Example 6 with AccessDeniedException
use of org.xwiki.security.authorization.AccessDeniedException in project xwiki-platform by xwiki.
the class WikiCreationJobScriptServicesTest method createWikiWhenNoCreateWikiRight.
@Test
public void createWikiWhenNoCreateWikiRight() throws Exception {
DocumentReference currentUser = new DocumentReference("xwiki", "XWiki", "User");
when(xcontext.getUserReference()).thenReturn(currentUser);
AccessDeniedException exception = new AccessDeniedException(Right.CREATE_WIKI, currentUser, new WikiReference("mainWikiId"));
doThrow(exception).when(authorizationManager).checkAccess(eq(Right.CREATE_WIKI), eq(currentUser), eq(new WikiReference("mainWikiId")));
WikiCreationRequest wikiCreationRequest = new WikiCreationRequest();
wikiCreationRequest.setExtensionId("authorized-extension", "1.0");
assertNull(mocker.getComponentUnderTest().createWiki(wikiCreationRequest));
Exception lastError = mocker.getComponentUnderTest().getLastError();
assertNotNull(lastError);
assertEquals(exception, lastError);
}
Also used :
AccessDeniedException(org.xwiki.security.authorization.AccessDeniedException)
WikiCreationRequest(org.xwiki.platform.wiki.creationjob.WikiCreationRequest)
WikiReference(org.xwiki.model.reference.WikiReference)
DocumentReference(org.xwiki.model.reference.DocumentReference)
AccessDeniedException(org.xwiki.security.authorization.AccessDeniedException)
Test(org.junit.Test)
Example 7 with AccessDeniedException
use of org.xwiki.security.authorization.AccessDeniedException in project xwiki-platform by xwiki.
the class WikiManagerScriptService method saveDescriptor.
/**
* Save the specified descriptor (if you have the right).
*
* @param descriptor descriptor to save
* @return true if it succeed
*/
public boolean saveDescriptor(WikiDescriptor descriptor) {
XWikiContext context = xcontextProvider.get();
boolean isAllowed;
try {
// Get the wiki owner
WikiDescriptor oldDescriptor = wikiDescriptorManager.getById(descriptor.getId());
WikiReference wikiReference = descriptor.getReference();
if (oldDescriptor != null) {
// Users that can edit the wiki's descriptor document are allowed to use this API as well. This
// includes global admins.
DocumentReference descriptorDocument = wikiDescriptorDocumentHelper.getDocumentReferenceFromId(oldDescriptor.getId());
isAllowed = authorizationManager.hasAccess(Right.EDIT, context.getUserReference(), descriptorDocument);
String currentOwner = oldDescriptor.getOwnerId();
if (!isAllowed) {
// The current owner can edit anything.
isAllowed = entityReferenceSerializer.serialize(context.getUserReference()).equals(currentOwner);
}
if (!isAllowed) {
// Local admins can edit the descriptor, except for the "ownerId" field, which should be
// editable only by the current owner or main wiki admins.
String newOwner = descriptor.getOwnerId();
isAllowed = authorizationManager.hasAccess(Right.ADMIN, context.getUserReference(), wikiReference) && StringUtils.equals(newOwner, currentOwner);
}
} else {
// Saving a descriptor that did not already exist should be reserved to global admins
isAllowed = authorizationManager.hasAccess(Right.ADMIN, context.getUserReference(), new WikiReference(wikiDescriptorManager.getMainWikiId()));
}
if (!isAllowed) {
// Exhausted all options. Deny access for the current user to edit the descriptor.
throw new AccessDeniedException(context.getUserReference(), wikiReference);
} else {
// Execute the operation.
wikiDescriptorManager.saveDescriptor(descriptor);
}
return true;
} catch (Exception e) {
error(e);
return false;
}
}
Also used :
AccessDeniedException(org.xwiki.security.authorization.AccessDeniedException)
XWikiContext(com.xpn.xwiki.XWikiContext)
WikiReference(org.xwiki.model.reference.WikiReference)
WikiDescriptor(org.xwiki.wiki.descriptor.WikiDescriptor)
DocumentReference(org.xwiki.model.reference.DocumentReference)
AuthorizationException(org.xwiki.security.authorization.AuthorizationException)
WikiManagerException(org.xwiki.wiki.manager.WikiManagerException)
AccessDeniedException(org.xwiki.security.authorization.AccessDeniedException)
Example 8 with AccessDeniedException
use of org.xwiki.security.authorization.AccessDeniedException in project xwiki-platform by xwiki.
the class WikiManagerScriptServiceTest method currentScriptHasNotProgrammingRight.
/**
* @return the exception expected when the current script has the not the programing right
*/
private Exception currentScriptHasNotProgrammingRight() throws AccessDeniedException {
DocumentReference authorDocRef = new DocumentReference("mainWiki", "XWiki", "Admin");
when(currentDoc.getAuthorReference()).thenReturn(authorDocRef);
DocumentReference currentDocRef = new DocumentReference("subwiki", "Test", "test");
when(currentDoc.getDocumentReference()).thenReturn(currentDocRef);
Exception exception = new AccessDeniedException(Right.PROGRAM, authorDocRef, currentDocRef);
doThrow(exception).when(authorizationManager).checkAccess(Right.PROGRAM, authorDocRef, currentDocRef);
return exception;
}
Also used :
AccessDeniedException(org.xwiki.security.authorization.AccessDeniedException)
DocumentReference(org.xwiki.model.reference.DocumentReference)
WikiManagerException(org.xwiki.wiki.manager.WikiManagerException)
AccessDeniedException(org.xwiki.security.authorization.AccessDeniedException)
Example 9 with AccessDeniedException
use of org.xwiki.security.authorization.AccessDeniedException in project xwiki-platform by xwiki.
the class WikiManagerScriptServiceTest method saveDescriptorWhenIAmNotOwnerNorLocalAdminNorGlobalAdmin.
@Test
public void saveDescriptorWhenIAmNotOwnerNorLocalAdminNorGlobalAdmin() throws Exception {
WikiDescriptor oldDescriptor = new WikiDescriptor("wikiId", "wikiAlias");
oldDescriptor.setOwnerId("SomeUser");
when(wikiDescriptorManager.getById(oldDescriptor.getId())).thenReturn(oldDescriptor);
when(authorizationManager.hasAccess(eq(Right.ADMIN), eq(currentUserRef), eq(new WikiReference("wikiId")))).thenReturn(false);
// Changing some value, not the owner.
WikiDescriptor descriptor = new WikiDescriptor(oldDescriptor.getId(), "wikiAlias");
oldDescriptor.setOwnerId(oldDescriptor.getOwnerId());
boolean result = mocker.getComponentUnderTest().saveDescriptor(descriptor);
assertFalse(result);
// The descriptor has not been saved
verify(wikiDescriptorManager, never()).saveDescriptor(descriptor);
Exception exception = new AccessDeniedException(currentUserRef, new WikiReference("wikiId"));
assertEquals(exception.getMessage(), mocker.getComponentUnderTest().getLastError().getMessage());
assertEquals(exception.getClass(), mocker.getComponentUnderTest().getLastError().getClass());
}
Also used :
AccessDeniedException(org.xwiki.security.authorization.AccessDeniedException)
WikiReference(org.xwiki.model.reference.WikiReference)
WikiDescriptor(org.xwiki.wiki.descriptor.WikiDescriptor)
WikiManagerException(org.xwiki.wiki.manager.WikiManagerException)
AccessDeniedException(org.xwiki.security.authorization.AccessDeniedException)
Test(org.junit.Test)
Example 10 with AccessDeniedException
use of org.xwiki.security.authorization.AccessDeniedException in project xwiki-platform by xwiki.
the class WikiManagerScriptServiceTest method currentUserHasNotProgrammingRight.
/**
* @return the exception expected when the current user has the not the admin right
*/
private Exception currentUserHasNotProgrammingRight() throws AccessDeniedException {
WikiReference wiki = new WikiReference("mainWiki");
Exception exception = new AccessDeniedException(Right.PROGRAM, currentUserRef, wiki);
doThrow(exception).when(authorizationManager).checkAccess(eq(Right.PROGRAM), eq(currentUserRef), eq(wiki));
return exception;
}
Also used :
AccessDeniedException(org.xwiki.security.authorization.AccessDeniedException)
WikiReference(org.xwiki.model.reference.WikiReference)
WikiManagerException(org.xwiki.wiki.manager.WikiManagerException)
AccessDeniedException(org.xwiki.security.authorization.AccessDeniedException)
Aggregations
AccessDeniedException (org.xwiki.security.authorization.AccessDeniedException)18
WikiReference (org.xwiki.model.reference.WikiReference)13
WikiManagerException (org.xwiki.wiki.manager.WikiManagerException)10
DocumentReference (org.xwiki.model.reference.DocumentReference)8
Test (org.junit.Test)5
WikiTemplateManagerException (org.xwiki.wiki.template.WikiTemplateManagerException)5
XWikiContext (com.xpn.xwiki.XWikiContext)4
WikiDescriptor (org.xwiki.wiki.descriptor.WikiDescriptor)4
WikiUserManagerException (org.xwiki.wiki.user.WikiUserManagerException)2
NotificationException (org.xwiki.notifications.NotificationException)1
WikiCreationException (org.xwiki.platform.wiki.creationjob.WikiCreationException)1
WikiCreationRequest (org.xwiki.platform.wiki.creationjob.WikiCreationRequest)1
AuthorizationException (org.xwiki.security.authorization.AuthorizationException)1
