Example 16 with BaseObject
use of com.xpn.xwiki.objects.BaseObject in project xwiki-platform by xwiki.
the class AbstractSheetBinder method bind.
private boolean bind(DocumentModelBridge document, String sheetReferenceString) {
EntityReference sheetBindingClassReference = this.relativeReferenceResolver.resolve(getSheetBindingClass(), EntityType.DOCUMENT);
List<BaseObject> sheetBindingObjects = ((XWikiDocument) document).getXObjects(sheetBindingClassReference);
if (sheetBindingObjects != null) {
for (BaseObject sheetBindingObject : sheetBindingObjects) {
// The list of XWiki objects can contain null values due to a design flaw in the old XWiki core.
if (sheetBindingObject != null) {
String boundSheetStringRef = sheetBindingObject.getStringValue(SHEET_PROPERTY);
if (StringUtils.equals(boundSheetStringRef, sheetReferenceString)) {
return false;
}
}
}
}
try {
BaseObject sheetBindingObject = ((XWikiDocument) document).newXObject(sheetBindingClassReference, getXWikiContext());
sheetBindingObject.setStringValue(SHEET_PROPERTY, sheetReferenceString);
} catch (XWikiException e) {
String docStringReference = this.defaultEntityReferenceSerializer.serialize(document.getDocumentReference());
this.logger.warn("Failed to bind sheet [{}] to document [{}].", sheetReferenceString, docStringReference);
return false;
}
return true;
}
Also used :
XWikiDocument(com.xpn.xwiki.doc.XWikiDocument)
EntityReference(org.xwiki.model.reference.EntityReference)
XWikiException(com.xpn.xwiki.XWikiException)
BaseObject(com.xpn.xwiki.objects.BaseObject)
Example 17 with BaseObject
use of com.xpn.xwiki.objects.BaseObject in project xwiki-platform by xwiki.
the class CommentSaveAction method action.
@Override
public boolean action(XWikiContext context) throws XWikiException {
// Get the XWiki utilities
XWiki xwiki = context.getWiki();
XWikiResponse response = context.getResponse();
XWikiRequest request = context.getRequest();
XWikiDocument doc = context.getDoc();
if (!csrfTokenCheck(context) || doc.isNew()) {
return false;
}
// Comment class reference
DocumentReference commentClass = new DocumentReference(context.getWikiId(), XWiki.SYSTEM_SPACE, XWikiDocument.COMMENTSCLASS_REFERENCE.getName());
// Edit comment
int commentId = getCommentIdFromRequest(request);
BaseObject commentObj = doc.getXObject(commentClass, commentId);
if (commentObj == null) {
return false;
}
// Check if the author is the current user or if the current user has the ADMIN right
String commentAuthor = commentObj.getStringValue("author");
DocumentReference authorReference = documentReferenceResolver.resolve(commentAuthor);
if (!authorReference.equals(context.getUserReference()) && !authorizationManager.hasAccess(Right.ADMIN, context.getUserReference(), context.getDoc().getDocumentReference())) {
return false;
}
// Edit the comment
commentObj.set(COMMENT_FIELD_NAME, request.getParameter(String.format("XWiki.XWikiComments_%d_comment", commentId)), context);
// Save it
xwiki.saveDocument(doc, localizationManager.getTranslationPlain("core.comment.editComment"), true, context);
// If xpage is specified then allow the specified template to be parsed.
if (context.getRequest().get("xpage") != null) {
return true;
}
// forward to edit
String redirect = Utils.getRedirect("edit", context);
sendRedirect(response, redirect);
return false;
}
Also used :
XWikiDocument(com.xpn.xwiki.doc.XWikiDocument)
XWiki(com.xpn.xwiki.XWiki)
DocumentReference(org.xwiki.model.reference.DocumentReference)
BaseObject(com.xpn.xwiki.objects.BaseObject)
Example 18 with BaseObject
use of com.xpn.xwiki.objects.BaseObject in project xwiki-platform by xwiki.
the class XWikiAuthServiceImpl method checkPassword.
protected boolean checkPassword(String username, String password, XWikiContext context) throws XWikiException {
long time = System.currentTimeMillis();
try {
boolean result = false;
final XWikiDocument doc = context.getWiki().getDocument(username, context);
final BaseObject userObject = doc.getXObject(USERCLASS_REFERENCE);
// We only allow empty password from users having a XWikiUsers object.
if (userObject != null) {
final String stored = userObject.getStringValue("password");
result = new PasswordClass().getEquivalentPassword(stored, password).equals(stored);
}
if (LOGGER.isDebugEnabled()) {
if (result) {
LOGGER.debug("Password check for user " + username + " successful");
} else {
LOGGER.debug("Password check for user " + username + " failed");
}
LOGGER.debug((System.currentTimeMillis() - time) + " milliseconds spent validating password.");
}
return result;
} catch (Throwable e) {
LOGGER.error("Failed to check password", e);
return false;
}
}
Also used :
XWikiDocument(com.xpn.xwiki.doc.XWikiDocument)
PasswordClass(com.xpn.xwiki.objects.classes.PasswordClass)
BaseObject(com.xpn.xwiki.objects.BaseObject)
Example 19 with BaseObject
use of com.xpn.xwiki.objects.BaseObject in project xwiki-platform by xwiki.
the class XWikiGroupServiceImpl method removeUserOrGroupFromAllGroups.
@Override
public void removeUserOrGroupFromAllGroups(String memberWiki, String memberSpace, String memberName, XWikiContext context) throws XWikiException {
List<Object> parameterValues = new ArrayList<Object>();
StringBuilder where = new StringBuilder(", BaseObject as obj, StringProperty as prop where doc.fullName=obj.name and obj.className=?");
parameterValues.add(CLASS_XWIKIGROUPS);
where.append(" and obj.id=prop.id.id");
where.append(" and prop.name=?");
parameterValues.add(FIELD_XWIKIGROUPS_MEMBER);
where.append(" and prop.value like ?");
if (context.getWikiId() == null || context.getWikiId().equalsIgnoreCase(memberWiki)) {
if (memberSpace == null || memberSpace.equals(DEFAULT_MEMBER_SPACE)) {
parameterValues.add(HQLLIKE_ALL_SYMBOL + memberName + HQLLIKE_ALL_SYMBOL);
} else {
parameterValues.add(HQLLIKE_ALL_SYMBOL + memberSpace + SPACE_NAME_SEP + memberName + HQLLIKE_ALL_SYMBOL);
}
} else {
parameterValues.add(HQLLIKE_ALL_SYMBOL + memberWiki + WIKI_FULLNAME_SEP + memberSpace + SPACE_NAME_SEP + memberName + HQLLIKE_ALL_SYMBOL);
}
List<XWikiDocument> documentList = context.getWiki().getStore().searchDocuments(where.toString(), parameterValues, context);
for (XWikiDocument groupDocument : documentList) {
if (removeUserOrGroupFromGroup(groupDocument, memberWiki, memberSpace, memberName, context)) {
context.getWiki().saveDocument(groupDocument, context);
}
}
}
Also used :
XWikiDocument(com.xpn.xwiki.doc.XWikiDocument)
ArrayList(java.util.ArrayList)
BaseObject(com.xpn.xwiki.objects.BaseObject)
Example 20 with BaseObject
use of com.xpn.xwiki.objects.BaseObject in project xwiki-platform by xwiki.
the class XWikiRightServiceImpl method checkRight.
public boolean checkRight(String userOrGroupName, XWikiDocument doc, String accessLevel, boolean user, boolean allow, boolean global, XWikiContext context) throws XWikiRightNotFoundException, XWikiException {
if (!global && ("admin".equals(accessLevel))) {
// Admin rights do not exist at document level.
throw new XWikiRightNotFoundException();
}
EntityReference rightClassReference = global ? GLOBALRIGHTCLASS_REFERENCE : RIGHTCLASS_REFERENCE;
String fieldName = user ? "users" : "groups";
boolean found = false;
// Here entity is either a user or a group
DocumentReference userOrGroupDocumentReference = this.currentMixedDocumentReferenceResolver.resolve(userOrGroupName);
String prefixedFullName = this.entityReferenceSerializer.serialize(userOrGroupDocumentReference);
String shortname = userOrGroupName;
int i0 = userOrGroupName.indexOf(":");
if (i0 != -1) {
shortname = userOrGroupName.substring(i0 + 1);
}
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Checking right: [{}], [{}], [{}], [{}], [{}], [{}]", userOrGroupName, doc.getFullName(), accessLevel, user, allow, global);
}
List<BaseObject> rightObjects = doc.getXObjects(rightClassReference);
if (rightObjects != null) {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Checking objects [{}]", rightObjects.size());
}
for (int i = 0; i < rightObjects.size(); i++) {
LOGGER.debug("Checking object [{}]", i);
BaseObject bobj = rightObjects.get(i);
if (bobj == null) {
LOGGER.debug("Bypass object [{}]", i);
continue;
}
String users = bobj.getStringValue(fieldName);
String levels = bobj.getStringValue("levels");
boolean allowdeny = (bobj.getIntValue("allow") == 1);
if (allowdeny == allow) {
LOGGER.debug("Checking match: [{}] in [{}]", accessLevel, levels);
String[] levelsarray = StringUtils.split(levels, " ,|");
if (ArrayUtils.contains(levelsarray, accessLevel)) {
LOGGER.debug("Found a right for [{}]", allow);
found = true;
LOGGER.debug("Checking match: [{}] in [{}]", userOrGroupName, users);
String[] userarray = GroupsClass.getListFromString(users).toArray(new String[0]);
for (int ii = 0; ii < userarray.length; ii++) {
String value = userarray[ii];
if (value.indexOf(".") == -1) {
userarray[ii] = "XWiki." + value;
}
}
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Checking match: [{}] in [{}]", userOrGroupName, StringUtils.join(userarray, ","));
}
// name is requested
if (doc.getWikiName().equals(userOrGroupDocumentReference.getWikiReference().getName())) {
if (ArrayUtils.contains(userarray, shortname)) {
LOGGER.debug("Found matching right in [{}] for [{}]", users, shortname);
return true;
}
// We should also allow to skip "XWiki." from the usernames and group
// lists
String veryshortname = shortname.substring(shortname.indexOf(".") + 1);
if (ArrayUtils.contains(userarray, veryshortname)) {
LOGGER.debug("Found matching right in [{}] for [{}]", users, shortname);
return true;
}
}
if ((context.getWikiId() != null) && (ArrayUtils.contains(userarray, userOrGroupName))) {
LOGGER.debug("Found matching right in [{}] for [{}]", users, userOrGroupName);
return true;
}
LOGGER.debug("Failed match: [{}] in [{}]", userOrGroupName, users);
}
} else {
LOGGER.debug("Bypass object [{}] because wrong allow/deny", i);
}
}
}
LOGGER.debug("Searching for matching rights at group level");
// Didn't found right at this level.. Let's go to group level
Map<String, Collection<String>> grouplistcache = (Map<String, Collection<String>>) context.get("grouplist");
if (grouplistcache == null) {
grouplistcache = new HashMap<String, Collection<String>>();
context.put("grouplist", grouplistcache);
}
Collection<String> grouplist = new HashSet<String>();
// Get member groups from document's wiki
addMemberGroups(doc.getWikiName(), prefixedFullName, userOrGroupDocumentReference, grouplist, context);
// Get member groups from member's wiki
if (!context.getWikiId().equalsIgnoreCase(userOrGroupDocumentReference.getWikiReference().getName())) {
addMemberGroups(userOrGroupDocumentReference.getWikiReference().getName(), prefixedFullName, userOrGroupDocumentReference, grouplist, context);
}
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Searching for matching rights for [{}] groups: [{}]", grouplist.size(), grouplist);
}
for (String group : grouplist) {
try {
// We need to construct the full group name to make sure the groups are
// handled separately
boolean result = checkRight(group, doc, accessLevel, false, allow, global, context);
if (result) {
return true;
}
} catch (XWikiRightNotFoundException e) {
} catch (Exception e) {
LOGGER.error("Failed to check right [{}] for group [{}] on document [ΒΆ}]", accessLevel, group, doc.getPrefixedFullName(), e);
}
}
LOGGER.debug("Finished searching for rights for [{}]: [{}]", userOrGroupName, found);
if (found) {
return false;
} else {
throw new XWikiRightNotFoundException();
}
}
Also used :
XWikiException(com.xpn.xwiki.XWikiException)
XWikiRightNotFoundException(com.xpn.xwiki.user.api.XWikiRightNotFoundException)
BaseObject(com.xpn.xwiki.objects.BaseObject)
EntityReference(org.xwiki.model.reference.EntityReference)
Collection(java.util.Collection)
HashMap(java.util.HashMap)
Map(java.util.Map)
XWikiRightNotFoundException(com.xpn.xwiki.user.api.XWikiRightNotFoundException)
DocumentReference(org.xwiki.model.reference.DocumentReference)
HashSet(java.util.HashSet)
Aggregations
BaseObject (com.xpn.xwiki.objects.BaseObject)484
XWikiDocument (com.xpn.xwiki.doc.XWikiDocument)309
DocumentReference (org.xwiki.model.reference.DocumentReference)225
Test (org.junit.Test)137
XWikiException (com.xpn.xwiki.XWikiException)102
XWikiContext (com.xpn.xwiki.XWikiContext)99
ArrayList (java.util.ArrayList)92
LocalDocumentReference (org.xwiki.model.reference.LocalDocumentReference)69
EntityReference (org.xwiki.model.reference.EntityReference)42
XWiki (com.xpn.xwiki.XWiki)41
BaseClass (com.xpn.xwiki.objects.classes.BaseClass)40
List (java.util.List)30
Date (java.util.Date)24
BaseProperty (com.xpn.xwiki.objects.BaseProperty)23
Document (com.xpn.xwiki.api.Document)22
HashMap (java.util.HashMap)21
QueryException (org.xwiki.query.QueryException)18
AbstractComponentTest (com.celements.common.test.AbstractComponentTest)16
IOException (java.io.IOException)16
Vector (java.util.Vector)16
