Examples with PagePermission org.apache.wiki.auth.permissions.PagePermission used on opensource projects

Example 1 with PagePermission

use of org.apache.wiki.auth.permissions.PagePermission in project jspwiki by apache.

the class BasicSearchProvider method findPages.

private Collection findPages(QueryItem[] query, WikiContext wikiContext) {
    TreeSet<SearchResult> res = new TreeSet<SearchResult>(new SearchResultComparator());
    SearchMatcher matcher = new SearchMatcher(m_engine, query);
    Collection allPages = null;
    try {
        allPages = m_engine.getPageManager().getAllPages();
    } catch (ProviderException pe) {
        log.error("Unable to retrieve page list", pe);
        return null;
    }
    AuthorizationManager mgr = m_engine.getAuthorizationManager();
    Iterator it = allPages.iterator();
    while (it.hasNext()) {
        try {
            WikiPage page = (WikiPage) it.next();
            if (page != null) {
                PagePermission pp = new PagePermission(page, PagePermission.VIEW_ACTION);
                if (wikiContext == null || mgr.checkPermission(wikiContext.getWikiSession(), pp)) {
                    String pageName = page.getName();
                    String pageContent = m_engine.getPageManager().getPageText(pageName, WikiPageProvider.LATEST_VERSION) + attachmentNames(page, " ");
                    SearchResult comparison = matcher.matchPageContent(pageName, pageContent);
                    if (comparison != null) {
                        res.add(comparison);
                    }
                }
            }
        } catch (ProviderException pe) {
            log.error("Unable to retrieve page from cache", pe);
        } catch (IOException ioe) {
            log.error("Failed to search page", ioe);
        }
    }
    return res;
}

Example 2 with PagePermission

use of org.apache.wiki.auth.permissions.PagePermission in project jspwiki by apache.

the class AuthorizationManager method checkPermission.

/**
 * Returns <code>true</code> or <code>false</code>, depending on
 * whether a Permission is allowed for the Subject associated with
 * a supplied WikiSession. The access control algorithm works this way:
 * <ol>
 * <li>The {@link org.apache.wiki.auth.acl.Acl} for the page is obtained</li>
 * <li>The Subject associated with the current
 * {@link org.apache.wiki.WikiSession} is obtained</li>
 * <li>If the Subject's Principal set includes the Role Principal that is
 * the administrator group, always allow the Permission</li>
 * <li>For all permissions, check to see if the Permission is allowed according
 * to the default security policy. If it isn't, deny the permission and halt
 * further processing.</li>
 * <li>If there is an Acl, get the list of Principals assigned this
 * Permission in the Acl: these will be role, group or user Principals, or
 * {@link org.apache.wiki.auth.acl.UnresolvedPrincipal}s (see below).
 * Then iterate through the Subject's Principal set and determine whether
 * the user (Subject) possesses any one of these specified Roles or
 * Principals. The matching process delegates to
 * {@link #hasRoleOrPrincipal(WikiSession, Principal)}.
 * </ol>
 * <p>
 * Note that when iterating through the Acl's list of authorized Principals,
 * it is possible that one or more of the Acl's Principal entries are of
 * type <code>UnresolvedPrincipal</code>. This means that the last time
 * the ACL was read, the Principal (user, built-in Role, authorizer Role, or
 * wiki Group) could not be resolved: the Role was not valid, the user
 * wasn't found in the UserDatabase, or the Group wasn't known to (e.g.,
 * cached) in the GroupManager. If an <code>UnresolvedPrincipal</code> is
 * encountered, this method will attempt to resolve it first <em>before</em>
 * checking to see if the Subject possesses this principal, by calling
 * {@link #resolvePrincipal(String)}. If the (re-)resolution does not
 * succeed, the access check for the principal will fail by definition (the
 * Subject should never contain UnresolvedPrincipals).
 * </p>
 * <p>
 * If security not set to JAAS, will return true.
 * </p>
 * @param session the current wiki session
 * @param permission the Permission being checked
 * @see #hasRoleOrPrincipal(WikiSession, Principal)
 * @return the result of the Permission check
 */
public boolean checkPermission(WikiSession session, Permission permission) {
    // 
    if (session == null || permission == null) {
        fireEvent(WikiSecurityEvent.ACCESS_DENIED, null, permission);
        return false;
    }
    Principal user = session.getLoginPrincipal();
    // Always allow the action if user has AllPermission
    Permission allPermission = new AllPermission(m_engine.getApplicationName());
    boolean hasAllPermission = checkStaticPermission(session, allPermission);
    if (hasAllPermission) {
        fireEvent(WikiSecurityEvent.ACCESS_ALLOWED, user, permission);
        return true;
    }
    // If the user doesn't have *at least* the permission
    // granted by policy, return false.
    boolean hasPolicyPermission = checkStaticPermission(session, permission);
    if (!hasPolicyPermission) {
        fireEvent(WikiSecurityEvent.ACCESS_DENIED, user, permission);
        return false;
    }
    // If this isn't a PagePermission, it's allowed
    if (!(permission instanceof PagePermission)) {
        fireEvent(WikiSecurityEvent.ACCESS_ALLOWED, user, permission);
        return true;
    }
    // 
    // If the page or ACL is null, it's allowed.
    // 
    String pageName = ((PagePermission) permission).getPage();
    WikiPage page = m_engine.getPage(pageName);
    Acl acl = (page == null) ? null : m_engine.getAclManager().getPermissions(page);
    if (page == null || acl == null || acl.isEmpty()) {
        fireEvent(WikiSecurityEvent.ACCESS_ALLOWED, user, permission);
        return true;
    }
    // 
    // Next, iterate through the Principal objects assigned
    // this permission. If the context's subject possesses
    // any of these, the action is allowed.
    Principal[] aclPrincipals = acl.findPrincipals(permission);
    log.debug("Checking ACL entries...");
    log.debug("Acl for this page is: " + acl);
    log.debug("Checking for principal: " + Arrays.toString(aclPrincipals));
    log.debug("Permission: " + permission);
    for (Principal aclPrincipal : aclPrincipals) {
        // try to resolve it here & correct the Acl
        if (aclPrincipal instanceof UnresolvedPrincipal) {
            AclEntry aclEntry = acl.getEntry(aclPrincipal);
            aclPrincipal = resolvePrincipal(aclPrincipal.getName());
            if (aclEntry != null && !(aclPrincipal instanceof UnresolvedPrincipal)) {
                aclEntry.setPrincipal(aclPrincipal);
            }
        }
        if (hasRoleOrPrincipal(session, aclPrincipal)) {
            fireEvent(WikiSecurityEvent.ACCESS_ALLOWED, user, permission);
            return true;
        }
    }
    fireEvent(WikiSecurityEvent.ACCESS_DENIED, user, permission);
    return false;
}

Example 3 with PagePermission

use of org.apache.wiki.auth.permissions.PagePermission in project jspwiki by apache.

the class AuthorizationManagerTest method testAdminView2.

@Test
public void testAdminView2() throws Exception {
    m_engine.saveText("TestDefaultPage", "Foo [{ALLOW view FooBar}]");
    WikiSession session = WikiSessionTest.adminSession(m_engine);
    Assert.assertTrue("Alice has AllPermission", m_auth.checkPermission(session, new AllPermission(m_engine.getApplicationName())));
    Assert.assertTrue("Alice cannot read", m_auth.checkPermission(session, new PagePermission("TestDefaultPage", "view")));
}

Example 4 with PagePermission

use of org.apache.wiki.auth.permissions.PagePermission in project jspwiki by apache.

the class AuthorizationManagerTest method testAdminView.

@Test
public void testAdminView() throws Exception {
    m_engine.saveText("TestDefaultPage", "Foo [{ALLOW view FooBar}]");
    Principal admin = new GroupPrincipal("Admin");
    WikiSession session = WikiSessionTest.containerAuthenticatedSession(m_engine, Users.ALICE, new Principal[] { admin });
    Assert.assertTrue("Alice has AllPermission", m_auth.checkPermission(session, new AllPermission(m_engine.getApplicationName())));
    Assert.assertTrue("Alice cannot read", m_auth.checkPermission(session, new PagePermission("TestDefaultPage", "view")));
}

Example 5 with PagePermission

use of org.apache.wiki.auth.permissions.PagePermission in project jspwiki by apache.

the class WeblogPlugin method execute.

/**
 *  {@inheritDoc}
 */
@SuppressWarnings("unchecked")
public String execute(WikiContext context, Map<String, String> params) throws PluginException {
    Calendar startTime;
    Calendar stopTime;
    int numDays = DEFAULT_DAYS;
    WikiEngine engine = context.getEngine();
    AuthorizationManager mgr = engine.getAuthorizationManager();
    // 
    // Parse parameters.
    // 
    String days;
    DateFormat entryFormat;
    String startDay = null;
    boolean hasComments = false;
    int maxEntries;
    String weblogName;
    if ((weblogName = params.get(PARAM_PAGE)) == null) {
        weblogName = context.getPage().getName();
    }
    if ((days = context.getHttpParameter("weblog." + PARAM_DAYS)) == null) {
        days = params.get(PARAM_DAYS);
    }
    if ((params.get(PARAM_ENTRYFORMAT)) == null) {
        entryFormat = Preferences.getDateFormat(context, TimeFormat.DATETIME);
    } else {
        entryFormat = new SimpleDateFormat(params.get(PARAM_ENTRYFORMAT));
    }
    if (days != null) {
        if (days.equalsIgnoreCase("all")) {
            numDays = Integer.MAX_VALUE;
        } else {
            numDays = TextUtil.parseIntParameter(days, DEFAULT_DAYS);
        }
    }
    if ((startDay = params.get(PARAM_STARTDATE)) == null) {
        startDay = context.getHttpParameter("weblog." + PARAM_STARTDATE);
    }
    if (TextUtil.isPositive(params.get(PARAM_ALLOWCOMMENTS))) {
        hasComments = true;
    }
    maxEntries = TextUtil.parseIntParameter(params.get(PARAM_MAXENTRIES), Integer.MAX_VALUE);
    // 
    // Determine the date range which to include.
    // 
    startTime = Calendar.getInstance();
    stopTime = Calendar.getInstance();
    if (startDay != null) {
        SimpleDateFormat fmt = new SimpleDateFormat(DEFAULT_DATEFORMAT);
        try {
            Date d = fmt.parse(startDay);
            startTime.setTime(d);
            stopTime.setTime(d);
        } catch (ParseException e) {
            return "Illegal time format: " + startDay;
        }
    }
    // 
    // Mark this to be a weblog
    // 
    context.getPage().setAttribute(ATTR_ISWEBLOG, "true");
    // 
    // We make a wild guess here that nobody can do millisecond
    // accuracy here.
    // 
    startTime.add(Calendar.DAY_OF_MONTH, -numDays);
    startTime.set(Calendar.HOUR, 0);
    startTime.set(Calendar.MINUTE, 0);
    startTime.set(Calendar.SECOND, 0);
    stopTime.set(Calendar.HOUR, 23);
    stopTime.set(Calendar.MINUTE, 59);
    stopTime.set(Calendar.SECOND, 59);
    StringBuilder sb = new StringBuilder();
    try {
        List<WikiPage> blogEntries = findBlogEntries(engine, weblogName, startTime.getTime(), stopTime.getTime());
        Collections.sort(blogEntries, new PageDateComparator());
        sb.append("<div class=\"weblog\">\n");
        for (Iterator<WikiPage> i = blogEntries.iterator(); i.hasNext() && maxEntries-- > 0; ) {
            WikiPage p = i.next();
            if (mgr.checkPermission(context.getWikiSession(), new PagePermission(p, PagePermission.VIEW_ACTION))) {
                addEntryHTML(context, entryFormat, hasComments, sb, p);
            }
        }
        sb.append("</div>\n");
    } catch (ProviderException e) {
        log.error("Could not locate blog entries", e);
        throw new PluginException("Could not locate blog entries: " + e.getMessage());
    }
    return sb.toString();
}