}
public SecureActionBundle getSecureActionBundle()
throws SecureActionException
{
SecureActionBundle bundle = new SecureActionBundle();
bundle.setRequiresAuthentication( true );
if ( getRepoId() != null )
{
// TODO: this is not right. It needs to change based on method. But is this really the right way to restrict this area?
// TODO: not right. We only care about this permission on managed repositories. Otherwise, it's configuration
bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY, getRepoId() );
}
else
{
bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION, Resource.GLOBAL );
}
return bundle;
}