Search in sources :

Example 1 with GroupPermission

use of org.apache.wiki.auth.permissions.GroupPermission in project jspwiki by apache.

the class PermissionTag method checkPermission.

/**
 *  Checks a single permission.
 *
 *  @param permission
 *  @return true if granted, false if not
 */
private boolean checkPermission(String permission) {
    WikiSession session = m_wikiContext.getWikiSession();
    WikiPage page = m_wikiContext.getPage();
    AuthorizationManager mgr = m_wikiContext.getEngine().getAuthorizationManager();
    boolean gotPermission = false;
    if (CREATE_GROUPS.equals(permission) || CREATE_PAGES.equals(permission) || EDIT_PREFERENCES.equals(permission) || EDIT_PROFILE.equals(permission) || LOGIN.equals(permission)) {
        gotPermission = mgr.checkPermission(session, new WikiPermission(page.getWiki(), permission));
    } else if (VIEW_GROUP.equals(permission) || EDIT_GROUP.equals(permission) || DELETE_GROUP.equals(permission)) {
        Command command = m_wikiContext.getCommand();
        gotPermission = false;
        if (command instanceof GroupCommand && command.getTarget() != null) {
            GroupPrincipal group = (GroupPrincipal) command.getTarget();
            String groupName = group.getName();
            String action = "view";
            if (EDIT_GROUP.equals(permission)) {
                action = "edit";
            } else if (DELETE_GROUP.equals(permission)) {
                action = "delete";
            }
            gotPermission = mgr.checkPermission(session, new GroupPermission(groupName, action));
        }
    } else if (ALL_PERMISSION.equals(permission)) {
        gotPermission = mgr.checkPermission(session, new AllPermission(m_wikiContext.getEngine().getApplicationName()));
    } else if (page != null) {
        // 
        if (EDIT.equals(permission)) {
            WikiPage latest = m_wikiContext.getEngine().getPage(page.getName());
            if (page.getVersion() != WikiProvider.LATEST_VERSION && latest.getVersion() != page.getVersion()) {
                return false;
            }
        }
        Permission p = PermissionFactory.getPagePermission(page, permission);
        gotPermission = mgr.checkPermission(session, p);
    }
    return gotPermission;
}
Also used : WikiSession(org.apache.wiki.WikiSession) GroupCommand(org.apache.wiki.ui.GroupCommand) Command(org.apache.wiki.ui.Command) GroupCommand(org.apache.wiki.ui.GroupCommand) GroupPrincipal(org.apache.wiki.auth.GroupPrincipal) WikiPage(org.apache.wiki.WikiPage) WikiPermission(org.apache.wiki.auth.permissions.WikiPermission) AllPermission(org.apache.wiki.auth.permissions.AllPermission) Permission(java.security.Permission) GroupPermission(org.apache.wiki.auth.permissions.GroupPermission) AllPermission(org.apache.wiki.auth.permissions.AllPermission) GroupPermission(org.apache.wiki.auth.permissions.GroupPermission) AuthorizationManager(org.apache.wiki.auth.AuthorizationManager) WikiPermission(org.apache.wiki.auth.permissions.WikiPermission)

Example 2 with GroupPermission

use of org.apache.wiki.auth.permissions.GroupPermission in project jspwiki by apache.

the class SecurityVerifier method policyRoleTable.

/**
 * Formats and returns an HTML table containing sample permissions and what
 * roles are allowed to have them. This method will throw an
 * {@link IllegalStateException} if the authorizer is not of type
 * {@link org.apache.wiki.auth.authorize.WebContainerAuthorizer}
 * @return the formatted HTML table containing the result of the tests
 */
public String policyRoleTable() {
    Principal[] roles = m_policyPrincipals;
    String wiki = m_engine.getApplicationName();
    String[] pages = new String[] { "Main", "Index", "GroupTest", "GroupAdmin" };
    String[] pageActions = new String[] { "view", "edit", "modify", "rename", "delete" };
    String[] groups = new String[] { "Admin", "TestGroup", "Foo" };
    String[] groupActions = new String[] { "view", "edit", null, null, "delete" };
    // Calculate column widths
    String colWidth;
    if (pageActions.length > 0 && roles.length > 0) {
        colWidth = (67f / (pageActions.length * roles.length)) + "%";
    } else {
        colWidth = "67%";
    }
    StringBuilder s = new StringBuilder();
    // Write the table header
    s.append("<table class=\"wikitable\" border=\"1\">\n");
    s.append("  <colgroup span=\"1\" width=\"33%\"/>\n");
    s.append("  <colgroup span=\"" + pageActions.length * roles.length + "\" width=\"" + colWidth + "\" align=\"center\"/>\n");
    s.append("  <tr>\n");
    s.append("    <th rowspan=\"2\" valign=\"bottom\">Permission</th>\n");
    for (int i = 0; i < roles.length; i++) {
        s.append("    <th colspan=\"" + pageActions.length + "\" title=\"" + roles[i].getClass().getName() + "\">" + roles[i].getName() + "</th>\n");
    }
    s.append("  </tr>\n");
    // Print a column for each role
    s.append("  <tr>\n");
    for (int i = 0; i < roles.length; i++) {
        for (String pageAction : pageActions) {
            String action = pageAction.substring(0, 1);
            s.append("    <th title=\"" + pageAction + "\">" + action + "</th>\n");
        }
    }
    s.append("  </tr>\n");
    // Write page permission tests first
    for (String page : pages) {
        s.append("  <tr>\n");
        s.append("    <td>PagePermission \"" + wiki + ":" + page + "\"</td>\n");
        for (Principal role : roles) {
            for (String pageAction : pageActions) {
                Permission permission = PermissionFactory.getPagePermission(wiki + ":" + page, pageAction);
                s.append(printPermissionTest(permission, role, 1));
            }
        }
        s.append("  </tr>\n");
    }
    // Now do the group tests
    for (String group : groups) {
        s.append("  <tr>\n");
        s.append("    <td>GroupPermission \"" + wiki + ":" + group + "\"</td>\n");
        for (Principal role : roles) {
            for (String groupAction : groupActions) {
                Permission permission = null;
                if (groupAction != null) {
                    permission = new GroupPermission(wiki + ":" + group, groupAction);
                }
                s.append(printPermissionTest(permission, role, 1));
            }
        }
        s.append("  </tr>\n");
    }
    // Now check the wiki-wide permissions
    String[] wikiPerms = new String[] { "createGroups", "createPages", "login", "editPreferences", "editProfile" };
    for (String wikiPerm : wikiPerms) {
        s.append("  <tr>\n");
        s.append("    <td>WikiPermission \"" + wiki + "\",\"" + wikiPerm + "\"</td>\n");
        for (Principal role : roles) {
            Permission permission = new WikiPermission(wiki, wikiPerm);
            s.append(printPermissionTest(permission, role, pageActions.length));
        }
        s.append("  </tr>\n");
    }
    // Lastly, check for AllPermission
    s.append("  <tr>\n");
    s.append("    <td>AllPermission \"" + wiki + "\"</td>\n");
    for (Principal role : roles) {
        Permission permission = new AllPermission(wiki);
        s.append(printPermissionTest(permission, role, pageActions.length));
    }
    s.append("  </tr>\n");
    // We're done!
    s.append("</table>");
    return s.toString();
}
Also used : WikiPermission(org.apache.wiki.auth.permissions.WikiPermission) AllPermission(org.apache.wiki.auth.permissions.AllPermission) Permission(java.security.Permission) GroupPermission(org.apache.wiki.auth.permissions.GroupPermission) AllPermission(org.apache.wiki.auth.permissions.AllPermission) GroupPermission(org.apache.wiki.auth.permissions.GroupPermission) WikiPermission(org.apache.wiki.auth.permissions.WikiPermission) Principal(java.security.Principal)

Example 3 with GroupPermission

use of org.apache.wiki.auth.permissions.GroupPermission in project jspwiki by apache.

the class GroupCommandTest method testTargetedCommand.

@Test
public void testTargetedCommand() {
    // Get view command
    Command a = GroupCommand.VIEW_GROUP;
    GroupPrincipal group = new GroupPrincipal("Test");
    // Combine with wiki group; make sure it's not equal to old command
    Command b = a.targetedCommand(group);
    Assert.assertNotSame(a, b);
    Assert.assertEquals(a.getRequestContext(), b.getRequestContext());
    Assert.assertEquals(a.getJSP(), b.getJSP());
    Assert.assertEquals(a.getURLPattern(), b.getURLPattern());
    Assert.assertEquals(a.getContentTemplate(), b.getContentTemplate());
    Assert.assertNotNull(b.getTarget());
    Assert.assertNotNull(b.requiredPermission());
    Assert.assertEquals(new GroupPermission("*:Test", "view"), b.requiredPermission());
    Assert.assertEquals(group, b.getTarget());
    // Do the same with edit command
    a = GroupCommand.EDIT_GROUP;
    b = a.targetedCommand(group);
    Assert.assertNotSame(a, b);
    Assert.assertNotNull(b.getTarget());
    Assert.assertNotNull(b.requiredPermission());
    Assert.assertEquals(new GroupPermission("*:Test", "edit"), b.requiredPermission());
    Assert.assertEquals(group, b.getTarget());
    // Do the same with delete command
    a = GroupCommand.DELETE_GROUP;
    b = a.targetedCommand(group);
    Assert.assertNotSame(a, b);
    Assert.assertNotNull(b.getTarget());
    Assert.assertNotNull(b.requiredPermission());
    Assert.assertEquals(new GroupPermission("*:Test", "delete"), b.requiredPermission());
    Assert.assertEquals(group, b.getTarget());
}
Also used : GroupPrincipal(org.apache.wiki.auth.GroupPrincipal) GroupPermission(org.apache.wiki.auth.permissions.GroupPermission) Test(org.junit.Test)

Aggregations

GroupPermission (org.apache.wiki.auth.permissions.GroupPermission)3 Permission (java.security.Permission)2 GroupPrincipal (org.apache.wiki.auth.GroupPrincipal)2 AllPermission (org.apache.wiki.auth.permissions.AllPermission)2 WikiPermission (org.apache.wiki.auth.permissions.WikiPermission)2 Principal (java.security.Principal)1 WikiPage (org.apache.wiki.WikiPage)1 WikiSession (org.apache.wiki.WikiSession)1 AuthorizationManager (org.apache.wiki.auth.AuthorizationManager)1 Command (org.apache.wiki.ui.Command)1 GroupCommand (org.apache.wiki.ui.GroupCommand)1 Test (org.junit.Test)1