Example 1 with GroupPermission
use of org.apache.wiki.auth.permissions.GroupPermission in project jspwiki by apache.
the class PermissionTag method checkPermission.
/**
* Checks a single permission.
*
* @param permission
* @return true if granted, false if not
*/
private boolean checkPermission(String permission) {
WikiSession session = m_wikiContext.getWikiSession();
WikiPage page = m_wikiContext.getPage();
AuthorizationManager mgr = m_wikiContext.getEngine().getAuthorizationManager();
boolean gotPermission = false;
if (CREATE_GROUPS.equals(permission) || CREATE_PAGES.equals(permission) || EDIT_PREFERENCES.equals(permission) || EDIT_PROFILE.equals(permission) || LOGIN.equals(permission)) {
gotPermission = mgr.checkPermission(session, new WikiPermission(page.getWiki(), permission));
} else if (VIEW_GROUP.equals(permission) || EDIT_GROUP.equals(permission) || DELETE_GROUP.equals(permission)) {
Command command = m_wikiContext.getCommand();
gotPermission = false;
if (command instanceof GroupCommand && command.getTarget() != null) {
GroupPrincipal group = (GroupPrincipal) command.getTarget();
String groupName = group.getName();
String action = "view";
if (EDIT_GROUP.equals(permission)) {
action = "edit";
} else if (DELETE_GROUP.equals(permission)) {
action = "delete";
}
gotPermission = mgr.checkPermission(session, new GroupPermission(groupName, action));
}
} else if (ALL_PERMISSION.equals(permission)) {
gotPermission = mgr.checkPermission(session, new AllPermission(m_wikiContext.getEngine().getApplicationName()));
} else if (page != null) {
//
if (EDIT.equals(permission)) {
WikiPage latest = m_wikiContext.getEngine().getPage(page.getName());
if (page.getVersion() != WikiProvider.LATEST_VERSION && latest.getVersion() != page.getVersion()) {
return false;
}
}
Permission p = PermissionFactory.getPagePermission(page, permission);
gotPermission = mgr.checkPermission(session, p);
}
return gotPermission;
}
Also used :
WikiSession(org.apache.wiki.WikiSession)
GroupCommand(org.apache.wiki.ui.GroupCommand)
Command(org.apache.wiki.ui.Command)
GroupCommand(org.apache.wiki.ui.GroupCommand)
GroupPrincipal(org.apache.wiki.auth.GroupPrincipal)
WikiPage(org.apache.wiki.WikiPage)
WikiPermission(org.apache.wiki.auth.permissions.WikiPermission)
AllPermission(org.apache.wiki.auth.permissions.AllPermission)
Permission(java.security.Permission)
GroupPermission(org.apache.wiki.auth.permissions.GroupPermission)
AllPermission(org.apache.wiki.auth.permissions.AllPermission)
GroupPermission(org.apache.wiki.auth.permissions.GroupPermission)
AuthorizationManager(org.apache.wiki.auth.AuthorizationManager)
WikiPermission(org.apache.wiki.auth.permissions.WikiPermission)
Example 2 with GroupPermission
use of org.apache.wiki.auth.permissions.GroupPermission in project jspwiki by apache.
the class SecurityVerifier method policyRoleTable.
/**
* Formats and returns an HTML table containing sample permissions and what
* roles are allowed to have them. This method will throw an
* {@link IllegalStateException} if the authorizer is not of type
* {@link org.apache.wiki.auth.authorize.WebContainerAuthorizer}
* @return the formatted HTML table containing the result of the tests
*/
public String policyRoleTable() {
Principal[] roles = m_policyPrincipals;
String wiki = m_engine.getApplicationName();
String[] pages = new String[] { "Main", "Index", "GroupTest", "GroupAdmin" };
String[] pageActions = new String[] { "view", "edit", "modify", "rename", "delete" };
String[] groups = new String[] { "Admin", "TestGroup", "Foo" };
String[] groupActions = new String[] { "view", "edit", null, null, "delete" };
// Calculate column widths
String colWidth;
if (pageActions.length > 0 && roles.length > 0) {
colWidth = (67f / (pageActions.length * roles.length)) + "%";
} else {
colWidth = "67%";
}
StringBuilder s = new StringBuilder();
// Write the table header
s.append("<table class=\"wikitable\" border=\"1\">\n");
s.append(" <colgroup span=\"1\" width=\"33%\"/>\n");
s.append(" <colgroup span=\"" + pageActions.length * roles.length + "\" width=\"" + colWidth + "\" align=\"center\"/>\n");
s.append(" <tr>\n");
s.append(" <th rowspan=\"2\" valign=\"bottom\">Permission</th>\n");
for (int i = 0; i < roles.length; i++) {
s.append(" <th colspan=\"" + pageActions.length + "\" title=\"" + roles[i].getClass().getName() + "\">" + roles[i].getName() + "</th>\n");
}
s.append(" </tr>\n");
// Print a column for each role
s.append(" <tr>\n");
for (int i = 0; i < roles.length; i++) {
for (String pageAction : pageActions) {
String action = pageAction.substring(0, 1);
s.append(" <th title=\"" + pageAction + "\">" + action + "</th>\n");
}
}
s.append(" </tr>\n");
// Write page permission tests first
for (String page : pages) {
s.append(" <tr>\n");
s.append(" <td>PagePermission \"" + wiki + ":" + page + "\"</td>\n");
for (Principal role : roles) {
for (String pageAction : pageActions) {
Permission permission = PermissionFactory.getPagePermission(wiki + ":" + page, pageAction);
s.append(printPermissionTest(permission, role, 1));
}
}
s.append(" </tr>\n");
}
// Now do the group tests
for (String group : groups) {
s.append(" <tr>\n");
s.append(" <td>GroupPermission \"" + wiki + ":" + group + "\"</td>\n");
for (Principal role : roles) {
for (String groupAction : groupActions) {
Permission permission = null;
if (groupAction != null) {
permission = new GroupPermission(wiki + ":" + group, groupAction);
}
s.append(printPermissionTest(permission, role, 1));
}
}
s.append(" </tr>\n");
}
// Now check the wiki-wide permissions
String[] wikiPerms = new String[] { "createGroups", "createPages", "login", "editPreferences", "editProfile" };
for (String wikiPerm : wikiPerms) {
s.append(" <tr>\n");
s.append(" <td>WikiPermission \"" + wiki + "\",\"" + wikiPerm + "\"</td>\n");
for (Principal role : roles) {
Permission permission = new WikiPermission(wiki, wikiPerm);
s.append(printPermissionTest(permission, role, pageActions.length));
}
s.append(" </tr>\n");
}
// Lastly, check for AllPermission
s.append(" <tr>\n");
s.append(" <td>AllPermission \"" + wiki + "\"</td>\n");
for (Principal role : roles) {
Permission permission = new AllPermission(wiki);
s.append(printPermissionTest(permission, role, pageActions.length));
}
s.append(" </tr>\n");
// We're done!
s.append("</table>");
return s.toString();
}
Also used :
WikiPermission(org.apache.wiki.auth.permissions.WikiPermission)
AllPermission(org.apache.wiki.auth.permissions.AllPermission)
Permission(java.security.Permission)
GroupPermission(org.apache.wiki.auth.permissions.GroupPermission)
AllPermission(org.apache.wiki.auth.permissions.AllPermission)
GroupPermission(org.apache.wiki.auth.permissions.GroupPermission)
WikiPermission(org.apache.wiki.auth.permissions.WikiPermission)
Principal(java.security.Principal)
Example 3 with GroupPermission
use of org.apache.wiki.auth.permissions.GroupPermission in project jspwiki by apache.
the class GroupCommandTest method testTargetedCommand.
@Test
public void testTargetedCommand() {
// Get view command
Command a = GroupCommand.VIEW_GROUP;
GroupPrincipal group = new GroupPrincipal("Test");
// Combine with wiki group; make sure it's not equal to old command
Command b = a.targetedCommand(group);
Assert.assertNotSame(a, b);
Assert.assertEquals(a.getRequestContext(), b.getRequestContext());
Assert.assertEquals(a.getJSP(), b.getJSP());
Assert.assertEquals(a.getURLPattern(), b.getURLPattern());
Assert.assertEquals(a.getContentTemplate(), b.getContentTemplate());
Assert.assertNotNull(b.getTarget());
Assert.assertNotNull(b.requiredPermission());
Assert.assertEquals(new GroupPermission("*:Test", "view"), b.requiredPermission());
Assert.assertEquals(group, b.getTarget());
// Do the same with edit command
a = GroupCommand.EDIT_GROUP;
b = a.targetedCommand(group);
Assert.assertNotSame(a, b);
Assert.assertNotNull(b.getTarget());
Assert.assertNotNull(b.requiredPermission());
Assert.assertEquals(new GroupPermission("*:Test", "edit"), b.requiredPermission());
Assert.assertEquals(group, b.getTarget());
// Do the same with delete command
a = GroupCommand.DELETE_GROUP;
b = a.targetedCommand(group);
Assert.assertNotSame(a, b);
Assert.assertNotNull(b.getTarget());
Assert.assertNotNull(b.requiredPermission());
Assert.assertEquals(new GroupPermission("*:Test", "delete"), b.requiredPermission());
Assert.assertEquals(group, b.getTarget());
}
Also used :
GroupPrincipal(org.apache.wiki.auth.GroupPrincipal)
GroupPermission(org.apache.wiki.auth.permissions.GroupPermission)
Test(org.junit.Test)
Aggregations
GroupPermission (org.apache.wiki.auth.permissions.GroupPermission)3
Permission (java.security.Permission)2
GroupPrincipal (org.apache.wiki.auth.GroupPrincipal)2
AllPermission (org.apache.wiki.auth.permissions.AllPermission)2
WikiPermission (org.apache.wiki.auth.permissions.WikiPermission)2
Principal (java.security.Principal)1
WikiPage (org.apache.wiki.WikiPage)1
WikiSession (org.apache.wiki.WikiSession)1
AuthorizationManager (org.apache.wiki.auth.AuthorizationManager)1
Command (org.apache.wiki.ui.Command)1
GroupCommand (org.apache.wiki.ui.GroupCommand)1
Test (org.junit.Test)1
