Search in sources :

Example 1 with GroupSecurityReference

use of org.xwiki.security.GroupSecurityReference in project xwiki-platform by xwiki.

the class DefaultUserBridge method getAllGroupsFor.

@Override
public Collection<GroupSecurityReference> getAllGroupsFor(UserSecurityReference user, WikiReference wikiReference) throws AuthorizationException {
    DocumentReference userRef = user.getOriginalReference();
    if (userRef == null) {
        // Public users (not logged in) may not appears in any group
        return Collections.emptyList();
    }
    Collection<DocumentReference> groupRefs = getGroupsReferencesFor(wikiReference, userRef);
    Collection<GroupSecurityReference> groups = new ArrayList<GroupSecurityReference>(groupRefs.size());
    for (DocumentReference groupRef : groupRefs) {
        GroupSecurityReference group = factory.newGroupReference(groupRef);
        groups.add(group);
    }
    return groups;
}
Also used : ArrayList(java.util.ArrayList) DocumentReference(org.xwiki.model.reference.DocumentReference) GroupSecurityReference(org.xwiki.security.GroupSecurityReference)

Example 2 with GroupSecurityReference

use of org.xwiki.security.GroupSecurityReference in project xwiki-platform by xwiki.

the class DefaultSecurityCacheTest method InsertUsers.

private Map<String, SecurityEntry> InsertUsers() throws ConflictingInsertionException, ParentEntryEvictedException {
    Map<String, SecurityEntry> entries = InsertUsersWithouShadow();
    // Check inserting shadow users
    for (UserSecurityReference ref : userRefs) {
        if (ref.isGlobal()) {
            for (SecurityReference wiki : Arrays.asList(wikiRef, anotherWikiRef)) {
                SecurityShadowEntry entry = mockSecurityShadowEntry(ref, wiki);
                entries.put(AddUserEntry(entry), entry);
            }
        }
    }
    // Insert some groups
    for (GroupSecurityReference ref : groupRefs.keySet()) {
        if (ref.isGlobal()) {
            for (SecurityReference wiki : Arrays.asList(wikiRef, anotherWikiRef)) {
                SecurityShadowEntry entry = mockSecurityShadowEntry(ref, wiki);
                entries.put(AddUserEntry(entry), entry);
            }
        }
    }
    // Insert shadow users in shadow groups
    for (UserSecurityReference ref : groupUserRefs) {
        if (ref.isGlobal()) {
            for (SecurityReference wiki : Arrays.asList(wikiRef, anotherWikiRef)) {
                SecurityShadowEntry entry = mockSecurityShadowEntry(ref, wiki);
                entries.put(AddUserEntry(entry), entry);
            }
        }
    }
    return entries;
}
Also used : SecurityEntry(org.xwiki.security.authorization.SecurityEntry) GroupSecurityReference(org.xwiki.security.GroupSecurityReference) SecurityReference(org.xwiki.security.SecurityReference) UserSecurityReference(org.xwiki.security.UserSecurityReference) SecurityShadowEntry(org.xwiki.security.authorization.cache.SecurityShadowEntry) UserSecurityReference(org.xwiki.security.UserSecurityReference) GroupSecurityReference(org.xwiki.security.GroupSecurityReference)

Example 3 with GroupSecurityReference

use of org.xwiki.security.GroupSecurityReference in project xwiki-platform by xwiki.

the class DefaultSecurityCacheTest method testAddSecurityShadowEntry.

@Test
public void testAddSecurityShadowEntry() throws Exception {
    InsertUsersWithouShadow();
    final List<SecurityShadowEntry> allEntries = new ArrayList<SecurityShadowEntry>();
    // Check inserting shadow users
    for (UserSecurityReference ref : userRefs) {
        if (ref.isGlobal()) {
            for (SecurityReference wiki : Arrays.asList(wikiRef, anotherWikiRef)) {
                SecurityShadowEntry entry = mockSecurityShadowEntry(ref, wiki);
                assertThat(((DefaultSecurityCache) securityCache).get(AddUserEntry(entry)), sameInstance((SecurityEntry) entry));
                allEntries.add(entry);
            }
        }
    }
    // Check inserting some shadow groups
    for (GroupSecurityReference ref : groupRefs.keySet()) {
        if (ref.isGlobal()) {
            for (SecurityReference wiki : Arrays.asList(wikiRef, anotherWikiRef)) {
                SecurityShadowEntry entry = mockSecurityShadowEntry(ref, wiki);
                assertThat(((DefaultSecurityCache) securityCache).get(AddUserEntry(entry)), sameInstance((SecurityEntry) entry));
                allEntries.add(entry);
            }
        }
    }
    // Check inserting shadow users in shadow groups
    for (UserSecurityReference ref : groupUserRefs) {
        if (ref.isGlobal()) {
            for (SecurityReference wiki : Arrays.asList(wikiRef, anotherWikiRef)) {
                SecurityShadowEntry entry = mockSecurityShadowEntry(ref, wiki);
                assertThat(((DefaultSecurityCache) securityCache).get(AddUserEntry(entry)), sameInstance((SecurityEntry) entry));
                allEntries.add(entry);
            }
        }
    }
    // Check a duplicate insertion
    try {
        AddUserEntry(allEntries.get(0));
    } catch (ConflictingInsertionException e) {
        fail("Inserting the same shadow entry twice should NOT throw a ConflictingInsertionException.");
    }
    // Check inserting a shadow for a missing user in an existing wiki
    try {
        AddUserEntry(mockSecurityShadowEntry(aMissingUserRef, wikiRef));
        fail("Inserting a shadow entry without inserting its global user first should throw" + " a ParentEntryEvictedException.");
    } catch (ParentEntryEvictedException ignore) {
    // Expected.
    }
    // Check inserting a shadow for a existing user in a missing wiki
    try {
        AddUserEntry(mockSecurityShadowEntry(xuserRef, aMissingWikiRef));
        fail("Inserting a shadow entry without inserting its wiki first should throw" + " a ParentEntryEvictedException.");
    } catch (ParentEntryEvictedException ignore) {
    // Expected.
    }
}
Also used : SecurityEntry(org.xwiki.security.authorization.SecurityEntry) ArrayList(java.util.ArrayList) GroupSecurityReference(org.xwiki.security.GroupSecurityReference) SecurityReference(org.xwiki.security.SecurityReference) UserSecurityReference(org.xwiki.security.UserSecurityReference) SecurityShadowEntry(org.xwiki.security.authorization.cache.SecurityShadowEntry) UserSecurityReference(org.xwiki.security.UserSecurityReference) GroupSecurityReference(org.xwiki.security.GroupSecurityReference) ConflictingInsertionException(org.xwiki.security.authorization.cache.ConflictingInsertionException) ParentEntryEvictedException(org.xwiki.security.authorization.cache.ParentEntryEvictedException) Test(org.junit.Test)

Example 4 with GroupSecurityReference

use of org.xwiki.security.GroupSecurityReference in project xwiki-platform by xwiki.

the class DefaultSecurityCacheTest method AddUserEntry.

private String AddUserEntry(SecurityShadowEntry user) throws ParentEntryEvictedException, ConflictingInsertionException {
    if (groupUserRefs.contains(user.getReference())) {
        final List<GroupSecurityReference> groups = new ArrayList<GroupSecurityReference>();
        for (GroupSecurityReference group : groupRefs.keySet()) {
            if (groupRefs.get(group).contains(user.getReference())) {
                if (group.getOriginalReference().getWikiReference().equals(user.getWikiReference().getOriginalWikiReference())) {
                    groups.add(group);
                }
            }
        }
        securityCache.add(user, groups);
    } else {
        securityCache.add(user, null);
    }
    return cache.getLastInsertedKey();
}
Also used : ArrayList(java.util.ArrayList) GroupSecurityReference(org.xwiki.security.GroupSecurityReference)

Example 5 with GroupSecurityReference

use of org.xwiki.security.GroupSecurityReference in project xwiki-platform by xwiki.

the class DefaultSecurityCache method getImmediateGroupsFor.

@Override
public Collection<GroupSecurityReference> getImmediateGroupsFor(UserSecurityReference user) {
    Collection<GroupSecurityReference> groups = new HashSet<>();
    SecurityCacheEntry userEntry = getEntry(user);
    // If the user is not in the cache, or if it is, but not as a user, but as a regular document
    if (userEntry == null || !userEntry.isUser()) {
        // In that case, the ancestors are not fully loaded
        return null;
    }
    for (SecurityCacheEntry parent : userEntry.parents) {
        // Add the parent group (if we have not already seen it)
        SecurityReference parentRef = parent.getEntry().getReference();
        if (parentRef instanceof GroupSecurityReference) {
            groups.add((GroupSecurityReference) parentRef);
        }
    }
    return groups;
}
Also used : GroupSecurityReference(org.xwiki.security.GroupSecurityReference) SecurityReference(org.xwiki.security.SecurityReference) UserSecurityReference(org.xwiki.security.UserSecurityReference) GroupSecurityReference(org.xwiki.security.GroupSecurityReference) HashSet(java.util.HashSet)

Aggregations

GroupSecurityReference (org.xwiki.security.GroupSecurityReference)20 UserSecurityReference (org.xwiki.security.UserSecurityReference)10 SecurityReference (org.xwiki.security.SecurityReference)9 ArrayList (java.util.ArrayList)6 Test (org.junit.Test)5 Right (org.xwiki.security.authorization.Right)4 SecurityRule (org.xwiki.security.authorization.SecurityRule)4 SecurityRuleEntry (org.xwiki.security.authorization.SecurityRuleEntry)4 HashSet (java.util.HashSet)3 DocumentReference (org.xwiki.model.reference.DocumentReference)2 SecurityAccessEntry (org.xwiki.security.authorization.SecurityAccessEntry)2 SecurityEntry (org.xwiki.security.authorization.SecurityEntry)2 SecurityShadowEntry (org.xwiki.security.authorization.cache.SecurityShadowEntry)2 AbstractSecurityRuleEntry (org.xwiki.security.authorization.internal.AbstractSecurityRuleEntry)2 ArrayDeque (java.util.ArrayDeque)1 Collection (java.util.Collection)1 LinkedList (java.util.LinkedList)1 Matcher (org.hamcrest.Matcher)1 InvocationOnMock (org.mockito.invocation.InvocationOnMock)1 WikiReference (org.xwiki.model.reference.WikiReference)1