Examples with AclEntry org.apache.wiki.api.core.AclEntry used on opensource projects

Example 6 with AclEntry

use of org.apache.wiki.api.core.AclEntry in project jspwiki by apache.

the class DefaultAclManagerTest method testPrintAcl.

@Test
public void testPrintAcl() {
    // Verify that the printed Acl for the test page is OK
    final Page page = m_engine.getManager(PageManager.class).getPage("TestAclPage");
    Acl acl = m_engine.getManager(AclManager.class).getPermissions(page);
    final String aclString = DefaultAclManager.printAcl(acl);
    Assertions.assertEquals("[{ALLOW edit Charlie,Herman}]\n", aclString);
    // Create an ACL from scratch
    acl = Wiki.acls().acl();
    AclEntry entry = Wiki.acls().entry();
    entry.setPrincipal(new WikiPrincipal("Charlie"));
    entry.addPermission(PermissionFactory.getPagePermission("Main:Foo", "view"));
    entry.addPermission(PermissionFactory.getPagePermission("Main:Foo", "edit"));
    acl.addEntry(entry);
    entry = Wiki.acls().entry();
    entry.setPrincipal(new WikiPrincipal("Devin"));
    entry.addPermission(PermissionFactory.getPagePermission("Main:Foo", "edit"));
    entry.addPermission(PermissionFactory.getPagePermission("Main:Foo", "delete"));
    acl.addEntry(entry);
    // Verify that the printed ACL is OK
    final String expectedValue = "[{ALLOW delete Devin}]\n[{ALLOW edit Charlie,Devin}]\n[{ALLOW view Charlie}]\n";
    Assertions.assertEquals(expectedValue, DefaultAclManager.printAcl(acl));
}

Example 7 with AclEntry

use of org.apache.wiki.api.core.AclEntry in project jspwiki by apache.

the class DefaultAuthorizationManager method checkPermission.

/**
 * {@inheritDoc}
 */
@Override
public boolean checkPermission(final Session session, final Permission permission) {
    // A slight sanity check.
    if (session == null || permission == null) {
        fireEvent(WikiSecurityEvent.ACCESS_DENIED, null, permission);
        return false;
    }
    final Principal user = session.getLoginPrincipal();
    // Always allow the action if user has AllPermission
    final Permission allPermission = new AllPermission(m_engine.getApplicationName());
    final boolean hasAllPermission = checkStaticPermission(session, allPermission);
    if (hasAllPermission) {
        fireEvent(WikiSecurityEvent.ACCESS_ALLOWED, user, permission);
        return true;
    }
    // If the user doesn't have *at least* the permission granted by policy, return false.
    final boolean hasPolicyPermission = checkStaticPermission(session, permission);
    if (!hasPolicyPermission) {
        fireEvent(WikiSecurityEvent.ACCESS_DENIED, user, permission);
        return false;
    }
    // If this isn't a PagePermission, it's allowed
    if (!(permission instanceof PagePermission)) {
        fireEvent(WikiSecurityEvent.ACCESS_ALLOWED, user, permission);
        return true;
    }
    // If the page or ACL is null, it's allowed.
    final String pageName = ((PagePermission) permission).getPage();
    final Page page = m_engine.getManager(PageManager.class).getPage(pageName);
    final Acl acl = (page == null) ? null : m_engine.getManager(AclManager.class).getPermissions(page);
    if (page == null || acl == null || acl.isEmpty()) {
        fireEvent(WikiSecurityEvent.ACCESS_ALLOWED, user, permission);
        return true;
    }
    // Next, iterate through the Principal objects assigned this permission. If the context's subject possesses
    // any of these, the action is allowed.
    final Principal[] aclPrincipals = acl.findPrincipals(permission);
    log.debug("Checking ACL entries...");
    log.debug("Acl for this page is: " + acl);
    log.debug("Checking for principal: " + Arrays.toString(aclPrincipals));
    log.debug("Permission: " + permission);
    for (Principal aclPrincipal : aclPrincipals) {
        // If the ACL principal we're looking at is unresolved, try to resolve it here & correct the Acl
        if (aclPrincipal instanceof UnresolvedPrincipal) {
            final AclEntry aclEntry = acl.getAclEntry(aclPrincipal);
            aclPrincipal = resolvePrincipal(aclPrincipal.getName());
            if (aclEntry != null && !(aclPrincipal instanceof UnresolvedPrincipal)) {
                aclEntry.setPrincipal(aclPrincipal);
            }
        }
        if (hasRoleOrPrincipal(session, aclPrincipal)) {
            fireEvent(WikiSecurityEvent.ACCESS_ALLOWED, user, permission);
            return true;
        }
    }
    fireEvent(WikiSecurityEvent.ACCESS_DENIED, user, permission);
    return false;
}

Example 8 with AclEntry

use of org.apache.wiki.api.core.AclEntry in project jspwiki by apache.

the class AclImpl method hasEntry.

private boolean hasEntry(final AclEntry entry) {
    if (entry == null) {
        return false;
    }
    for (final AclEntry e : m_entries) {
        final Principal ep = e.getPrincipal();
        final Principal entryp = entry.getPrincipal();
        if (ep == null || entryp == null) {
            throw new IllegalArgumentException("Entry is null; check code, please (entry=" + entry + "; e=" + e + ")");
        }
        if (ep.getName().equals(entryp.getName())) {
            return true;
        }
    }
    return false;
}

Example 9 with AclEntry

use of org.apache.wiki.api.core.AclEntry in project jspwiki by apache.

the class AclImplTest method setUp.

/**
 * We setup the following rules: Alice = may view Bob = may view, may edit
 * Charlie = may view Dave = may view, may comment groupAcl: FooGroup =
 * Alice, Bob - may edit BarGroup = Bob, Charlie - may view
 */
@BeforeEach
public void setUp() throws Exception {
    final Session m_session = WikiSessionTest.adminSession(engine);
    m_acl = Wiki.acls().acl();
    m_aclGroup = Wiki.acls().acl();
    m_groups = new HashMap<>();
    final Principal uAlice = new WikiPrincipal("Alice");
    final Principal uBob = new WikiPrincipal("Bob");
    final Principal uCharlie = new WikiPrincipal("Charlie");
    final Principal uDave = new WikiPrincipal("Dave");
    // Alice can view
    final AclEntry ae = Wiki.acls().entry();
    ae.addPermission(PagePermission.VIEW);
    ae.setPrincipal(uAlice);
    // Charlie can view
    final AclEntry ae2 = Wiki.acls().entry();
    ae2.addPermission(PagePermission.VIEW);
    ae2.setPrincipal(uCharlie);
    // Bob can view and edit (and by implication, comment)
    final AclEntry ae3 = Wiki.acls().entry();
    ae3.addPermission(PagePermission.VIEW);
    ae3.addPermission(PagePermission.EDIT);
    ae3.setPrincipal(uBob);
    // Dave can view and comment
    final AclEntry ae4 = Wiki.acls().entry();
    ae4.addPermission(PagePermission.VIEW);
    ae4.addPermission(PagePermission.COMMENT);
    ae4.setPrincipal(uDave);
    // Create ACL with Alice, Bob, Charlie, Dave
    m_acl.addEntry(ae);
    m_acl.addEntry(ae2);
    m_acl.addEntry(ae3);
    m_acl.addEntry(ae4);
    // Foo group includes Alice and Bob
    final Group foo = m_groupMgr.parseGroup("FooGroup", "", true);
    m_groupMgr.setGroup(m_session, foo);
    foo.add(uAlice);
    foo.add(uBob);
    final AclEntry ag1 = Wiki.acls().entry();
    ag1.setPrincipal(foo.getPrincipal());
    ag1.addPermission(PagePermission.EDIT);
    m_aclGroup.addEntry(ag1);
    m_groups.put("FooGroup", foo);
    // Bar group includes Bob and Charlie
    final Group bar = m_groupMgr.parseGroup("BarGroup", "", true);
    m_groupMgr.setGroup(m_session, bar);
    bar.add(uBob);
    bar.add(uCharlie);
    final AclEntry ag2 = Wiki.acls().entry();
    ag2.setPrincipal(bar.getPrincipal());
    ag2.addPermission(PagePermission.VIEW);
    m_aclGroup.addEntry(ag2);
    m_groups.put("BarGroup", bar);
}