continuum-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jmcconn...@apache.org
Subject svn commit: r452194 - in /maven/continuum/branches/rbac-integration: continuum-security/src/main/java/org/apache/maven/continuum/security/ continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ continuum-security/src/main/resourc...
Date Mon, 02 Oct 2006 20:24:11 GMT
Author: jmcconnell
Date: Mon Oct  2 13:24:10 2006
New Revision: 452194

URL: http://svn.apache.org/viewvc?view=rev&rev=452194
Log:
created new role called Continuum Project Group Manager that has the rights to add projects
and is granted the developer role to every created project.  The system administrator account
is granted this role at startup giving the sysad rights to everything now...this role can
bve granted to users enabling them project group related administration abilities for everything
site wide.

Added:
    maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ContinuumGroupAdministratorRoleProfile.java
  (with props)
Modified:
    maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/ContinuumRoleConstants.java
    maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/ContinuumRoleProfileManager.java
    maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ContinuumSystemAdministratorRoleProfile.java
    maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ProjectGroupDeveloperDynamicRoleProfile.java
    maven/continuum/branches/rbac-integration/continuum-security/src/main/resources/META-INF/plexus/components.xml
    maven/continuum/branches/rbac-integration/continuum-webapp/src/main/webapp/navigations/DefaultTop.jsp
    maven/continuum/branches/rbac-integration/continuum-webapp/src/main/webapp/navigations/Menu.jsp

Modified: maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/ContinuumRoleConstants.java
URL: http://svn.apache.org/viewvc/maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/ContinuumRoleConstants.java?view=diff&rev=452194&r1=452193&r2=452194
==============================================================================
--- maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/ContinuumRoleConstants.java
(original)
+++ maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/ContinuumRoleConstants.java
Mon Oct  2 13:24:10 2006
@@ -28,6 +28,7 @@
     // globalish roles
     public static final String SYSTEM_ADMINISTRATOR_ROLE = "System Administrator";
     public static final String USER_ADMINISTRATOR_ROLE = "User Administrator";
+    public static final String GROUP_ADMINISTRATOR_ROLE = "Continuum Group Project Administrator";
     public static final String REGISTERED_USER_ROLE = "Registered User";
     public static final String GUEST_ROLE = "Guest";
 

Modified: maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/ContinuumRoleProfileManager.java
URL: http://svn.apache.org/viewvc/maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/ContinuumRoleProfileManager.java?view=diff&rev=452194&r1=452193&r2=452194
==============================================================================
--- maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/ContinuumRoleProfileManager.java
(original)
+++ maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/ContinuumRoleProfileManager.java
Mon Oct  2 13:24:10 2006
@@ -2,6 +2,9 @@
 
 import org.codehaus.plexus.rbac.profile.DefaultRoleProfileManager;
 import org.codehaus.plexus.rbac.profile.RoleProfileException;
+import org.codehaus.plexus.rbac.profile.DynamicRoleProfile;
+import org.codehaus.plexus.security.rbac.Role;
+import org.codehaus.plexus.component.repository.exception.ComponentLookupException;
 /*
  * Copyright 2006 The Apache Software Foundation.
  *
@@ -35,9 +38,33 @@
     public void initialize()
         throws RoleProfileException
     {
+        // make sure registered user and group administrator roles exist
+        getRole( "continuum-group-administrator" );
+        getRole( "registered-user" );
+
+
         mergeRoleProfiles( "system-administrator", "continuum-system-administrator" );
         mergeRoleProfiles( "user-administrator", "continuum-user-administrator" );
         mergeRoleProfiles( "guest", "continuum-guest" );
+
+
+
         setInitialized( true ); //todo remove the initialization idea from profile managers
+    }
+
+
+    public Role getDynamicRole( String roleHint, String resource )
+        throws RoleProfileException
+    {
+        try
+        {
+            DynamicRoleProfile roleProfile =  (DynamicRoleProfile)container.lookup( DynamicRoleProfile.ROLE,
roleHint );
+
+            return roleProfile.getRole( resource ); 
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new RoleProfileException( "unable to locate dynamic role profile " + roleHint,
cle );
+        }
     }
 }

Added: maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ContinuumGroupAdministratorRoleProfile.java
URL: http://svn.apache.org/viewvc/maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ContinuumGroupAdministratorRoleProfile.java?view=auto&rev=452194
==============================================================================
--- maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ContinuumGroupAdministratorRoleProfile.java
(added)
+++ maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ContinuumGroupAdministratorRoleProfile.java
Mon Oct  2 13:24:10 2006
@@ -0,0 +1,57 @@
+package org.apache.maven.continuum.security.profile;
+
+import org.codehaus.plexus.rbac.profile.AbstractRoleProfile;
+import org.apache.maven.continuum.security.ContinuumRoleConstants;
+
+import java.util.List;
+import java.util.ArrayList;
+/*
+ * Copyright 2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * ContinuumSystemAdministratorRoleProfile:
+ *
+ * @author: Jesse McConnell <jmcconnell@apache.org>
+ * @version: $ID:$
+ *
+ * @plexus.component
+ *   role="org.codehaus.plexus.rbac.profile.RoleProfile"
+ *   role-hint="continuum-group-administrator"
+ */
+public class ContinuumGroupAdministratorRoleProfile
+    extends AbstractRoleProfile
+{
+
+    public String getRoleName()
+    {
+        return ContinuumRoleConstants.GROUP_ADMINISTRATOR_ROLE;
+    }
+
+    public List getOperations()
+    {
+        List operations = new ArrayList();
+        operations.add( ContinuumRoleConstants.CONTINUUM_ADD_GROUP_OPERATION );
+        operations.add( ContinuumRoleConstants.CONTINUUM_MANAGE_SCHEDULES );        
+
+        return operations;
+    }
+
+
+    public boolean isAssignable()
+    {
+        return false;
+    }
+}

Propchange: maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ContinuumGroupAdministratorRoleProfile.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ContinuumSystemAdministratorRoleProfile.java
URL: http://svn.apache.org/viewvc/maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ContinuumSystemAdministratorRoleProfile.java?view=diff&rev=452194&r1=452193&r2=452194
==============================================================================
--- maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ContinuumSystemAdministratorRoleProfile.java
(original)
+++ maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ContinuumSystemAdministratorRoleProfile.java
Mon Oct  2 13:24:10 2006
@@ -51,6 +51,14 @@
     }
 
 
+    public List getChildRoles()
+    {
+        List childRoles = new ArrayList();
+        childRoles.add( ContinuumRoleConstants.GROUP_ADMINISTRATOR_ROLE );
+
+        return childRoles;
+    }
+
     public boolean isAssignable()
     {
         return false;

Modified: maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ProjectGroupDeveloperDynamicRoleProfile.java
URL: http://svn.apache.org/viewvc/maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ProjectGroupDeveloperDynamicRoleProfile.java?view=diff&rev=452194&r1=452193&r2=452194
==============================================================================
--- maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ProjectGroupDeveloperDynamicRoleProfile.java
(original)
+++ maven/continuum/branches/rbac-integration/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ProjectGroupDeveloperDynamicRoleProfile.java
Mon Oct  2 13:24:10 2006
@@ -1,11 +1,15 @@
 package org.apache.maven.continuum.security.profile;
 
-import org.codehaus.plexus.rbac.profile.AbstractDynamicRoleProfile;
 import org.apache.maven.continuum.security.ContinuumRoleConstants;
+import org.codehaus.plexus.rbac.profile.AbstractDynamicRoleProfile;
+import org.codehaus.plexus.rbac.profile.RoleProfileException;
+import org.codehaus.plexus.security.rbac.RbacManagerException;
+import org.codehaus.plexus.security.rbac.RbacObjectNotFoundException;
+import org.codehaus.plexus.security.rbac.Role;
 
-import java.util.List;
 import java.util.ArrayList;
 import java.util.Collections;
+import java.util.List;
 /*
  * Copyright 2006 The Apache Software Foundation.
  *
@@ -78,4 +82,36 @@
     {
         return true;
     }
+
+
+    public Role getRole( String resource )
+         throws RoleProfileException
+     {
+         try
+         {
+             if ( rbacManager.roleExists( getRoleName( resource ) ) )
+             {
+                 return rbacManager.getRole( getRoleName( resource ) );
+             }
+             else
+             {
+                 // first time assign the role to the system administrator since they need
the access
+                 Role newRole = generateRole( resource );
+
+                 Role groupAdmin = rbacManager.getRole( ContinuumRoleConstants.GROUP_ADMINISTRATOR_ROLE
);
+                 groupAdmin.addChildRoleName( newRole.getName() );
+                 rbacManager.saveRole( groupAdmin );
+
+                 return newRole;
+             }
+         }
+         catch ( RbacObjectNotFoundException ne )
+         {
+             throw new RoleProfileException( "unable to get role", ne );
+         }
+         catch ( RbacManagerException e )
+         {
+             throw new RoleProfileException( "system error with rbac manager", e );
+         }
+      }
 }

Modified: maven/continuum/branches/rbac-integration/continuum-security/src/main/resources/META-INF/plexus/components.xml
URL: http://svn.apache.org/viewvc/maven/continuum/branches/rbac-integration/continuum-security/src/main/resources/META-INF/plexus/components.xml?view=diff&rev=452194&r1=452193&r2=452194
==============================================================================
--- maven/continuum/branches/rbac-integration/continuum-security/src/main/resources/META-INF/plexus/components.xml
(original)
+++ maven/continuum/branches/rbac-integration/continuum-security/src/main/resources/META-INF/plexus/components.xml
Mon Oct  2 13:24:10 2006
@@ -56,6 +56,20 @@
     </component>
     <component>
       <role>org.codehaus.plexus.rbac.profile.RoleProfile</role>
+      <role-hint>continuum-group-administrator</role-hint>
+      <implementation>org.apache.maven.continuum.security.profile.ContinuumGroupAdministratorRoleProfile</implementation>
+      <requirements>
+        <requirement>
+          <role>org.codehaus.plexus.security.rbac.RBACManager</role>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.PlexusContainer</role>
+          <field-name>container</field-name>
+        </requirement>
+      </requirements>
+    </component>
+    <component>
+      <role>org.codehaus.plexus.rbac.profile.RoleProfile</role>
       <role-hint>continuum-user-administrator</role-hint>
       <implementation>org.apache.maven.continuum.security.profile.ContinuumUserAdministratorRoleProfile</implementation>
       <requirements>

Modified: maven/continuum/branches/rbac-integration/continuum-webapp/src/main/webapp/navigations/DefaultTop.jsp
URL: http://svn.apache.org/viewvc/maven/continuum/branches/rbac-integration/continuum-webapp/src/main/webapp/navigations/DefaultTop.jsp?view=diff&rev=452194&r1=452193&r2=452194
==============================================================================
--- maven/continuum/branches/rbac-integration/continuum-webapp/src/main/webapp/navigations/DefaultTop.jsp
(original)
+++ maven/continuum/branches/rbac-integration/continuum-webapp/src/main/webapp/navigations/DefaultTop.jsp
Mon Oct  2 13:24:10 2006
@@ -25,9 +25,6 @@
 <div id="breadcrumbs">
 
   <div style="float: right;">
-    <pss:ifAuthorized permission="continuum-guest">
-      Guest Enabled!
-    </pss:ifAuthorized>
     <a href="http://maven.apache.org/continuum">Continuum</a> |
     <a href="http://maven.apache.org/">Maven</a> |
     <a href="http://www.apache.org/">Apache</a>

Modified: maven/continuum/branches/rbac-integration/continuum-webapp/src/main/webapp/navigations/Menu.jsp
URL: http://svn.apache.org/viewvc/maven/continuum/branches/rbac-integration/continuum-webapp/src/main/webapp/navigations/Menu.jsp?view=diff&rev=452194&r1=452193&r2=452194
==============================================================================
--- maven/continuum/branches/rbac-integration/continuum-webapp/src/main/webapp/navigations/Menu.jsp
(original)
+++ maven/continuum/branches/rbac-integration/continuum-webapp/src/main/webapp/navigations/Menu.jsp
Mon Oct  2 13:24:10 2006
@@ -16,6 +16,7 @@
       </div>
     </div>
   </div>
+  <pss:ifAuthorized permission="continuum-add-group">
   <div id="projectmenu" class="toolgroup">
     <div class="label"><ww:text name="menu.addProject"/></div>
     <div>
@@ -33,6 +34,7 @@
       </div>
     </div>
   </div>
+  </pss:ifAuthorized>
 
   <pss:ifAnyAuthorized permissions="continuum-manage-schedules,continuum-manage-configuration,continuum-manage-users">
   <div id="projectmenu" class="toolgroup">



Mime
View raw message