continuum-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From och...@apache.org
Subject svn commit: r509415 [1/3] - in /maven/continuum/trunk: continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ continuum-webapp/src/main/java/org/apache/maven/c...
Date Tue, 20 Feb 2007 02:41:40 GMT
Author: oching
Date: Mon Feb 19 18:41:37 2007
New Revision: 509415

URL: http://svn.apache.org/viewvc?view=rev&rev=509415
Log:
Added isAuthorized* methods in ContinuumActionSupport for checking authorization in action classes with different permissions. Implemented SecureAction in some of the action classes that has a specific permission. Also added 'modify-project-notifier' operation in ProjectDeveloperDynamicRoleProfile.

Added:
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/exception/AuthenticationRequiredException.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/exception/AuthorizationRequiredException.java
    maven/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/error/authorizationError.jsp
Modified:
    maven/continuum/trunk/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ProjectGroupDeveloperDynamicRoleProfile.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildDefinitionAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildProjectAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildResultAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildResultsListAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/CancelBuildAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ContinuumActionSupport.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/DeleteProjectAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/GroupSummaryAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ProjectEditAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ProjectGroupAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ProjectViewAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ReleaseCleanupAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ReleaseInProgressAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ReleasePerformAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ReleasePrepareAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ReleaseProjectAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ReleaseProjectGoalAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ReleaseRollbackAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/SummaryAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/SurefireReportAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/WorkingCopyAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/component/BuildDefinitionSummaryAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/component/NotifierSummaryAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/AbstractGroupNotifierEditAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/AbstractNotifierEditActionSupport.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/AbstractProjectNotifierEditAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/AddGroupNotifierAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/AddProjectNotifierAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/DeleteGroupNotifierAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/DeleteProjectNotifierAction.java
    maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/exception/ContinuumActionException.java
    maven/continuum/trunk/continuum-webapp/src/main/resources/xwork.xml
    maven/continuum/trunk/continuum-webapp/src/test/java/org/apache/maven/continuum/web/action/ReleasePrepareActionTest.java

Modified: maven/continuum/trunk/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ProjectGroupDeveloperDynamicRoleProfile.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ProjectGroupDeveloperDynamicRoleProfile.java?view=diff&rev=509415&r1=509414&r2=509415
==============================================================================
--- maven/continuum/trunk/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ProjectGroupDeveloperDynamicRoleProfile.java (original)
+++ maven/continuum/trunk/continuum-security/src/main/java/org/apache/maven/continuum/security/profile/ProjectGroupDeveloperDynamicRoleProfile.java Mon Feb 19 18:41:37 2007
@@ -61,6 +61,7 @@
         operations.add( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_BUILD_DEFINITION_OPERATION );
         operations.add( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_NOTIFIER_OPERATION );
         operations.add( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_BUILD_DEFINITION_OPERATION );
+        operations.add( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_NOTIFIER_OPERATION );
         operations.add( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_IN_GROUP_OPERATION );
         operations.add( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_BUILD_DEFINITION_OPERATION );
         operations.add( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_NOTIFIER_OPERATION );

Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildDefinitionAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildDefinitionAction.java?view=diff&rev=509415&r1=509414&r2=509415
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildDefinitionAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildDefinitionAction.java Mon Feb 19 18:41:37 2007
@@ -24,6 +24,8 @@
 import org.apache.maven.continuum.model.project.Schedule;
 import org.apache.maven.continuum.model.project.Project;
 import org.apache.maven.continuum.web.exception.ContinuumActionException;
+import org.apache.maven.continuum.web.exception.AuthorizationRequiredException;
+import org.apache.maven.continuum.web.exception.AuthenticationRequiredException;
 
 import java.util.Collection;
 import java.util.HashMap;
@@ -71,6 +73,8 @@
 
     private boolean groupBuildDefinition = false;
 
+    private String projectGroupName = "";
+
     public void prepare()
         throws Exception
     {
@@ -96,7 +100,6 @@
             profiles = new HashMap();
         }
 
-
     }
 
     /**
@@ -107,48 +110,67 @@
     public String input()
         throws ContinuumException
     {
-        if ( executor == null )
+        try
         {
-            if ( projectId != 0 )
+            if ( executor == null )
+            {
+                if ( projectId != 0 )
+                {
+                    executor = getContinuum().getProject( projectId ).getExecutorId();
+                }
+                else
+                {
+                    List projects = getContinuum().getProjectGroupWithProjects( projectGroupId ).getProjects();
+
+                    if( projects.size() > 0 )
+                    {
+                        Project project = (Project) projects.get( 0 );
+                        executor = project.getExecutorId();
+                    }
+                }
+            }
+
+            if ( buildDefinitionId != 0 )
             {
-                executor = getContinuum().getProject( projectId ).getExecutorId();
+                if( isAuthorizedModifyProjectBuildDefinition( getProjectGroupName() ) ||
+                            isAuthorizedModifyGroupBuildDefinition( getProjectGroupName() ) )
+                {
+                    BuildDefinition buildDefinition = getContinuum().getBuildDefinition( buildDefinitionId );
+                    goals = buildDefinition.getGoals();
+                    arguments = buildDefinition.getArguments();
+                    buildFile = buildDefinition.getBuildFile();
+                    buildFresh = buildDefinition.isBuildFresh();
+                    scheduleId = buildDefinition.getSchedule().getId();
+                    defaultBuildDefinition = buildDefinition.isDefaultForProject();
+                }
             }
             else
             {
-                List projects = getContinuum().getProjectGroupWithProjects( projectGroupId ).getProjects();
-                
-                if( projects.size() > 0 )
+                if( isAuthorizedAddProjectBuildDefinition( getProjectGroupName() ) ||
+                        isAuthorizedAddGroupBuildDefinition( getProjectGroupName() ) )
                 {
-                    Project project = (Project) projects.get( 0 );
-                    executor = project.getExecutorId();
+                    if ( "maven2".equals(executor) )
+                    {
+                        buildFile = "pom.xml";
+                    }
+                    else if ( "maven-1".equals(executor) )
+                    {
+                        buildFile = "project.xml";
+                    }
+                    else if ( "ant".equals(executor) )
+                    {
+                        buildFile = "build.xml";
+                    }
                 }
             }
         }
-
-        if ( buildDefinitionId != 0 )
+        catch ( AuthenticationRequiredException authnE )
         {
-            BuildDefinition buildDefinition = getContinuum().getBuildDefinition( buildDefinitionId );
-            goals = buildDefinition.getGoals();
-            arguments = buildDefinition.getArguments();
-            buildFile = buildDefinition.getBuildFile();
-            buildFresh = buildDefinition.isBuildFresh();
-            scheduleId = buildDefinition.getSchedule().getId();
-            defaultBuildDefinition = buildDefinition.isDefaultForProject();
+            return REQUIRES_AUTHENTICATION;
         }
-        else
+        catch ( AuthorizationRequiredException authzE )
         {
-            if ( "maven2".equals(executor) )
-            {
-                buildFile = "pom.xml";
-            }
-            else if ( "maven-1".equals(executor) )
-            {
-                buildFile = "project.xml";
-            }
-            else if ( "ant".equals(executor) )
-            {
-                buildFile = "build.xml";
-            }
+            return REQUIRES_AUTHORIZATION;
         }
 
         return SUCCESS;
@@ -175,11 +197,17 @@
         {
             if ( buildDefinitionId == 0 )
             {
-                getContinuum().addBuildDefinitionToProject( projectId, getBuildDefinitionFromInput() );
+                if ( isAuthorizedAddProjectBuildDefinition( getProjectGroupName() ) )
+                {
+                    getContinuum().addBuildDefinitionToProject( projectId, getBuildDefinitionFromInput() );
+                }
             }
             else
             {
-                getContinuum().updateBuildDefinitionForProject( projectId, getBuildDefinitionFromInput() );
+                if( isAuthorizedModifyProjectBuildDefinition( getProjectGroupName() ) )
+                {
+                    getContinuum().updateBuildDefinitionForProject( projectId, getBuildDefinitionFromInput() );
+                }
             }
         }
         catch ( ContinuumActionException cae )
@@ -187,6 +215,15 @@
             addActionError( cae.getMessage() );
             return INPUT;
         }
+        catch ( AuthorizationRequiredException authzE )
+        {
+            addActionError( authzE.getMessage() );
+            return REQUIRES_AUTHORIZATION;
+        }
+        catch ( AuthenticationRequiredException authnE )
+        {
+            return REQUIRES_AUTHENTICATION;
+        }
 
         return SUCCESS;
     }
@@ -205,11 +242,17 @@
             
             if ( buildDefinitionId == 0 )
             {
-                getContinuum().addBuildDefinitionToProjectGroup( projectGroupId, newBuildDef );
+                if ( isAuthorizedAddGroupBuildDefinition( getProjectGroupName() ) )
+                {
+                    getContinuum().addBuildDefinitionToProjectGroup( projectGroupId, newBuildDef );
+                }
             }
             else
             {
-                getContinuum().updateBuildDefinitionForProjectGroup( projectGroupId, newBuildDef );
+                if ( isAuthorizedModifyGroupBuildDefinition( getProjectGroupName() ) )
+                {
+                    getContinuum().updateBuildDefinitionForProjectGroup( projectGroupId, newBuildDef );
+                }
             }
         }
         catch ( ContinuumActionException cae )
@@ -217,6 +260,15 @@
             addActionError( cae.getMessage() );
             return INPUT;
         }
+        catch ( AuthorizationRequiredException authzE )
+        {
+            addActionError( authzE.getMessage() );
+            return REQUIRES_AUTHORIZATION;
+        }
+        catch ( AuthenticationRequiredException authnE )
+        {
+            return REQUIRES_AUTHENTICATION;
+        }
 
         if ( projectId != 0 )
         {
@@ -231,31 +283,65 @@
     public String removeFromProject()
         throws ContinuumException
     {
-        if ( confirmed )
+        try
         {
-            getContinuum().removeBuildDefinitionFromProject( projectId, buildDefinitionId );
+            if ( isAuthorizedRemoveProjectFromGroup( getProjectGroupName() ) )
+            {
+                if ( confirmed )
+                {
+                    getContinuum().removeBuildDefinitionFromProject( projectId, buildDefinitionId );
 
-            return SUCCESS;
+                    return SUCCESS;
+                }
+                else
+                {
+                    return CONFIRM;
+                }
+            }
         }
-        else
-        {            
-            return CONFIRM;
+        catch ( AuthorizationRequiredException authzE )
+        {
+            addActionError( authzE.getMessage() );
+            return REQUIRES_AUTHORIZATION;
         }
+        catch ( AuthenticationRequiredException authnE )
+        {
+            return REQUIRES_AUTHENTICATION;
+        }
+
+        return SUCCESS;
     }
 
     public String removeFromProjectGroup()
         throws ContinuumException
     {
-        if ( confirmed )
+        try
         {
-            getContinuum().removeBuildDefinitionFromProjectGroup( projectGroupId, buildDefinitionId );
+            if ( isAuthorizedRemoveProjectGroup( getProjectGroupName() ) )
+            {
+                if ( confirmed )
+                {
+                    getContinuum().removeBuildDefinitionFromProjectGroup( projectGroupId, buildDefinitionId );
 
-            return SUCCESS;
+                    return SUCCESS;
+                }
+                else
+                {
+                    return CONFIRM;
+                }
+            }
         }
-        else
+        catch ( AuthorizationRequiredException authzE )
+        {
+            addActionError( authzE.getMessage() );
+            return REQUIRES_AUTHORIZATION;
+        }
+        catch ( AuthenticationRequiredException authnE )
         {
-            return CONFIRM;
+            return REQUIRES_AUTHENTICATION;
         }
+
+        return SUCCESS;
     }
 
     private BuildDefinition getBuildDefinitionFromInput()
@@ -428,5 +514,23 @@
     public void setGroupBuildDefinition( boolean groupBuildDefinition )
     {
         this.groupBuildDefinition = groupBuildDefinition;
+    }
+
+    public String getProjectGroupName()
+        throws ContinuumException
+    {
+        if ( projectGroupName == null || "".equals( projectGroupName ) )
+        {
+            if ( projectGroupId != 0 )
+            {
+                projectGroupName = getContinuum().getProjectGroup( projectGroupId ).getName();
+            }
+            else
+            {
+                projectGroupName = getContinuum().getProjectGroupByProjectId( projectId ).getName();                
+            }
+        }
+                
+        return projectGroupName;
     }
 }

Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildProjectAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildProjectAction.java?view=diff&rev=509415&r1=509414&r2=509415
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildProjectAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildProjectAction.java Mon Feb 19 18:41:37 2007
@@ -20,6 +20,11 @@
  */
 
 import org.apache.maven.continuum.ContinuumException;
+import org.apache.maven.continuum.security.ContinuumRoleConstants;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
+import org.codehaus.plexus.util.StringUtils;
 
 /**
  * @author <a href="mailto:evenisse@apache.org">Emmanuel Venisse</a>
@@ -31,6 +36,7 @@
  */
 public class BuildProjectAction
     extends ContinuumActionSupport
+    implements SecureAction
 {
     private int projectId;
 
@@ -42,9 +48,12 @@
 
     private boolean fromProjectPage = false;
 
+    private String projectGroupName = "";
+
     public String execute()
         throws ContinuumException
-    {
+    {            
+
         if ( projectId > 0 )
         {
             if ( buildDefinitionId > 0 )
@@ -80,6 +89,7 @@
             }
         }
 
+
         return SUCCESS;
     }
 
@@ -131,5 +141,42 @@
     public void setFromProjectPage( boolean fromProjectPage )
     {
         this.fromProjectPage = fromProjectPage;
+    }
+
+    public String getProjectGroupName()
+        throws ContinuumException
+    {
+        if( projectGroupName == null || "".equals( projectGroupName ) )
+        {
+            if ( projectGroupId != 0 )
+            {
+                projectGroupName = getContinuum().getProjectGroup( projectGroupId ).getName();
+            }
+            else
+            {
+                projectGroupName = getContinuum().getProjectGroupByProjectId( projectId ).getName();
+            }
+        }
+
+        return projectGroupName;
+    }
+
+    public SecureActionBundle getSecureActionBundle()
+        throws SecureActionException
+    {
+        SecureActionBundle bundle = new SecureActionBundle();
+        bundle.setRequiresAuthentication( true );                
+
+        try
+        {
+            bundle.addRequiredAuthorization( ContinuumRoleConstants.CONTINUUM_BUILD_PROJECT_IN_GROUP_OPERATION,
+                    getProjectGroupName() );
+        }
+        catch ( ContinuumException e )
+        {
+            throw new SecureActionException( e.getMessage() );
+        }
+
+        return bundle;
     }
 }

Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildResultAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildResultAction.java?view=diff&rev=509415&r1=509414&r2=509415
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildResultAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildResultAction.java Mon Feb 19 18:41:37 2007
@@ -24,13 +24,15 @@
 import java.util.List;
 
 import org.apache.maven.continuum.ContinuumException;
+import org.apache.maven.continuum.security.ContinuumRoleConstants;
 import org.apache.maven.continuum.web.util.StateGenerator;
 import org.apache.maven.continuum.configuration.ConfigurationException;
 import org.apache.maven.continuum.model.project.BuildResult;
 import org.apache.maven.continuum.model.project.Project;
 import org.codehaus.plexus.util.FileUtils;
-
-import javax.servlet.jsp.PageContext;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
 
 import com.opensymphony.webwork.ServletActionContext;
 
@@ -44,6 +46,7 @@
  */
 public class BuildResultAction
     extends ContinuumActionSupport
+    implements SecureAction
 {
     private Project project;
 
@@ -61,9 +64,12 @@
 
     private String state;
 
+    private String projectGroupName = "";
+
     public String execute()
         throws ContinuumException, ConfigurationException, IOException
     {
+
         //todo get this working for other types of test case rendering other then just surefire
         // check if there are surefire results to display
         project = getContinuum().getProject( getProjectId() );
@@ -82,6 +88,7 @@
 
         state = StateGenerator.generate( buildResult.getState(), ServletActionContext.getRequest().getContextPath() );
 
+
         return SUCCESS;
     }
 
@@ -139,6 +146,36 @@
     public String getState()
     {
         return state;
+    }
+
+    public String getProjectGroupName()
+        throws ContinuumException
+    {
+        if( projectGroupName == null || "".equals( projectGroupName ) )
+        {               
+            projectGroupName = getContinuum().getProjectGroupByProjectId( getProjectId() ).getName();
+        }
+
+        return projectGroupName;
+    }
+
+    public SecureActionBundle getSecureActionBundle()
+        throws SecureActionException
+    {
+        SecureActionBundle bundle = new SecureActionBundle();
+        bundle.setRequiresAuthentication( true );
+        
+        try
+        {
+            bundle.addRequiredAuthorization( ContinuumRoleConstants.CONTINUUM_VIEW_GROUP_OPERATION,
+                getProjectGroupName() );
+        }
+        catch ( ContinuumException e )
+        {
+
+        }
+
+        return bundle;
     }
 
 }

Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildResultsListAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildResultsListAction.java?view=diff&rev=509415&r1=509414&r2=509415
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildResultsListAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildResultsListAction.java Mon Feb 19 18:41:37 2007
@@ -20,7 +20,11 @@
  */
 
 import org.apache.maven.continuum.ContinuumException;
+import org.apache.maven.continuum.security.ContinuumRoleConstants;
 import org.apache.maven.continuum.model.project.Project;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
 
 import java.util.Collection;
 
@@ -34,6 +38,7 @@
  */
 public class BuildResultsListAction
     extends ContinuumActionSupport
+    implements SecureAction
 {
     private Project project;
 
@@ -43,6 +48,8 @@
 
     private String projectName;
 
+    private String projectGroupName = "";
+
     public String execute()
         throws ContinuumException
     {
@@ -81,5 +88,34 @@
     public Project getProject()
     {
         return project;
+    }
+
+    public String getProjectGroupName()
+        throws ContinuumException
+    {
+        if( projectGroupName == null || "".equals( projectGroupName ) )
+        {
+            projectGroupName = getContinuum().getProject( projectId ).getProjectGroup().getName();
+        }
+
+        return projectGroupName;
+    }
+
+    public SecureActionBundle getSecureActionBundle()
+        throws SecureActionException
+    {
+        SecureActionBundle bundle = new SecureActionBundle();
+        bundle.setRequiresAuthentication( true );
+
+        try
+        {
+            bundle.addRequiredAuthorization( ContinuumRoleConstants.CONTINUUM_VIEW_GROUP_OPERATION, getProjectGroupName() );
+        }
+        catch ( ContinuumException e )
+        {
+            throw new SecureActionException( e.getMessage() );
+        }
+
+        return bundle;
     }
 }

Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/CancelBuildAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/CancelBuildAction.java?view=diff&rev=509415&r1=509414&r2=509415
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/CancelBuildAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/CancelBuildAction.java Mon Feb 19 18:41:37 2007
@@ -20,9 +20,13 @@
  */
 
 import org.apache.maven.continuum.ContinuumException;
+import org.apache.maven.continuum.security.ContinuumRoleConstants;
 import org.apache.maven.continuum.buildqueue.BuildProjectTask;
 import org.codehaus.plexus.taskqueue.Task;
 import org.codehaus.plexus.taskqueue.execution.TaskQueueExecutor;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
 
 /**
  * @author <a href="mailto:evenisse@apache.org">Emmanuel Venisse</a>
@@ -32,15 +36,19 @@
  */
 public class CancelBuildAction
     extends ContinuumActionSupport
+    implements SecureAction
 {
     /** @plexus.requirement role-hint='build-project' */
     private TaskQueueExecutor taskQueueExecutor;
 
     private int projectId;
 
+    private String projectGroupName = "";
+
     public String execute()
         throws ContinuumException
     {
+
         Task task = taskQueueExecutor.getCurrentTask();
 
         getLogger().info("TaskQueueExecutor: " + taskQueueExecutor );
@@ -70,11 +78,41 @@
             getLogger().warn( "No task running - not cancelling" );
         }
 
+
         return SUCCESS;
     }
 
     public void setProjectId( int projectId )
     {
         this.projectId = projectId;
+    }
+
+    public String getProjectGroupName()
+        throws ContinuumException
+    {
+        if( projectGroupName == null || "".equals( projectGroupName ) )
+        {
+            projectGroupName = getContinuum().getProjectGroupByProjectId( projectId ).getName();
+        }
+
+        return projectGroupName;
+    }
+
+     public SecureActionBundle getSecureActionBundle()
+        throws SecureActionException {
+        SecureActionBundle bundle = new SecureActionBundle();
+        bundle.setRequiresAuthentication( true );
+
+        try
+        {
+            bundle.addRequiredAuthorization( ContinuumRoleConstants.CONTINUUM_BUILD_PROJECT_IN_GROUP_OPERATION,
+                    getProjectGroupName() );
+        }
+        catch ( ContinuumException e )
+        {
+            throw new SecureActionException( e.getMessage() );
+        }
+
+        return bundle;
     }
 }

Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ContinuumActionSupport.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ContinuumActionSupport.java?view=diff&rev=509415&r1=509414&r2=509415
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ContinuumActionSupport.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ContinuumActionSupport.java Mon Feb 19 18:41:37 2007
@@ -20,9 +20,18 @@
  */
 
 import org.apache.maven.continuum.Continuum;
+import org.apache.maven.continuum.web.exception.AuthenticationRequiredException;
+import org.apache.maven.continuum.web.exception.AuthorizationRequiredException;
+import org.apache.maven.continuum.security.ContinuumRoleConstants;
 import org.codehaus.plexus.xwork.action.PlexusActionSupport;
+import org.codehaus.plexus.security.system.SecuritySession;
+import org.codehaus.plexus.security.system.SecuritySystem;
+import org.codehaus.plexus.security.system.SecuritySystemConstants;
+import org.codehaus.plexus.security.authorization.AuthorizationException;
+import org.codehaus.plexus.component.repository.exception.ComponentLookupException;
 
 import com.opensymphony.xwork.Preparable;
+import com.opensymphony.xwork.ActionContext;
 
 /**
  * ContinuumActionSupport
@@ -33,7 +42,23 @@
 public class ContinuumActionSupport
     extends PlexusActionSupport
     implements Preparable
-{
+{       
+    private SecuritySession securitySession;
+
+    /**
+     * @plexus.requirement
+     */
+    private SecuritySystem securitySystem;
+
+    protected static final String REQUIRES_AUTHENTICATION = "requires-authentication";
+
+    protected static final String REQUIRES_AUTHORIZATION = "requires-authorization";
+
+    protected static final String ERROR_MSG_AUTHORIZATION_REQUIRED = "You are not authorized to access this page. " +
+        "Please contact your administrator to be granted the appropriate permissions.";
+
+    protected static final String ERROR_MSG_PROCESSING_AUTHORIZATION = "An error occurred while performing authorization.";
+
     /**
      * @plexus.requirement
      */
@@ -42,7 +67,10 @@
     public void prepare()
         throws Exception
     {
- 
+        if( securitySession == null )
+        {
+            securitySession = (SecuritySession) getContext().getSession().get( SecuritySystemConstants.SECURITY_SESSION_KEY );
+        }
     }
 
     public Continuum getContinuum()
@@ -53,5 +81,1128 @@
     public void setContinuum( Continuum continuum )
     {
         this.continuum = continuum;
+    }
+
+    /**
+     * Check if the current user is authorized to view the specified project group
+     *
+     * @param resource  the operation resource
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedViewProjectGroup( String resource )
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( resource != null && !"".equals( resource.trim() ) )
+            {
+                if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                        ContinuumRoleConstants.CONTINUUM_VIEW_GROUP_OPERATION, resource ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+            else
+            {
+                 if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                         ContinuumRoleConstants.CONTINUUM_VIEW_GROUP_OPERATION ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the current user is authorized to add a project group
+     *
+     * @param resource the operation resource
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedAddProjectGroup( String resource )
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( resource != null && !"".equals( resource.trim() ) )
+            {
+                if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                        ContinuumRoleConstants.CONTINUUM_ADD_GROUP_OPERATION, resource ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+            else
+            {
+                 if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                         ContinuumRoleConstants.CONTINUUM_ADD_GROUP_OPERATION ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the current user is authorized to delete the specified project group
+     *
+     * @param resource  the operation resource
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedRemoveProjectGroup( String resource )
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( resource != null && !"".equals( resource.trim() ) )
+            {
+                if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                        ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_OPERATION, resource ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+            else
+            {
+                 if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                         ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_OPERATION ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+        }
+        catch ( ComponentLookupException cle )                           
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the current user is authorized to build the specified project group
+     *
+     * @param resource  the operation resource
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedBuildProjectGroup( String resource )
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( resource != null && !"".equals( resource.trim() ) )
+            {
+                if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                        ContinuumRoleConstants.CONTINUUM_BUILD_GROUP_OPERATION, resource ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+            else
+            {
+                 if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                         ContinuumRoleConstants.CONTINUUM_BUILD_GROUP_OPERATION ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the current user is authorized to modify the specified project group
+     *
+     * @param resource  the operation resource
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedModifyProjectGroup( String resource )
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( resource != null && !"".equals( resource.trim() ) )
+            {
+                if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                        ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_OPERATION, resource ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+            else
+            {
+                 if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                         ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_OPERATION ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the current user is authorized to add a project to a specific project group
+     *
+     * @param resource  the operation resource
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedAddProjectToGroup( String resource )
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( resource != null && !"".equals( resource.trim() ) )
+            {
+                if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                        ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_TO_GROUP_OPERATION, resource ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+            else
+            {
+                 if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                         ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_TO_GROUP_OPERATION ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the current user is authorized to delete a project from a specified group
+     *
+     * @param resource  the operation resource
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedRemoveProjectFromGroup( String resource )
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( resource != null && !"".equals( resource.trim() ) )
+            {
+                if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                        ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_FROM_GROUP_OPERATION, resource ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+            else
+            {
+                 if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                         ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_FROM_GROUP_OPERATION ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the current user is authorized to modify a project in the specified group
+     *
+     * @param resource  the operation resource
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedModifyProjectInGroup( String resource )
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( resource != null && !"".equals( resource.trim() ) )
+            {
+                if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                        ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_IN_GROUP_OPERATION, resource ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+            else
+            {
+                 if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                         ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_IN_GROUP_OPERATION ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the current user is authorized to build a project in the specified group
+     *
+     * @param resource  the operation resource
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedBuildProjectInGroup( String resource )
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( resource != null && !"".equals( resource.trim() ) )
+            {
+                if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                        ContinuumRoleConstants.CONTINUUM_BUILD_PROJECT_IN_GROUP_OPERATION, resource ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+            else
+            {
+                 if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                         ContinuumRoleConstants.CONTINUUM_BUILD_PROJECT_IN_GROUP_OPERATION ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the current user is authorized to add a build definition for the specified
+     * project group
+     *
+     * @param resource  the operation resource
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedAddGroupBuildDefinition( String resource )
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( resource != null && !"".equals( resource.trim() ) )
+            {
+                if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                        ContinuumRoleConstants.CONTINUUM_ADD_GROUP_BUILD_DEFINTION_OPERATION, resource ) )
+                {
+                   throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+            else
+            {
+                 if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                         ContinuumRoleConstants.CONTINUUM_ADD_GROUP_BUILD_DEFINTION_OPERATION ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the current user is authorized to delete a build definition in the specified
+     * project group
+     *
+     * @param resource  the operation resource
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedRemoveGroupBuildDefinition( String resource )
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( resource != null && !"".equals( resource.trim() ) )
+            {
+                if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                        ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_BUILD_DEFINITION_OPERATION, resource ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+            else
+            {
+                 if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                         ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_BUILD_DEFINITION_OPERATION ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the current user is authorized to modify a build definition in the specified
+     * project group
+     *
+     * @param resource  the operation resource
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedModifyGroupBuildDefinition( String resource )
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( resource != null && !"".equals( resource.trim() ) )
+            {
+                if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                        ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_BUILD_DEFINITION_OPERATION, resource ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+            else
+            {
+                 if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                         ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_BUILD_DEFINITION_OPERATION ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the current user is authorized to add a group build definition to a specific
+     * project
+     *
+     * @param resource the operation resource
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedAddProjectBuildDefinition( String resource )
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( resource != null && !"".equals( resource.trim() ) )
+            {
+                if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                        ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_BUILD_DEFINTION_OPERATION, resource ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+            else
+            {
+                 if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                         ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_BUILD_DEFINTION_OPERATION ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the current user is authorized to modify a build definition of a specific project
+     *
+     * @param resource  the operation resource
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedModifyProjectBuildDefinition( String resource )
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( resource != null && !"".equals( resource.trim() ) )
+            {
+                if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                        ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_BUILD_DEFINITION_OPERATION, resource ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+            else
+            {
+                 if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                         ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_BUILD_DEFINITION_OPERATION ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the current user is authorized to delete a build definition of a specific
+     * project
+     *
+     * @param resource  the operation resource
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedRemoveProjectBuildDefinition( String resource )
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( resource != null && !"".equals( resource.trim() ) )
+            {
+                if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                        ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_BUILD_DEFINITION_OPERATION, resource ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+            else
+            {
+                 if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                         ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_BUILD_DEFINITION_OPERATION ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the current user is authorized to add a notifier to the specified
+     * project group
+     *
+     * @param resource  the operation resource
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedAddProjectGroupNotifier( String resource )
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( resource != null && !"".equals( resource.trim() ) )
+            {
+                if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                        ContinuumRoleConstants.CONTINUUM_ADD_GROUP_NOTIFIER_OPERATION, resource ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+            else
+            {
+                 if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                         ContinuumRoleConstants.CONTINUUM_ADD_GROUP_NOTIFIER_OPERATION ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the current user is authorized to delete a notifier in the specified
+     * project group
+     *
+     * @param resource  the operation resource
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedRemoveProjectGroupNotifier( String resource )
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( resource != null && !"".equals( resource.trim() ) )
+            {
+                if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                        ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_NOTIFIER_OPERATION, resource ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+            else
+            {
+                 if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                         ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_NOTIFIER_OPERATION ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the current user is authorized to modify a notifier in the specified
+     * project group
+     *
+     * @param resource  the operartion resource
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedModifyProjectGroupNotifier( String resource )
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( resource != null && !"".equals( resource.trim() ) )
+            {
+                if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                        ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_NOTIFIER_OPERATION, resource ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+            else
+            {
+                 if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                         ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_NOTIFIER_OPERATION ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the current user is authorized to add a notifier to a specific project
+     *
+     * @param resource  the operation resource
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedAddProjectNotifier( String resource )
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( resource != null && !"".equals( resource.trim() ) )
+            {
+                if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                        ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_NOTIFIER_OPERATION, resource ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+            else
+            {
+                 if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                         ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_NOTIFIER_OPERATION ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the current user is authorized to delete a notifier in a specific project
+     *
+     * @param resource  the operation resource
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedRemoveProjectNotifier( String resource )
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( resource != null && !"".equals( resource.trim() ) )
+            {
+                if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                        ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_NOTIFIER_OPERATION, resource ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+            else
+            {
+                 if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                         ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_NOTIFIER_OPERATION ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the current user is authorized to modify a notifier in a specific project
+     *
+     * @param resource  the operation resource
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedModifyProjectNotifier( String resource )
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( resource != null && !"".equals( resource.trim() ) )
+            {
+                if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                        ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_NOTIFIER_OPERATION, resource ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+            else
+            {
+                 if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                         ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_NOTIFIER_OPERATION ) )
+                {
+                    throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+                }
+            }
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the current user is authorized to manage the application's configuration
+     *
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedManageConfiguration()
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                    ContinuumRoleConstants.CONTINUUM_MANAGE_CONFIGURATION ) )
+            {
+                throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+            }
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the current user is authorized to manage the project build schedules
+     *
+     * @return
+     * @throws AuthenticationRequiredException
+     * @throws AuthorizationRequiredException
+     */
+    protected boolean isAuthorizedManageSchedules()
+        throws AuthenticationRequiredException, AuthorizationRequiredException
+    {
+        if( !isAuthenticated() )
+        {
+            throw new AuthenticationRequiredException( "Authentication required." );
+        }
+
+        try
+        {
+            if ( !getSecuritySystem().isAuthorized( getSecuritySession(),
+                                                    ContinuumRoleConstants.CONTINUUM_MANAGE_SCHEDULES ) )
+            {
+               throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
+            }
+        }
+        catch ( ComponentLookupException cle )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
+        }
+
+        return true;
+    }
+
+    /**
+     * Get the security session
+     *
+     * @return current SecuritySession
+     */
+    private SecuritySession getSecuritySession()
+    {
+
+        return securitySession;
+    }
+
+    /**
+     * Get the action context
+     *
+     * @return action context
+     */
+    private ActionContext getContext()
+    {
+
+        return ActionContext.getContext();
+    }
+
+    /**
+     * Get the security system
+     *
+     * @return
+     * @throws ComponentLookupException
+     */
+    private SecuritySystem getSecuritySystem()
+        throws ComponentLookupException
+    {
+
+        return securitySystem;
+    }
+
+    protected boolean requiresAuthentication()
+    {
+        return true;
+    }
+
+    /**
+     * Check if the current user is already authenticated
+     * 
+     * @return
+     */
+    public boolean isAuthenticated()
+    {
+        if ( requiresAuthentication() )
+        {
+            if ( getSecuritySession() == null || !getSecuritySession().isAuthenticated() )
+            {
+                return false;
+            }
+        }
+
+        return true;
     }
 }

Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/DeleteProjectAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/DeleteProjectAction.java?view=diff&rev=509415&r1=509414&r2=509415
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/DeleteProjectAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/DeleteProjectAction.java Mon Feb 19 18:41:37 2007
@@ -20,7 +20,11 @@
  */
 
 import org.apache.maven.continuum.ContinuumException;
+import org.apache.maven.continuum.security.ContinuumRoleConstants;
 import org.apache.maven.continuum.model.project.Project;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
 
 /**
  * @author <a href="mailto:evenisse@apache.org">Emmanuel Venisse</a>
@@ -32,6 +36,7 @@
  */
 public class DeleteProjectAction
     extends ContinuumActionSupport
+    implements SecureAction
 {
     private int projectId;
 
@@ -39,6 +44,8 @@
 
     private int projectGroupId;
 
+    private String projectGroupName = "";
+
     public String execute()
         throws ContinuumException
     {
@@ -50,6 +57,7 @@
     public String doDefault()
         throws ContinuumException
     {
+
         Project project = getContinuum().getProject( projectId );
         projectName = project.getName();
         
@@ -85,4 +93,41 @@
     {
         return projectGroupId;
     }
+
+    public String getProjectGroupName()
+        throws ContinuumException
+    {
+        if ( projectGroupName == null || "".equals( projectGroupName ) )
+        {
+            if ( projectGroupId != 0 )
+            {
+                projectGroupName = getContinuum().getProjectGroup( projectGroupId ).getName();
+            }
+            else
+            {
+                projectGroupName = getContinuum().getProjectGroupByProjectId( projectId ).getName();
+            }
+        }
+
+        return projectGroupName;
+    }
+
+    public SecureActionBundle getSecureActionBundle()
+        throws SecureActionException {
+        SecureActionBundle bundle = new SecureActionBundle();
+        bundle.setRequiresAuthentication( true );
+
+        try
+        {
+            bundle.addRequiredAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_FROM_GROUP_OPERATION,
+                    getProjectGroupName() );
+        }
+        catch ( ContinuumException e )
+        {
+            throw new SecureActionException( e.getMessage() );
+        }
+
+        return bundle;
+    }
+    
 }

Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/GroupSummaryAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/GroupSummaryAction.java?view=diff&rev=509415&r1=509414&r2=509415
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/GroupSummaryAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/GroupSummaryAction.java Mon Feb 19 18:41:37 2007
@@ -19,21 +19,14 @@
  * under the License.
  */
 
-import com.opensymphony.xwork.ActionContext;
 import org.apache.maven.continuum.ContinuumException;
 import org.apache.maven.continuum.model.project.BuildResult;
 import org.apache.maven.continuum.model.project.Project;
 import org.apache.maven.continuum.model.project.ProjectGroup;
-import org.apache.maven.continuum.security.ContinuumRoleConstants;
 import org.apache.maven.continuum.web.model.GroupSummary;
 import org.apache.maven.continuum.web.model.ProjectSummary;
-import org.codehaus.plexus.PlexusContainer;
-import org.codehaus.plexus.component.repository.exception.ComponentLookupException;
-import org.codehaus.plexus.security.authorization.AuthorizationException;
-import org.codehaus.plexus.security.system.SecuritySession;
-import org.codehaus.plexus.security.system.SecuritySystem;
-import org.codehaus.plexus.security.system.SecuritySystemConstants;
-import org.codehaus.plexus.xwork.PlexusLifecycleListener;
+import org.apache.maven.continuum.web.exception.AuthorizationRequiredException;
+import org.apache.maven.continuum.web.exception.AuthenticationRequiredException;
 
 import java.util.ArrayList;
 import java.util.Collection;
@@ -64,7 +57,7 @@
         {
             ProjectGroup projectGroup = (ProjectGroup) j.next();
 
-            if ( isAuthorized( projectGroup ) )
+            if ( isAuthorized( projectGroup.getName() ) )
             {
                 getLogger().debug( "GroupSummaryAction: building group " + projectGroup.getName() );
 
@@ -198,34 +191,19 @@
         this.infoMessage = infoMessage;
     }
 
-    private boolean isAuthorized( ProjectGroup projectGroup )
+    private boolean isAuthorized( String projectGroupName )
     {
-        // do the authz bit
-        ActionContext context = ActionContext.getContext();
-
-        PlexusContainer container = (PlexusContainer) context.getApplication().get( PlexusLifecycleListener.KEY );
-        SecuritySession securitySession =
-            (SecuritySession) context.getSession().get( SecuritySystemConstants.SECURITY_SESSION_KEY );
-
         try
         {
-            SecuritySystem securitySystem = (SecuritySystem) container.lookup( SecuritySystem.ROLE );
-
-            if ( !securitySystem.isAuthorized( securitySession, ContinuumRoleConstants.CONTINUUM_VIEW_GROUP_OPERATION,
-                                               projectGroup.getName() ) )
-            {
-                return false;
-            }
+            return isAuthorizedViewProjectGroup( projectGroupName );
         }
-        catch ( ComponentLookupException cle )
+        catch ( AuthorizationRequiredException authzE )
         {
             return false;
         }
-        catch ( AuthorizationException ae )
+        catch ( AuthenticationRequiredException authnE )
         {
             return false;
         }
-
-        return true;
     }
 }

Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ProjectEditAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ProjectEditAction.java?view=diff&rev=509415&r1=509414&r2=509415
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ProjectEditAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ProjectEditAction.java Mon Feb 19 18:41:37 2007
@@ -20,7 +20,11 @@
  */
 
 import org.apache.maven.continuum.ContinuumException;
+import org.apache.maven.continuum.security.ContinuumRoleConstants;
 import org.apache.maven.continuum.model.project.Project;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
 
 /**
  * @author <a href="mailto:evenisse@apache.org">Emmanuel Venisse</a>
@@ -32,6 +36,7 @@
  */
 public class ProjectEditAction
     extends ContinuumActionSupport
+    implements SecureAction
 {
 
     private Project project;
@@ -188,4 +193,30 @@
     {
         return scmUseCache;
     }
+
+    public String getProjectGroupName()
+        throws ContinuumException
+    {
+        return getProject( projectId ).getProjectGroup().getName();
+    }
+
+    public SecureActionBundle getSecureActionBundle()
+        throws SecureActionException
+    {
+        SecureActionBundle bundle = new SecureActionBundle();
+        bundle.setRequiresAuthentication( true );
+
+        try
+        {
+            bundle.addRequiredAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_IN_GROUP_OPERATION,
+                    getProjectGroupName() );
+        }
+        catch ( ContinuumException e )
+        {
+            throw new SecureActionException( e.getMessage() );
+        }
+
+        return bundle;
+    }
+
 }



Mime
View raw message