldap group @@ -553,7 +579,7 @@ public class LdapRbacManager context = ldapConnection.getDirContext(); if ( !ldapRoleMapper.hasRole( context, roleName ) ) { - return null; + return false; } } catch ( MappingException e ) @@ -563,25 +589,27 @@ public class LdapRbacManager catch ( LdapException e ) { throw new RbacManagerException( e.getMessage(), e ); - } - role = this.rbacImpl.getRole( roleName ); - if (role==null) + } finally { - try - { - String groupName = ldapRoleMapperConfiguration.getLdapGroupMappings( ).entrySet( ).stream( ) - .filter( entry -> entry.getValue( ).contains( roleName ) ) - .map( entry -> entry.getKey( ) ).findFirst( ).orElseGet( String::new ); - role = new RoleImpl( groupName + roleName, roleName ); - } - catch ( MappingException e ) - { - role = new RoleImpl( roleName ); + closeContext( context ); + closeLdapConnection( ldapConnection ); + } + return true; + } + + @Override + public Role getRoleById( String id ) throws RbacObjectNotFoundException, RbacManagerException + { + Role role = rbacImpl.getRoleById( id ); + if (role==null) { + throw new RbacObjectNotFoundException( "Role with id " + id + " not found" ); + } else { + if (checkIfLdapRole( role.getName() )) { + return role; + } else { + return null; } - }; - role = ( role == null ) ? new RoleImpl( roleName ) : role; - rolesCache.put( roleName, role ); - return role; + } } @Override @@ -852,6 +880,9 @@ public class LdapRbacManager catch ( LdapException e ) { throw new RbacManagerException( e.getMessage(), e ); + } finally { + closeContext( context ); + closeLdapConnection( ldapConnection ); } fireRbacRoleRemoved( role ); } @@ -952,6 +983,17 @@ public class LdapRbacManager } @Override + public boolean roleExistsById( String id ) throws RbacManagerException + { + Role role = rbacImpl.getRoleById( id ); + if (role==null) { + return false; + } else { + return roleExists( role.getName() ); + } + } + + @Override public Operation saveOperation( Operation operation ) throws RbacManagerException { diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-memory/src/main/java/org/apache/archiva/redback/rbac/memory/MemoryRbacManager.java b/redback-rbac/redback-rbac-providers/redback-rbac-memory/src/main/java/org/apache/archiva/redback/rbac/memory/MemoryRbacManager.java index 1c743b0..235d3ab 100644 --- a/redback-rbac/redback-rbac-providers/redback-rbac-memory/src/main/java/org/apache/archiva/redback/rbac/memory/MemoryRbacManager.java +++ b/redback-rbac/redback-rbac-providers/redback-rbac-memory/src/main/java/org/apache/archiva/redback/rbac/memory/MemoryRbacManager.java @@ -71,6 +71,7 @@ public class MemoryRbacManager // Role methods // ---------------------------------------------------------------------- + @Override public Role saveRole( Role role ) throws RbacManagerException { @@ -93,6 +94,7 @@ public class MemoryRbacManager return role; } + @Override public void saveRoles( Collection<Role> roles ) throws RbacObjectInvalidException, RbacManagerException { @@ -117,6 +119,7 @@ public class MemoryRbacManager } } + @Override public Role getRole( String roleName ) throws RbacObjectNotFoundException { @@ -127,6 +130,16 @@ public class MemoryRbacManager return roles.get( roleName ); } + @Override + public Role getRoleById( String id ) throws RbacObjectNotFoundException, RbacManagerException + { + triggerInit(); + return roles.values( ).stream( ).filter( role -> StringUtils.equals( role.getId( ), id ) ).findAny( ).orElseThrow( + () -> new RbacObjectNotFoundException( "Role with id " + id + " not found" ) + ); + } + + @Override public void removeRole( Role role ) throws RbacManagerException, RbacObjectNotFoundException { @@ -144,6 +157,7 @@ public class MemoryRbacManager roles.remove( role.getName() ); } + @Override public List<Role> getAllRoles() throws RbacManagerException { @@ -156,6 +170,7 @@ public class MemoryRbacManager // Permission methods // ---------------------------------------------------------------------- + @Override public Operation saveOperation( Operation operation ) throws RbacManagerException { @@ -167,6 +182,7 @@ public class MemoryRbacManager return operation; } + @Override public Permission savePermission( Permission permission ) throws RbacManagerException { @@ -183,6 +199,7 @@ public class MemoryRbacManager return permission; } + @Override public Resource saveResource( Resource resource ) throws RbacManagerException { @@ -194,6 +211,7 @@ public class MemoryRbacManager return resource; } + @Override public UserAssignment saveUserAssignment( UserAssignment userAssignment ) throws RbacManagerException { @@ -207,6 +225,7 @@ public class MemoryRbacManager return userAssignment; } + @Override public Operation createOperation( String name ) throws RbacManagerException { @@ -225,6 +244,7 @@ public class MemoryRbacManager return operation; } + @Override public Permission createPermission( String name ) throws RbacManagerException { @@ -243,6 +263,7 @@ public class MemoryRbacManager return permission; } + @Override public Permission createPermission( String name, String operationName, String resourceIdentifier ) throws RbacManagerException { @@ -274,6 +295,7 @@ public class MemoryRbacManager return permission; } + @Override public Resource createResource( String identifier ) throws RbacManagerException { @@ -292,10 +314,12 @@ public class MemoryRbacManager return resource; } - public Role createRole( String name ) + @Override + public Role createRole( String id, String name ) { Role role = new MemoryRole(); role.setName( name ); + role.setId( id ); return role; } @@ -309,6 +333,7 @@ public class MemoryRbacManager } } + @Override public Permission getPermission( String permissionName ) throws RbacObjectNotFoundException, RbacManagerException { @@ -327,6 +352,7 @@ public class MemoryRbacManager return Collections.unmodifiableList( new ArrayList<Resource>( resources.values() ) ); } + @Override public void removeOperation( Operation operation ) throws RbacObjectNotFoundException, RbacManagerException { @@ -351,6 +377,7 @@ public class MemoryRbacManager } } + @Override public void removePermission( Permission permission ) throws RbacObjectNotFoundException, RbacManagerException { @@ -368,6 +395,7 @@ public class MemoryRbacManager permissions.remove( permission.getName() ); } + @Override public void removeResource( Resource resource ) throws RbacObjectNotFoundException, RbacManagerException { @@ -402,6 +430,7 @@ public class MemoryRbacManager } } + @Override public void removeUserAssignment( UserAssignment userAssignment ) throws RbacObjectNotFoundException, RbacManagerException { @@ -420,6 +449,7 @@ public class MemoryRbacManager userAssignments.remove( userAssignment.getPrincipal() ); } + @Override public void eraseDatabase() { userAssignments.clear(); @@ -429,6 +459,7 @@ public class MemoryRbacManager roles.clear(); } + @Override public UserAssignment createUserAssignment( String principal ) throws RbacManagerException { @@ -447,6 +478,7 @@ public class MemoryRbacManager } } + @Override public List<Operation> getAllOperations() throws RbacManagerException { @@ -455,6 +487,7 @@ public class MemoryRbacManager return Collections.unmodifiableList( new ArrayList<Operation>( operations.values() ) ); } + @Override public List<Permission> getAllPermissions() throws RbacManagerException { @@ -463,6 +496,7 @@ public class MemoryRbacManager return Collections.unmodifiableList( new ArrayList<Permission>( permissions.values() ) ); } + @Override public List<Resource> getAllResources() throws RbacManagerException { @@ -471,6 +505,7 @@ public class MemoryRbacManager return Collections.unmodifiableList( new ArrayList<Resource>( resources.values() ) ); } + @Override public List<UserAssignment> getAllUserAssignments() throws RbacManagerException { @@ -479,6 +514,7 @@ public class MemoryRbacManager return Collections.unmodifiableList( new ArrayList<UserAssignment>( userAssignments.values() ) ); } + @Override public List<UserAssignment> getUserAssignmentsForRoles( Collection<String> roleNames ) throws RbacManagerException { @@ -501,6 +537,7 @@ public class MemoryRbacManager return userAssignments; } + @Override public UserAssignment getUserAssignment( String principal ) throws RbacObjectNotFoundException, RbacManagerException { @@ -511,6 +548,7 @@ public class MemoryRbacManager return userAssignments.get( principal ); } + @Override public Operation getOperation( String operationName ) throws RbacObjectNotFoundException, RbacManagerException { @@ -521,6 +559,7 @@ public class MemoryRbacManager return operations.get( operationName ); } + @Override public Resource getResource( String resourceIdentifier ) throws RbacObjectNotFoundException, RbacManagerException { @@ -546,11 +585,13 @@ public class MemoryRbacManager return true; } + @Override public String getDescriptionKey() { return "archiva.redback.rbacmanager.memory"; } + @Override public boolean isReadOnly() { return false; diff --git a/redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/DefaultRoleManager.java b/redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/DefaultRoleManager.java index 6fdefaa..9d68db6 100644 --- a/redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/DefaultRoleManager.java +++ b/redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/DefaultRoleManager.java @@ -97,18 +97,15 @@ public class DefaultRoleManager private RBACManager rbacManager; + @Override public void loadRoleModel( URL resource ) throws RoleManagerException { RedbackRoleModelStaxReader reader = new RedbackRoleModelStaxReader(); - InputStreamReader inputStreamReader = null; - - try + try(InputStreamReader inputStreamReader = new InputStreamReader( resource.openStream() )) { - inputStreamReader = new InputStreamReader( resource.openStream() ); - RedbackRoleModel roleModel = reader.read( inputStreamReader ); for ( ModelApplication app : roleModel.getApplications() ) @@ -132,12 +129,9 @@ public class DefaultRoleManager { throw new RoleManagerException( "error parsing redback profile", e ); } - finally - { - IOUtils.closeQuietly( inputStreamReader ); - } } + @Override public void loadRoleModel( RedbackRoleModel roleModel ) throws RoleManagerException { @@ -189,6 +183,7 @@ public class DefaultRoleManager * create a role for the given roleName using the resource passed in for * resolving the ${resource} expression */ + @Override public void createTemplatedRole( String templateId, String resource ) throws RoleManagerException { @@ -199,6 +194,7 @@ public class DefaultRoleManager * remove the role corresponding to the role using the resource passed in for resolving the * ${resource} expression */ + @Override public void removeTemplatedRole( String templateId, String resource ) throws RoleManagerException { @@ -232,7 +228,8 @@ public class DefaultRoleManager * NOTE: this requires removal and creation of the role since the jdo store does not tolerate renaming * because of the use of the name as an identifier */ - public void updateRole( String templateId, String oldResource, String newResource ) + @Override + public void moveTemplatedRole( String templateId, String oldResource, String newResource ) throws RoleManagerException { // make the new role @@ -264,6 +261,7 @@ public class DefaultRoleManager templateProcessor.remove( blessedModel, templateId, oldResource ); } + @Override public void assignRole( String roleId, String principal ) throws RoleManagerException { @@ -296,6 +294,7 @@ public class DefaultRoleManager } } + @Override public void assignRoleByName( String roleName, String principal ) throws RoleManagerException { @@ -326,6 +325,7 @@ public class DefaultRoleManager } } + @Override public void assignTemplatedRole( String templateId, String resource, String principal ) throws RoleManagerException { @@ -363,6 +363,7 @@ public class DefaultRoleManager } } + @Override public void unassignRole( String roleId, String principal ) throws RoleManagerException { @@ -396,6 +397,7 @@ public class DefaultRoleManager } } + @Override public void unassignRoleByName( String roleName, String principal ) throws RoleManagerException { @@ -427,6 +429,7 @@ public class DefaultRoleManager } } + @Override public boolean roleExists( String roleId ) throws RoleManagerException { @@ -458,6 +461,7 @@ public class DefaultRoleManager } } + @Override public boolean templatedRoleExists( String templateId, String resource ) throws RoleManagerException { @@ -488,6 +492,7 @@ public class DefaultRoleManager } } + @Override @PostConstruct public void initialize() { @@ -531,11 +536,13 @@ public class DefaultRoleManager log.info( "DefaultRoleManager initialize time {}", stopWatch.getTime() ); } + @Override public RedbackRoleModel getModel() { return blessedModel; } + @Override public void verifyTemplatedRole( String templateId, String resource ) throws RoleManagerException { diff --git a/redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/RoleManager.java b/redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/RoleManager.java index 9a77eff..7c727e8 100644 --- a/redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/RoleManager.java +++ b/redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/RoleManager.java @@ -70,17 +70,15 @@ public interface RoleManager /** - * allows for a role coming from a template to be renamed effectively swapping out the bits of it that - * were labeled with the oldResource with the newResource + * Moves the instance of the templated role from the old resource to the new resource and updates the + * user assignments. * - * it also manages any user assignments for that role - * - * @param templateId - * @param oldResource - * @param newResource + * @param templateId the name of the role template + * @param oldResource the old resource name + * @param newResource the new resource name * @throws RoleManagerException */ - void updateRole( String templateId, String oldResource, String newResource ) + void moveTemplatedRole( String templateId, String oldResource, String newResource ) throws RoleManagerException; diff --git a/redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/processor/DefaultRoleModelProcessor.java b/redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/processor/DefaultRoleModelProcessor.java index 203bfc7..e0b4b65 100644 --- a/redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/processor/DefaultRoleModelProcessor.java +++ b/redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/processor/DefaultRoleModelProcessor.java @@ -196,6 +196,9 @@ public class DefaultRoleModelProcessor try { Role role = rbacManager.createRole( roleProfile.getName() ); + role.setId( roleProfile.getId() ); + role.setModelId( roleProfile.getId() ); + role.setTemplateInstance( false ); role.setDescription( roleProfile.getDescription() ); role.setPermanent( roleProfile.isPermanent() ); role.setAssignable( roleProfile.isAssignable() ); diff --git a/redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/template/DefaultRoleTemplateProcessor.java b/redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/template/DefaultRoleTemplateProcessor.java index 1bb0f6f..3c43333 100644 --- a/redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/template/DefaultRoleTemplateProcessor.java +++ b/redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/template/DefaultRoleTemplateProcessor.java @@ -177,7 +177,8 @@ public class DefaultRoleTemplateProcessor private void processTemplate( RedbackRoleModel model, ModelTemplate template, String resource ) throws RoleManagerException { - String templateName = template.getNamePrefix() + template.getDelimiter() + resource; + final String templateName = template.getNamePrefix() + template.getDelimiter() + resource; + final String roleId = template.getId( ) + "." + resource; List<Permission> permissions = processPermissions( model, template, resource ); @@ -197,6 +198,10 @@ public class DefaultRoleTemplateProcessor try { Role role = rbacManager.createRole( templateName ); + role.setId( roleId ); + role.setModelId( template.getId() ); + role.setResource( resource ); + role.setTemplateInstance( true ); role.setDescription( template.getDescription() ); role.setPermanent( template.isPermanent() ); role.setAssignable( template.isAssignable() ); diff --git a/redback-rbac/redback-rbac-role-manager/src/test/java/org/apache/archiva/redback/role/AbstractRoleManagerTest.java b/redback-rbac/redback-rbac-role-manager/src/test/java/org/apache/archiva/redback/role/AbstractRoleManagerTest.java index 2b31d9f..50b303a 100644 --- a/redback-rbac/redback-rbac-role-manager/src/test/java/org/apache/archiva/redback/role/AbstractRoleManagerTest.java +++ b/redback-rbac/redback-rbac-role-manager/src/test/java/org/apache/archiva/redback/role/AbstractRoleManagerTest.java @@ -81,7 +81,7 @@ public abstract class AbstractRoleManagerTest assertTrue( roleManager.templatedRoleExists( "test-template-2", "foo" ) ); assertTrue( roleManager.templatedRoleExists( "test-template", "foo" ) ); - roleManager.updateRole( "test-template-2", "foo", "bar" ); + roleManager.moveTemplatedRole( "test-template-2", "foo", "bar" ); assertFalse( roleManager.templatedRoleExists( "test-template-2", "foo" ) ); // TODO: bug - assertFalse( roleManager.templatedRoleExists( "test-template", "foo" ) ); @@ -104,7 +104,7 @@ public abstract class AbstractRoleManagerTest roleManager.createTemplatedRole( "test-template-2", "cold" ); roleManager.assignTemplatedRole( "test-template-2", "cold", principal ); - roleManager.updateRole( "test-template-2", "cold", "frigid" ); + roleManager.moveTemplatedRole( "test-template-2", "cold", "frigid" ); assertTrue( roleManager.templatedRoleExists( "test-template-2", "frigid" ) );
