[GitHub] archiva-redback-core pull request #9: Adding parameter references in authori...

Fri, 09 Sep 2016 00:54:07 -0700 

GitHub user effrafax opened a pull request:

    https://github.com/apache/archiva-redback-core/pull/9

    Adding parameter references in authorization resource

    This is a patch that may be used to fix 
https://issues.apache.org/jira/browse/MRM-1908
    
    Certain rest methods in archiva have permission checks annotated but do not 
take the repository id into account. This patch adds the possibility to set the 
resource parameter of the authorization check dynamically from a request 
parameter.
    
    In certain cases the resource must be dynamically set by parameter values.
    This patch allows to add a reference into the resource field of the redback
    annotation '{parameterName}' that fills the resource of the permission 
dynamically
    with the parameter value, if found.
    
    Please check, if this would be the right way to fix the issue. I tested it, 
by changing the resource annotation in archiva: `FileUploadService#save`:
    `    @RedbackAuthorization( resource = "{repositoryId}", permissions = 
ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD )`
    
    


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/effrafax/archiva-redback-core param_resource

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/archiva-redback-core/pull/9.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #9
    
----
commit 796af57be2dda6f5b4c5b27f57157ecc0a33aff1
Author: Martin Stockhammer <[email protected]>
Date:   2016-09-09T07:40:29Z

    Adding parameter references in authorization resource
    
    In certain cases the resource must be dynamically set by parameter values.
    This patch allows to add a reference into the resource field of the redback
    annotation '{parameterName}' that fills the resource of the permission 
dynamically
    with the parameter value, if found.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---

Reply via email to