This project has retired. For details please refer to its
Attic page.
DefaultRoleManagementService xref
1 package org.apache.archiva.redback.rest.services;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21 import org.apache.archiva.redback.rbac.Permission;
22 import org.apache.archiva.redback.rbac.RBACManager;
23 import org.apache.archiva.redback.rbac.RbacManagerException;
24 import org.apache.archiva.redback.rbac.Resource;
25 import org.apache.archiva.redback.rbac.UserAssignment;
26 import org.apache.archiva.redback.role.RoleManager;
27 import org.apache.archiva.redback.role.RoleManagerException;
28 import org.apache.archiva.redback.role.model.ModelApplication;
29 import org.apache.archiva.redback.role.model.ModelRole;
30 import org.apache.archiva.redback.role.model.ModelTemplate;
31 import org.apache.archiva.redback.users.User;
32 import org.apache.archiva.redback.users.UserManager;
33 import org.apache.archiva.redback.users.UserManagerException;
34 import org.apache.archiva.redback.users.UserNotFoundException;
35 import org.apache.commons.lang.StringUtils;
36 import org.apache.archiva.redback.integration.model.AdminEditUserCredentials;
37 import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants;
38 import org.apache.archiva.redback.integration.util.RoleSorter;
39 import org.apache.archiva.redback.rest.api.model.Application;
40 import org.apache.archiva.redback.rest.api.model.ApplicationRoles;
41 import org.apache.archiva.redback.rest.api.model.ErrorMessage;
42 import org.apache.archiva.redback.rest.api.model.Role;
43 import org.apache.archiva.redback.rest.api.model.RoleTemplate;
44 import org.apache.archiva.redback.rest.api.services.RedbackServiceException;
45 import org.apache.archiva.redback.rest.api.services.RoleManagementService;
46 import org.slf4j.Logger;
47 import org.slf4j.LoggerFactory;
48 import org.springframework.stereotype.Service;
49
50 import javax.inject.Inject;
51 import javax.inject.Named;
52 import javax.ws.rs.core.Response;
53 import java.util.ArrayList;
54 import java.util.Arrays;
55 import java.util.Collection;
56 import java.util.Collections;
57 import java.util.HashSet;
58 import java.util.List;
59 import java.util.Map;
60 import java.util.Set;
61
62
63
64
65
66 @Service("roleManagementService#rest")
67 public class DefaultRoleManagementService
68 implements RoleManagementService
69 {
70
71 private Logger log = LoggerFactory.getLogger( getClass() );
72
73 private RoleManager roleManager;
74
75 private RBACManager rbacManager;
76
77 private UserManager userManager;
78
79 @Inject
80 public DefaultRoleManagementService( RoleManager roleManager,
81 @Named(value = "rbacManager#default") RBACManager rbacManager,
82 @Named(value = "userManager#default") UserManager userManager )
83 {
84 this.roleManager = roleManager;
85 this.rbacManager = rbacManager;
86 this.userManager = userManager;
87
88 log.debug( "use rbacManager impl: {}", rbacManager.getClass().getName() );
89 log.debug( "use userManager impl: {}", userManager.getClass().getName() );
90 }
91
92 public Boolean createTemplatedRole( String templateId, String resource )
93 throws RedbackServiceException
94 {
95 try
96 {
97 roleManager.createTemplatedRole( templateId, resource );
98 }
99 catch ( RoleManagerException e )
100 {
101 throw new RedbackServiceException( e.getMessage() );
102 }
103 return Boolean.TRUE;
104 }
105
106 public Boolean removeTemplatedRole( String templateId, String resource )
107 throws RedbackServiceException
108 {
109
110 try
111 {
112 roleManager.removeTemplatedRole( templateId, resource );
113 }
114 catch ( RoleManagerException e )
115 {
116 throw new RedbackServiceException( e.getMessage() );
117 }
118 return Boolean.TRUE;
119 }
120
121 public Boolean updateRole( String templateId, String oldResource, String newResource )
122 throws RedbackServiceException
123 {
124 try
125 {
126 roleManager.updateRole( templateId, oldResource, newResource );
127 }
128 catch ( RoleManagerException e )
129 {
130 throw new RedbackServiceException( e.getMessage() );
131 }
132 return Boolean.TRUE;
133 }
134
135 public Boolean assignRole( String roleId, String principal )
136 throws RedbackServiceException
137 {
138 try
139 {
140 roleManager.assignRole( roleId, principal );
141 }
142 catch ( RoleManagerException e )
143 {
144 throw new RedbackServiceException( e.getMessage() );
145 }
146 return Boolean.TRUE;
147 }
148
149 public Boolean assignRoleByName( String roleName, String principal )
150 throws RedbackServiceException
151 {
152 try
153 {
154 roleManager.assignRoleByName( roleName, principal );
155 }
156 catch ( RoleManagerException e )
157 {
158 throw new RedbackServiceException( e.getMessage() );
159 }
160 return Boolean.TRUE;
161 }
162
163 public Boolean assignTemplatedRole( String templateId, String resource, String principal )
164 throws RedbackServiceException
165 {
166 try
167 {
168 roleManager.assignTemplatedRole( templateId, resource, principal );
169 }
170 catch ( RoleManagerException e )
171 {
172 throw new RedbackServiceException( e.getMessage() );
173 }
174 return Boolean.TRUE;
175 }
176
177 public Boolean unassignRole( String roleId, String principal )
178 throws RedbackServiceException
179 {
180 try
181 {
182 roleManager.unassignRole( roleId, principal );
183 }
184 catch ( RoleManagerException e )
185 {
186 throw new RedbackServiceException( e.getMessage() );
187 }
188 return Boolean.TRUE;
189 }
190
191 public Boolean unassignRoleByName( String roleName, String principal )
192 throws RedbackServiceException
193 {
194 try
195 {
196 roleManager.unassignRoleByName( roleName, principal );
197 }
198 catch ( RoleManagerException e )
199 {
200 throw new RedbackServiceException( e.getMessage() );
201 }
202 return Boolean.TRUE;
203 }
204
205 public Boolean roleExists( String roleId )
206 throws RedbackServiceException
207 {
208 try
209 {
210 return roleManager.roleExists( roleId );
211 }
212 catch ( RoleManagerException e )
213 {
214 throw new RedbackServiceException( e.getMessage() );
215 }
216 }
217
218 public Boolean templatedRoleExists( String templateId, String resource )
219 throws RedbackServiceException
220 {
221 try
222 {
223 return roleManager.templatedRoleExists( templateId, resource );
224 }
225 catch ( RoleManagerException e )
226 {
227 throw new RedbackServiceException( e.getMessage() );
228 }
229
230 }
231
232 public Boolean verifyTemplatedRole( String templateId, String resource )
233 throws RedbackServiceException
234 {
235 try
236 {
237 roleManager.verifyTemplatedRole( templateId, resource );
238 }
239 catch ( RoleManagerException e )
240 {
241 throw new RedbackServiceException( e.getMessage() );
242 }
243 return Boolean.TRUE;
244 }
245
246 public List<Role> getEffectivelyAssignedRoles( String username )
247 throws RedbackServiceException
248 {
249 if ( StringUtils.isEmpty( username ) )
250 {
251 throw new RedbackServiceException( new ErrorMessage( "user.cannot.be.null" ) );
252 }
253 try
254 {
255 List<org.apache.archiva.redback.rbac.Role> roles =
256 filterAssignableRoles( rbacManager.getEffectivelyAssignedRoles( username ) );
257
258 List<Role> effectivelyAssignedRoles = new ArrayList<Role>( roles.size() );
259
260 for ( org.apache.archiva.redback.rbac.Role r : roles )
261 {
262 effectivelyAssignedRoles.add( new Role( r ) );
263 }
264 return effectivelyAssignedRoles;
265 }
266 catch ( RbacManagerException rme )
267 {
268
269 }
270 return new ArrayList<Role>( 0 );
271 }
272
273
274 public List<Application> getApplications( String username )
275 throws RedbackServiceException
276 {
277
278 List<ModelApplication> modelApplications = roleManager.getModel().getApplications();
279
280 List<Application> applications = new ArrayList<Application>( modelApplications.size() );
281
282 for ( ModelApplication modelApplication : modelApplications )
283 {
284 Application application = new Application();
285 application.setDescription( modelApplication.getDescription() );
286 application.setId( modelApplication.getId() );
287 application.setLongDescription( modelApplication.getLongDescription() );
288 application.setVersion( modelApplication.getVersion() );
289 applications.add( application );
290 }
291
292 return applications;
293 }
294
295 public List<Role> getAllRoles()
296 throws RedbackServiceException
297 {
298 try
299 {
300 List<org.apache.archiva.redback.rbac.Role> roles = rbacManager.getAllRoles();
301
302 if ( roles == null )
303 {
304 return Collections.emptyList();
305 }
306
307 roles = filterRolesForCurrentUserAccess( roles );
308
309 List<Role> res = new ArrayList<Role>( roles.size() );
310
311 for ( org.apache.archiva.redback.rbac.Role r : roles )
312 {
313 res.add( new Role( r ) );
314 }
315 return res;
316
317 }
318 catch ( RbacManagerException e )
319 {
320 throw new RedbackServiceException( e.getMessage() );
321 }
322 }
323
324 public List<Role> getDetailedAllRoles()
325 throws RedbackServiceException
326 {
327 try
328 {
329 List<org.apache.archiva.redback.rbac.Role> roles = rbacManager.getAllRoles();
330
331 if ( roles == null )
332 {
333 return Collections.emptyList();
334 }
335
336 roles = filterRolesForCurrentUserAccess( roles );
337
338 List<Role> res = new ArrayList<Role>( roles.size() );
339
340 for ( org.apache.archiva.redback.rbac.Role r : roles )
341 {
342 res.add( getRole( r.getName() ) );
343 }
344 return res;
345
346 }
347 catch ( RbacManagerException e )
348 {
349 throw new RedbackServiceException( e.getMessage() );
350 }
351 }
352
353 private List<org.apache.archiva.redback.rbac.Role> filterAssignableRoles(
354 Collection<org.apache.archiva.redback.rbac.Role> roles )
355 {
356 List<org.apache.archiva.redback.rbac.Role> assignableRoles =
357 new ArrayList<org.apache.archiva.redback.rbac.Role>( roles.size() );
358 for ( org.apache.archiva.redback.rbac.Role r : roles )
359 {
360 if ( r.isAssignable() )
361 {
362 assignableRoles.add( r );
363 }
364 }
365 return assignableRoles;
366 }
367
368 public Role getRole( String roleName )
369 throws RedbackServiceException
370 {
371 try
372 {
373 org.apache.archiva.redback.rbac.Role rbacRole = rbacManager.getRole( roleName );
374 Role role = new Role( rbacRole );
375
376 Map<String, org.apache.archiva.redback.rbac.Role> parentRoles = rbacManager.getParentRoles( rbacRole );
377 for ( String parentRoleName : parentRoles.keySet() )
378 {
379 role.getParentRoleNames().add( parentRoleName );
380 }
381
382 List<UserAssignment> userAssignments = rbacManager.getUserAssignmentsForRoles( Arrays.asList( roleName ) );
383
384 if ( userAssignments != null )
385 {
386 for ( UserAssignment userAssignment : userAssignments )
387 {
388 try
389 {
390 User user = userManager.findUser( userAssignment.getPrincipal() );
391 role.getUsers().add( new org.apache.archiva.redback.rest.api.model.User( user ) );
392 }
393 catch ( UserNotFoundException e )
394 {
395 log.warn( "User '" + userAssignment.getPrincipal() + "' doesn't exist.", e );
396 }
397 }
398 }
399
400 if ( !role.getParentRoleNames().isEmpty() )
401 {
402 List<UserAssignment> userParentAssignments =
403 rbacManager.getUserAssignmentsForRoles( parentRoles.keySet() );
404 if ( userParentAssignments != null )
405 {
406 for ( UserAssignment userAssignment : userParentAssignments )
407 {
408 try
409 {
410 User user = userManager.findUser( userAssignment.getPrincipal() );
411 role.getParentsRolesUsers().add(
412 new org.apache.archiva.redback.rest.api.model.User( user ) );
413 }
414 catch ( UserNotFoundException e )
415 {
416 log.warn( "User '" + userAssignment.getPrincipal() + "' doesn't exist.", e );
417 }
418 }
419 }
420 }
421
422 List<org.apache.archiva.redback.rest.api.model.User> otherUsers =
423 new ArrayList<org.apache.archiva.redback.rest.api.model.User>();
424 for ( User u : userManager.getUsers() )
425 {
426 org.apache.archiva.redback.rest.api.model.User user =
427 new org.apache.archiva.redback.rest.api.model.User( u );
428 if ( role.getParentsRolesUsers().contains( user ) )
429 {
430 continue;
431 }
432 if ( role.getUsers().contains( user ) )
433 {
434 continue;
435 }
436 otherUsers.add( user );
437 }
438
439 role.setOtherUsers( otherUsers );
440
441 return role;
442 }
443 catch ( RbacManagerException e )
444 {
445 throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
446 }
447 catch ( UserManagerException e )
448 {
449 throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
450 }
451 }
452
453 public Boolean updateRoleDescription( String roleName, String description )
454 throws RedbackServiceException
455 {
456 try
457 {
458 org.apache.archiva.redback.rbac.Role rbacRole = rbacManager.getRole( roleName );
459 rbacRole.setDescription( description );
460 rbacManager.saveRole( rbacRole );
461 }
462 catch ( RbacManagerException e )
463 {
464 throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
465 }
466 return Boolean.TRUE;
467 }
468
469 public Boolean updateRoleUsers( Role role )
470 throws RedbackServiceException
471 {
472
473 for ( org.apache.archiva.redback.rest.api.model.User user : role.getUsers() )
474 {
475 String username = user.getUsername();
476
477 try
478 {
479
480 if ( !userManager.userExists( username ) )
481 {
482 log.error( "user {} not exits", username );
483 throw new RedbackServiceException(
484 new ErrorMessage( "user.not.exists", new String[]{ username } ) );
485 }
486
487 UserAssignment assignment;
488
489 if ( rbacManager.userAssignmentExists( username ) )
490 {
491 assignment = rbacManager.getUserAssignment( username );
492 }
493 else
494 {
495 assignment = rbacManager.createUserAssignment( username );
496 }
497
498 assignment.addRoleName( role.getName() );
499 assignment = rbacManager.saveUserAssignment( assignment );
500 log.info( "{} role assigned to {}", role.getName(), username );
501 }
502 catch ( RbacManagerException e )
503 {
504 log.error( "error during assign role " + role.getName() + " to user " + username, e );
505 throw new RedbackServiceException(
506 new ErrorMessage( "error.assign.role.user", new String[]{ role.getName(), username } ) );
507 }
508 catch ( UserManagerException e )
509 {
510 throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
511 }
512 }
513
514 for ( org.apache.archiva.redback.rest.api.model.User user : role.getRemovedUsers() )
515 {
516 String username = user.getUsername();
517
518 try
519 {
520
521 if ( !userManager.userExists( username ) )
522 {
523 log.error( "user {} not exits", username );
524 throw new RedbackServiceException(
525 new ErrorMessage( "user.not.exists", new String[]{ username } ) );
526 }
527
528 UserAssignment assignment;
529
530 if ( rbacManager.userAssignmentExists( username ) )
531 {
532 assignment = rbacManager.getUserAssignment( username );
533 }
534 else
535 {
536 assignment = rbacManager.createUserAssignment( username );
537 }
538
539 assignment.removeRoleName( role.getName() );
540 assignment = rbacManager.saveUserAssignment( assignment );
541 log.info( "{} role unassigned to {}", role.getName(), username );
542 }
543 catch ( RbacManagerException e )
544 {
545 log.error( "error during unassign role " + role.getName() + " to user " + username, e );
546 throw new RedbackServiceException(
547 new ErrorMessage( "error.unassign.role.user", new String[]{ role.getName(), username } ) );
548 }
549 catch ( UserManagerException e )
550 {
551 throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
552 }
553 }
554
555 return Boolean.TRUE;
556 }
557
558 public List<ApplicationRoles> getApplicationRoles( String username )
559 throws RedbackServiceException
560 {
561 AdminEditUserCredentials user = null;
562 if ( StringUtils.isEmpty( username ) )
563 {
564 throw new RedbackServiceException( new ErrorMessage( "rbac.edit.user.empty.principal" ) );
565 }
566
567 try
568 {
569 if ( !userManager.userExists( username ) )
570 {
571 throw new RedbackServiceException(
572 new ErrorMessage( "user.does.not.exist", new String[]{ username } ) );
573 }
574
575 User u = userManager.findUser( username );
576
577 if ( u == null )
578 {
579 throw new RedbackServiceException( new ErrorMessage( "cannot.operate.on.null.user" ) );
580 }
581
582 user = new AdminEditUserCredentials( u );
583 }
584 catch ( UserNotFoundException e )
585 {
586 throw new RedbackServiceException(
587 new ErrorMessage( "user.does.not.exist", new String[]{ username, e.getMessage() } ) );
588 }
589 catch ( UserManagerException e )
590 {
591 throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
592 }
593 try
594 {
595
596 if ( !rbacManager.userAssignmentExists( username ) )
597 {
598 UserAssignment assignment = rbacManager.createUserAssignment( username );
599 rbacManager.saveUserAssignment( assignment );
600 }
601
602 List<org.apache.archiva.redback.rbac.Role> allRoles =
603 filterRolesForCurrentUserAccess( rbacManager.getAllRoles() );
604
605 List<ModelApplication> modelApplications = roleManager.getModel().getApplications();
606
607 List<ApplicationRoles> applicationRolesList = new ArrayList<ApplicationRoles>( modelApplications.size() );
608
609 for ( ModelApplication modelApplication : modelApplications )
610 {
611 ApplicationRoles applicationRoles = new ApplicationRoles();
612
613 applicationRoles.setDescription( modelApplication.getDescription() );
614 applicationRoles.setName( modelApplication.getId() );
615
616 Collection<org.apache.archiva.redback.rbac.Role> appRoles =
617 filterApplicationRoles( modelApplication, allRoles, modelApplication.getTemplates() );
618
619 applicationRoles.setGlobalRoles( toRoleNames( appRoles ) );
620
621 Set<String> resources = discoverResources( modelApplication.getTemplates(), appRoles );
622
623 applicationRoles.setResources( resources );
624
625 applicationRoles.setRoleTemplates( toRoleTemplates( modelApplication.getTemplates() ) );
626
627
628
629 List<String> appRoleNames = new ArrayList<String>( appRoles.size() );
630
631 for ( String appRoleName : applicationRoles.getGlobalRoles() )
632 {
633 if ( !roleFromTemplate( appRoleName, modelApplication.getTemplates() ) )
634 {
635 appRoleNames.add( appRoleName );
636 }
637 }
638
639 applicationRoles.setGlobalRoles( appRoleNames );
640
641 applicationRolesList.add( applicationRoles );
642 }
643
644 return applicationRolesList;
645
646 }
647 catch ( RbacManagerException e )
648 {
649 RedbackServiceException redbackServiceException =
650 new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
651 redbackServiceException.setHttpErrorCode( Response.Status.INTERNAL_SERVER_ERROR.getStatusCode() );
652 throw redbackServiceException;
653 }
654 }
655
656 public Boolean updateUserRoles( org.apache.archiva.redback.rest.api.model.User user )
657 throws RedbackServiceException
658 {
659
660 String username = user.getUsername();
661
662 if ( StringUtils.isEmpty( username ) )
663 {
664 throw new RedbackServiceException( new ErrorMessage( "rbac.edit.user.empty.principal" ) );
665 }
666
667 try
668 {
669
670 if ( !userManager.userExists( username ) )
671 {
672 throw new RedbackServiceException(
673 new ErrorMessage( "user.does.not.exist", new String[]{ username } ) );
674 }
675
676 User u = userManager.findUser( username );
677
678 if ( u == null )
679 {
680 throw new RedbackServiceException( new ErrorMessage( "cannot.operate.on.null.user" ) );
681 }
682
683 }
684 catch ( UserNotFoundException e )
685 {
686 throw new RedbackServiceException(
687 new ErrorMessage( "user.does.not.exist", new String[]{ username, e.getMessage() } ) );
688 }
689 catch ( UserManagerException e )
690 {
691 throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
692 }
693
694 try
695 {
696
697 UserAssignment assignment;
698
699 if ( rbacManager.userAssignmentExists( username ) )
700 {
701 assignment = rbacManager.getUserAssignment( username );
702 }
703 else
704 {
705 assignment = rbacManager.createUserAssignment( username );
706 }
707
708 assignment.setRoleNames( user.getAssignedRoles() );
709
710 assignment = rbacManager.saveUserAssignment( assignment );
711
712 }
713 catch ( RbacManagerException e )
714 {
715 RedbackServiceException redbackServiceException =
716 new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
717 redbackServiceException.setHttpErrorCode( Response.Status.INTERNAL_SERVER_ERROR.getStatusCode() );
718 throw redbackServiceException;
719 }
720
721 return Boolean.TRUE;
722
723 }
724
725
726
727
728
729 private org.apache.archiva.redback.rbac.Role isInList( String roleName,
730 Collection<org.apache.archiva.redback.rbac.Role> roles )
731 {
732 for ( org.apache.archiva.redback.rbac.Role role : roles )
733 {
734 if ( roleName.equals( role.getName() ) )
735 {
736 return role;
737 }
738 }
739 return null;
740 }
741
742 private Collection<org.apache.archiva.redback.rbac.Role> filterApplicationRoles( ModelApplication application,
743 List<org.apache.archiva.redback.rbac.Role> allRoles,
744 List<ModelTemplate> applicationTemplates )
745 {
746 Set<org.apache.archiva.redback.rbac.Role> applicationRoles =
747 new HashSet<org.apache.archiva.redback.rbac.Role>();
748 List<ModelRole> roles = application.getRoles();
749
750 for ( ModelRole modelRole : roles )
751 {
752 org.apache.archiva.redback.rbac.Role r = isInList( modelRole.getName(), allRoles );
753 if ( r != null )
754 {
755 applicationRoles.add( r );
756 }
757 }
758
759 List<String> roleNames = toRoleNames( allRoles );
760
761 for ( ModelTemplate modelTemplate : applicationTemplates )
762 {
763 for ( org.apache.archiva.redback.rbac.Role r : allRoles )
764 {
765 if ( StringUtils.startsWith( r.getName(),
766 modelTemplate.getNamePrefix() + modelTemplate.getDelimiter() ) )
767 {
768 applicationRoles.add( r );
769 }
770 }
771 }
772
773 return applicationRoles;
774 }
775
776 private boolean roleFromTemplate( String roleName, List<ModelTemplate> applicationTemplates )
777 {
778
779 for ( ModelTemplate modelTemplate : applicationTemplates )
780 {
781 if ( StringUtils.startsWith( roleName, modelTemplate.getNamePrefix() + modelTemplate.getDelimiter() ) )
782 {
783 return true;
784 }
785
786 }
787 return false;
788 }
789
790 private List<String> toRoleNames( Collection<org.apache.archiva.redback.rbac.Role> roles )
791 {
792 List<String> names = new ArrayList<String>( roles.size() );
793
794 for ( org.apache.archiva.redback.rbac.Role r : roles )
795 {
796 names.add( r.getName() );
797 }
798
799 return names;
800 }
801
802 private List<RoleTemplate> toRoleTemplates( List<ModelTemplate> modelTemplates )
803 {
804 if ( modelTemplates == null || modelTemplates.isEmpty() )
805 {
806 return new ArrayList<RoleTemplate>( 0 );
807 }
808
809 List<RoleTemplate> roleTemplates = new ArrayList<RoleTemplate>( modelTemplates.size() );
810
811 for ( ModelTemplate modelTemplate : modelTemplates )
812 {
813 RoleTemplate roleTemplate = new RoleTemplate();
814
815 roleTemplate.setDelimiter( modelTemplate.getDelimiter() );
816 roleTemplate.setDescription( modelTemplate.getDescription() );
817 roleTemplate.setId( modelTemplate.getId() );
818 roleTemplate.setNamePrefix( modelTemplate.getNamePrefix() );
819
820 roleTemplates.add( roleTemplate );
821 }
822
823 return roleTemplates;
824 }
825
826 private Set<String> discoverResources( List<ModelTemplate> applicationTemplates,
827 Collection<org.apache.archiva.redback.rbac.Role> roles )
828 {
829 Set<String> resources = new HashSet<String>();
830 for ( ModelTemplate modelTemplate : applicationTemplates )
831 {
832 for ( org.apache.archiva.redback.rbac.Role role : roles )
833 {
834 String roleName = role.getName();
835 if ( roleName.startsWith( modelTemplate.getNamePrefix() ) )
836 {
837 String delimiter = modelTemplate.getDelimiter();
838 resources.add( roleName.substring( roleName.indexOf( delimiter ) + delimiter.length() ) );
839 }
840 }
841 }
842 return resources;
843 }
844
845
846
847
848
849
850
851
852
853
854
855
856 protected List<org.apache.archiva.redback.rbac.Role> filterRolesForCurrentUserAccess(
857 List<org.apache.archiva.redback.rbac.Role> roleList )
858 throws RedbackServiceException
859 {
860 RedbackRequestInformation redbackRequestInformation = RedbackAuthenticationThreadLocal.get();
861
862 if ( redbackRequestInformation == null || redbackRequestInformation.getUser() == null )
863 {
864 throw new RedbackServiceException( new ErrorMessage( "login.mandatory" ) );
865 }
866 String currentUser = redbackRequestInformation.getUser().getUsername();
867
868 List<org.apache.archiva.redback.rbac.Role> filteredRoleList =
869 new ArrayList<org.apache.archiva.redback.rbac.Role>();
870 try
871 {
872 Map<String, List<Permission>> assignedPermissionMap = rbacManager.getAssignedPermissionMap( currentUser );
873 List<String> resourceGrants = new ArrayList<String>();
874
875 if ( assignedPermissionMap.containsKey( RedbackRoleConstants.USER_MANAGEMENT_ROLE_GRANT_OPERATION ) )
876 {
877 List<Permission> roleGrantPermissions =
878 assignedPermissionMap.get( RedbackRoleConstants.USER_MANAGEMENT_ROLE_GRANT_OPERATION );
879
880 for ( Permission permission : roleGrantPermissions )
881 {
882 if ( permission.getResource().getIdentifier().equals( Resource.GLOBAL ) )
883 {
884
885 return roleList;
886 }
887 else
888 {
889 resourceGrants.add( permission.getResource().getIdentifier() );
890 }
891 }
892
893 }
894 else
895 {
896 return Collections.emptyList();
897 }
898
899 String delimiter = " - ";
900
901
902
903 for ( org.apache.archiva.redback.rbac.Role role : roleList )
904 {
905 int delimiterIndex = role.getName().indexOf( delimiter );
906 for ( String resourceIdentifier : resourceGrants )
907 {
908
909 if ( ( role.getName().indexOf( resourceIdentifier ) != -1 ) && ( delimiterIndex != -1 ) )
910 {
911 String resourceName = role.getName().substring( delimiterIndex + delimiter.length() );
912 if ( resourceName.equals( resourceIdentifier ) )
913 {
914 filteredRoleList.add( role );
915 }
916 }
917 }
918 }
919 }
920 catch ( RbacManagerException rme )
921 {
922
923 }
924 Collections.sort( filteredRoleList, new RoleSorter() );
925 return filteredRoleList;
926 }
927
928
929 }