public String getName() { return this.role.getName(); }
public Role( org.apache.archiva.redback.rbac.Role role ) { this.name = role.getName(); this.description = role.getDescription(); this.assignable = role.isAssignable(); this.childRoleNames = role.getChildRoleNames() == null ? new ArrayList<String>( 0 ) : new ArrayList<String>( role.getChildRoleNames() ); if ( role.getPermissions() == null ) { this.permissions = new ArrayList<Permission>( 0 ); } else { for ( org.apache.archiva.redback.rbac.Permission p : role.getPermissions() ) { this.permissions.add( new Permission( p ) ); } } }
public void addChildRole( Role role, Role childRole ) throws RbacObjectInvalidException, RbacManagerException { saveRole( childRole ); role.addChildRoleName( childRole.getName() ); }
public void removeRole( Role role ) throws RbacManagerException, RbacObjectNotFoundException { RBACObjectAssertions.assertValid( "Remove Role", role ); if ( role.isPermanent() ) { throw new RbacPermanentException( "Unable to delete permanent role [" + role.getName() + "]" ); } assertRoleExists( role.getName() ); fireRbacRoleRemoved( role ); roles.remove( role.getName() ); }
allRoleNames.add( role.getName() ); role.setDescription( roleProfile.getDescription() ); role.setPermanent( roleProfile.isPermanent() ); role.setAssignable( roleProfile.isAssignable() ); role.addPermission( permission ); role.addChildRoleName( childRoleProfile.getName() ); allRoleNames.add( role.getName() ); parentRole.addChildRoleName( role.getName() ); rbacManager.saveRole( parentRole ); allRoleNames.add( parentRole.getName() ); if ( !role.getPermissions().contains( permission ) ) log.info( "Adding new permission '{}' to role '{}'", permission.getName(), role.getName() ); role.addPermission( permission ); changed = true; List<Permission> oldPermissions = new ArrayList<Permission>( role.getPermissions() ); for ( Permission permission : oldPermissions ) "Removing old permission '{}' from role '{}'", permission.getName(), role.getName() ); role.removePermission( permission ); changed = true;
@Test public void testAddGetRole() throws RbacManagerException { assertNotNull( rbacManager ); rbacManager.eraseDatabase(); eventTracker.rbacInit( true ); Role adminRole = rbacManager.saveRole( getAdminRole() ); Role develRole = rbacManager.saveRole( getDeveloperRole() ); assertEquals( 2, rbacManager.getAllRoles().size() ); Role actualAdmin = rbacManager.getRole( adminRole.getName() ); Role actualDevel = rbacManager.getRole( develRole.getName() ); assertEquals( adminRole.getName(), actualAdmin.getName() ); assertEquals( adminRole.getChildRoleNames(), actualAdmin.getChildRoleNames() ); assertEquals( develRole, actualDevel ); /* Assert some event tracker stuff */ assertEventTracker( 2, 0, 2, 0, true, true ); }
throws RbacObjectNotFoundException, RbacManagerException if ( role.hasChildRoles() ) for ( String roleName : role.getChildRoleNames() ) log.warn( "dangling child role: {} on {}", roleName, role.getName() );
public static void assertValid( String scope, Role role ) throws RbacObjectInvalidException { if ( role == null ) { throw new RbacObjectInvalidException( scope, "Null Role object is invalid." ); } if ( StringUtils.isEmpty( role.getName() ) ) { throw new RbacObjectInvalidException( scope, "Role.name must not be empty." ); } if ( role.getPermissions() != null ) { int i = 0; for ( Permission perm : role.getPermissions() ) { assertValid( "Role.permissions[" + i + "]", perm ); i++; } } }
@Test public void testAddGetChildRoleViaName() throws RbacManagerException { RBACManager manager = rbacManager; rbacManager.eraseDatabase(); eventTracker.rbacInit( true ); assertNotNull( manager ); Role adminRole = manager.saveRole( getAdminRole() ); Role develRole = manager.saveRole( getDeveloperRole() ); assertEquals( 2, manager.getAllRoles().size() ); Role actualAdmin = manager.getRole( adminRole.getName() ); Role actualDevel = manager.getRole( develRole.getName() ); assertEquals( adminRole.getName(), actualAdmin.getName() ); assertEquals( adminRole.getChildRoleNames(), actualAdmin.getChildRoleNames() ); assertEquals( develRole, actualDevel ); // Now do a child role. Role projectRole = getProjectAdminRole(); String projectRoleName = projectRole.getName(); manager.saveRole( projectRole ); develRole.addChildRoleName( projectRoleName ); manager.saveRole( develRole ); assertEquals( 3, manager.getAllRoles().size() ); /* Assert some event tracker stuff */ assertEventTracker( 3, 0, 3, 0, true, true ); }
Iterator<String> it = role.getChildRoleNames().listIterator(); List<String> updatedChildRoleList = new ArrayList<String>( role.getChildRoleNames().size() ); childRoles.put( child.getName(), child ); updatedChildRoleList.add( roleName ); role.setChildRoleNames( updatedChildRoleList ); saveRole( role );
adminRole.setPermanent( true ); Role actualAdmin = rbacManager.getRole( adminRole.getName() ); Role actualDevel = rbacManager.getRole( develRole.getName() ); assertEquals( adminRole.getName(), actualAdmin.getName() ); assertEquals( adminRole.getChildRoleNames(), actualAdmin.getChildRoleNames() ); assertEquals( develRole, actualDevel ); rbacManager.removeRole( adminRole.getName() );
public List<Role> getAllAssignableRoles() throws RbacManagerException, RbacObjectNotFoundException { List<Role> assignableRoles = new ArrayList<Role>(); for ( Role r : getAllRoles() ) { Role role = getRole( r.getName() ); if ( role.isAssignable() ) { assignableRoles.add( role ); } } return assignableRoles; }
devPlusRole.setChildRoleNames( Collections.singletonList( devRole.getName() ) ); manager.saveRole( devRole ); manager.saveRole( devPlusRole ); assignment.addRoleName( devRole.getName() ); manager.saveUserAssignment( assignment );
private void gatherUniquePermissions( Role role, Collection<Permission> coll ) throws RbacManagerException { if ( role.getPermissions() != null ) { for ( Permission permission : role.getPermissions() ) { if ( !coll.contains( permission ) ) { coll.add( permission ); } } } if ( role.hasChildRoles() ) { Map<String, Role> childRoles = getChildRoles( role ); Iterator<Role> it = childRoles.values().iterator(); while ( it.hasNext() ) { Role child = it.next(); gatherUniquePermissions( child, coll ); } } }
public class AppAuthProvider implements AuthenticationProvider { private static final String PERMISSION_PREFIX = "ROLE_PERMISSION_"; // get the logging user info @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { Collection<GrantedAuthority> permissions = new HashSet<GrantedAuthority>(); for (Role role : user.getRole()) { for (Permission perm : role.getPermissions()) { GrantedAuthority permission = new SimpleGrantedAuthority(PERMISSION_PREFIX + perm.getPermissionName()); permissions.add(permission); } } UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(user, null, permissions); // user object you get from service/repository return authToken; } }
private Role getAdminRole() throws RbacManagerException { Role role = rbacManager.createRole( "ADMIN" ); role.setAssignable( false ); Permission perm = rbacManager.createPermission( "EDIT_ANY_USER", "EDIT", "User:*" ); role.addPermission( perm ); return role; }
for ( Permission permission : role.getPermissions() ) role.setPermissions( permissions );
userAdmin.addPermission( manager.getPermission( "Edit All Users" ) ); userAdmin.addPermission( manager.getPermission( "Remove Roles" ) ); userAdmin.setAssignable( true ); manager.saveRole( userAdmin ); admin.addChildRoleName( "User Administrator" ); admin.addPermission( manager.getPermission( "Edit Configuration" ) ); admin.addPermission( manager.getPermission( "Run Indexer" ) ); admin.addPermission( manager.getPermission( "Add Repository" ) ); admin.addPermission( manager.getPermission( "Regenerate Index" ) ); admin.setAssignable( true ); manager.saveRole( admin ); developer.addChildRoleName( "System Administrator" ); developer.addPermission( manager.getPermission( "Run Indexer" ) ); developer.setAssignable( true ); manager.saveRole( developer ); developer.addChildRoleName( "Trusted Developer" ); developer.addPermission( manager.getPermission( "Run Indexer" ) ); developer.setAssignable( true ); manager.saveRole( developer );
private List<org.apache.archiva.redback.rbac.Role> filterAssignableRoles( Collection<org.apache.archiva.redback.rbac.Role> roles ) { List<org.apache.archiva.redback.rbac.Role> assignableRoles = new ArrayList<org.apache.archiva.redback.rbac.Role>( roles.size() ); for ( org.apache.archiva.redback.rbac.Role r : roles ) { if ( r.isAssignable() ) { assignableRoles.add( r ); } } return assignableRoles; }
@Test public void testAddGetPermission() throws RbacManagerException { assertNotNull( rbacManager ); rbacManager.eraseDatabase(); eventTracker.rbacInit( true ); Role adminRole = rbacManager.saveRole( getAdminRole() ); rbacManager.saveRole( getDeveloperRole() ); assertEquals( 2, rbacManager.getAllRoles().size() ); assertEquals( 2, rbacManager.getAllPermissions().size() ); Permission createUserPerm = rbacManager.createPermission( "CREATE_USER", "CREATE", "User" ); // perm shouldn't exist in manager (yet) assertEquals( 2, rbacManager.getAllPermissions().size() ); adminRole.addPermission( createUserPerm ); rbacManager.saveRole( adminRole ); // perm should exist in manager now. assertEquals( 3, rbacManager.getAllPermissions().size() ); Permission fetched = rbacManager.getPermission( "CREATE_USER" ); assertNotNull( fetched ); /* Assert some event tracker stuff */ assertEventTracker( 2, 0, 3, 0, true, true ); }