Examples with Right org.xwiki.security.authorization.Right used on opensource projects

Search in sources :

Example 1 with Right

use of org.xwiki.security.authorization.Right in project xwiki-platform by xwiki.

the class XWikiCachingRightService method hasAccessLevel.

@Override
public boolean hasAccessLevel(String rightName, String username, String docname, XWikiContext context) throws XWikiException {
    WikiReference wikiReference = new WikiReference(context.getWikiId());
    DocumentReference document = resolveDocumentName(docname, wikiReference);
    LOGGER.debug("hasAccessLevel() resolved document named [{}] into reference [{}]", docname, document);
    DocumentReference user = resolveUserName(username, wikiReference);
    if (user != null && XWikiConstants.GUEST_USER.equals(user.getName())) {
        // Public users (not logged in) should be passed as null in the new API
        user = null;
    }
    Right right = Right.toRight(rightName);
    return authorizationManager.hasAccess(right, user, document);
}
Also used : Right(org.xwiki.security.authorization.Right) WikiReference(org.xwiki.model.reference.WikiReference) DocumentReference(org.xwiki.model.reference.DocumentReference)

Example 2 with Right

use of org.xwiki.security.authorization.Right in project xwiki-platform by xwiki.

the class TestDefinitionParserTest method testDefinitionTestParser.

@Test
public void testDefinitionTestParser() throws Exception {
    TestDefinitionParser parser = new DefaultTestDefinitionParser();
    EntityReferenceResolver<String> resolver = componentManager.getInstance(EntityReferenceResolver.TYPE_STRING);
    EntityReferenceSerializer<String> serializer = componentManager.getInstance(EntityReferenceSerializer.TYPE_STRING);
    TestDefinition testDefinition = parser.parse("testwikis" + File.separatorChar + "parserTester.xml", resolver, serializer);
    Collection<TestWiki> testWikis = testDefinition.getWikis();
    assertThat("There should be some wikis", testWikis, notNullValue());
    assertThat("The wikis count should be 3", testWikis.size(), equalTo(3));
    TestWiki mainwiki = testDefinition.getMainWiki();
    assertThat("Main wiki should be defined", mainwiki, notNullValue());
    assertThat("Main wiki should be named 'wiki'", mainwiki.getWikiReference(), equalTo(new WikiReference("wiki")));
    assertThat("Main wiki should be main wiki", mainwiki.isMainWiki(), is(true));
    assertThat("Main wiki owner should be XWiki.Admin", mainwiki.getOwner(), equalTo(new DocumentReference("wiki", "XWiki", "Admin")));
    assertThat("Main wiki should have 4 users (2 groups, and 2 users)", mainwiki.getUsers().size(), equalTo(4));
    assertThat("Main wiki should have 2 groups", mainwiki.getGroups().size(), equalTo(2));
    assertThat("Main wiki should have a groupA", mainwiki.getGroup("groupA"), notNullValue());
    assertThat("Main wiki should have a userA", mainwiki.getUser("userA"), notNullValue());
    Collection<TestGroup> groups = mainwiki.getUser("userA").getGroups();
    assertThat("UserA of Main wiki should be in 2 groups", groups.size(), equalTo(2));
    List<DocumentReference> groupRefs = new ArrayList<DocumentReference>();
    for (TestGroup group : groups) {
        groupRefs.add(group.getGroupReference());
    }
    assertThat("User A is in GroupA of the main wiki and the subwiki", groupRefs, hasItems(new DocumentReference("wiki", "XWiki", "groupA"), new DocumentReference("wiki1", "XWiki", "groupA")));
    Collection<TestAccessRule> rules = mainwiki.getAccessRules();
    assertThat("There must be 26 access rules on main wiki", rules.size(), equalTo(26));
    List<DocumentReference> userRefs = new ArrayList<DocumentReference>();
    List<Right> rights = new ArrayList<Right>();
    List<RuleState> states = new ArrayList<RuleState>();
    for (TestAccessRule rule : rules) {
        userRefs.add(rule.getUser());
        rights.add(rule.getRight());
        states.add(rule.getState());
    }
    assertThat("Users in access rules of main wiki mismatch", userRefs, hasItems(new DocumentReference("wiki", "XWiki", "userA"), new DocumentReference("wiki", "XWiki", "userB"), new DocumentReference("wiki", "XWiki", "groupA"), new DocumentReference("wiki", "XWiki", "groupB")));
    assertThat("Rights in access rules of main wiki mismatch", rights, hasItems(Right.VIEW, Right.LOGIN, Right.EDIT, Right.COMMENT, Right.DELETE, Right.REGISTER, Right.ADMIN, Right.PROGRAM));
    assertThat("State in access rules of main wiki mismatch", states, hasItems(RuleState.ALLOW, RuleState.DENY));
    assertThat("Main wiki should have 3 spaces (2 plus XWiki)", mainwiki.getSpaces().size(), equalTo(3));
    TestSpace space = mainwiki.getSpace("space1");
    assertThat("Main wiki should have a space named 'space1'", space, notNullValue());
    assertThat("'space1' of main wiki should have description 'space 1'", space.getDescription(), equalTo("space 1"));
    rules = space.getAccessRules();
    assertThat("There must be 8 access rules on space 1", rules.size(), equalTo(8));
    userRefs = new ArrayList<DocumentReference>();
    rights = new ArrayList<Right>();
    states = new ArrayList<RuleState>();
    for (TestAccessRule rule : rules) {
        userRefs.add(rule.getUser());
        rights.add(rule.getRight());
        states.add(rule.getState());
    }
    assertThat("Users in access rules of space 1 of main wiki mismatch", userRefs, hasItems(new DocumentReference("wiki", "XWiki", "userA"), new DocumentReference("wiki", "XWiki", "userB"), new DocumentReference("wiki", "XWiki", "groupB")));
    assertThat("Rights in access rules of space 1 of main wiki mismatch", rights, hasItems(Right.VIEW, Right.EDIT, Right.COMMENT, Right.DELETE, Right.ADMIN));
    assertThat("State in access rules of space 1 of main wiki mismatch", states, hasItems(RuleState.DENY));
    assertThat("Space 1 of main wiki should have 2 documents", space.getDocuments().size(), equalTo(2));
    TestDocument document = space.getDocument("document1");
    assertThat("Space 1 of main wiki should have a document named 'document1'", document, notNullValue());
    assertThat("'document1' of 'space1' of main wiki should have description 'Document 1'", document.getDescription(), equalTo("Document 1"));
    rules = document.getAccessRules();
    assertThat("There must be 7 access rules on document 1", rules.size(), equalTo(7));
    userRefs = new ArrayList<DocumentReference>();
    rights = new ArrayList<Right>();
    states = new ArrayList<RuleState>();
    for (TestAccessRule rule : rules) {
        userRefs.add(rule.getUser());
        rights.add(rule.getRight());
        states.add(rule.getState());
    }
    assertThat("Users in access rules of document 1 of space 1 of main wiki mismatch", userRefs, hasItems(new DocumentReference("wiki", "XWiki", "userA"), new DocumentReference("wiki", "XWiki", "userB"), new DocumentReference("wiki", "XWiki", "groupA")));
    assertThat("Rights in access rules of document 1 of space 1 of main wiki mismatch", rights, hasItems(Right.VIEW, Right.EDIT, Right.COMMENT, Right.DELETE));
    assertThat("State in access rules of document 1 of space 1 of main wiki mismatch", states, hasItems(RuleState.ALLOW));
}
Also used : RuleState(org.xwiki.security.authorization.RuleState) TestWiki(org.xwiki.security.authorization.testwikis.TestWiki) ArrayList(java.util.ArrayList) Right(org.xwiki.security.authorization.Right) TestDocument(org.xwiki.security.authorization.testwikis.TestDocument) TestSpace(org.xwiki.security.authorization.testwikis.TestSpace) DocumentReference(org.xwiki.model.reference.DocumentReference) TestDefinition(org.xwiki.security.authorization.testwikis.TestDefinition) TestGroup(org.xwiki.security.authorization.testwikis.TestGroup) TestAccessRule(org.xwiki.security.authorization.testwikis.TestAccessRule) WikiReference(org.xwiki.model.reference.WikiReference) TestDefinitionParser(org.xwiki.security.authorization.testwikis.TestDefinitionParser) Test(org.junit.Test)

Example 3 with Right

use of org.xwiki.security.authorization.Right in project xwiki-platform by xwiki.

the class TestAccessRuleFactory method getNewInstance.

@Override
TestAccessRule getNewInstance(ElementParser parser, String name, TestEntity parent, Attributes attributes) {
    EntityReference userRef = parser.getResolver().resolve(attributes.getValue("name"), DefaultTestDocument.TYPE, new EntityReference(XWikiConstants.XWIKI_SPACE, EntityType.SPACE, parent.getReference().getRoot()));
    Boolean allow = name.startsWith("allow");
    String type = attributes.getValue("type");
    String user = parser.getSerializer().serialize(userRef);
    Boolean isUser = name.endsWith("User");
    if (type != null) {
        Right right = Right.toRight(type);
        new DefaultTestAccessRule(user, userRef, right, allow, isUser, parent);
    } else {
        EntityType parentType = parent.getType();
        if (parentType == EntityType.WIKI && ((TestWiki) parent).isMainWiki()) {
            // Null here means root (or farm)
            parentType = null;
        }
        for (Right right : Right.getEnabledRights(parentType)) {
            if (right != Right.CREATOR) {
                new DefaultTestAccessRule(user, userRef, right, allow, isUser, parent);
            }
        }
    }
    return null;
}
Also used : EntityType(org.xwiki.model.EntityType) DefaultTestAccessRule(org.xwiki.security.authorization.testwikis.internal.entities.DefaultTestAccessRule) EntityReference(org.xwiki.model.reference.EntityReference) Right(org.xwiki.security.authorization.Right)

Example 4 with Right

use of org.xwiki.security.authorization.Right in project xwiki-platform by xwiki.

the class DefaultAuthorizationSettlerTest method testSettleTieResolutionPolicy.

@Test
public void testSettleTieResolutionPolicy() throws Exception {
    SecurityRule allowAllTestRightsUserAndAnotherGroup = getMockedSecurityRule("allowAllTestRightsUserAndAnotherGroup", Arrays.asList(userRef), Arrays.asList(anotherGroupRef), allTestRights, ALLOW);
    SecurityRule denyAllTestRightsUserAndAnotherGroup = getMockedSecurityRule("denyAllTestRightsUserAndAnotherGroup", Arrays.asList(userRef), Arrays.asList(anotherGroupRef), allTestRights, DENY);
    SecurityRule denyAllTestRightsAnotherUserAndGroup = getMockedSecurityRule("denyAllTestRightsAnotherUserAndGroup", Arrays.asList(anotherUserRef), Arrays.asList(groupRef), allTestRights, DENY);
    Deque<SecurityRuleEntry> conflictAllowDenySameTarget = getMockedSecurityRuleEntries("conflictAllowDenySameTarget", docRef, Arrays.asList(Arrays.asList(allowAllTestRightsUserAndAnotherGroup, denyAllTestRightsUserAndAnotherGroup)));
    Deque<SecurityRuleEntry> conflictDenyAllowSameTarget = getMockedSecurityRuleEntries("conflictDenyAllowSameTarget", docRef, Arrays.asList(Arrays.asList(denyAllTestRightsUserAndAnotherGroup, allowAllTestRightsUserAndAnotherGroup)));
    Deque<SecurityRuleEntry> conflictAllowDenyUserGroup = getMockedSecurityRuleEntries("conflictAllowDenyUserGroup", docRef, Arrays.asList(Arrays.asList(allowAllTestRightsUserAndAnotherGroup, denyAllTestRightsAnotherUserAndGroup)));
    Deque<SecurityRuleEntry> conflictDenyAllowUserGroup = getMockedSecurityRuleEntries("conflictDenyAllowUserGroup", docRef, Arrays.asList(Arrays.asList(denyAllTestRightsAnotherUserAndGroup, allowAllTestRightsUserAndAnotherGroup)));
    XWikiSecurityAccess allowAccess = defaultAccess.clone();
    for (Right right : allTestRights) {
        allowAccess.allow(right);
    }
    XWikiSecurityAccess denyAccess = defaultAccess.clone();
    for (Right right : allTestRights) {
        denyAccess.deny(right);
    }
    XWikiSecurityAccess tieAccess = defaultAccess.clone();
    for (Right right : allTestRights) {
        tieAccess.set(right, right.getTieResolutionPolicy());
    }
    assertAccess("When allowed right for user is denied for same user in another rule, use tie resolution policy", userRef, docRef, tieAccess, authorizationSettler.settle(userRef, Arrays.asList(groupRef), conflictAllowDenySameTarget));
    assertAccess("When denied right for user is allowed for same user in another rule, use tie resolution policy", userRef, docRef, tieAccess, authorizationSettler.settle(userRef, Arrays.asList(groupRef), conflictDenyAllowSameTarget));
    assertAccess("When allowed right for group is denied for same group in another rule, use tie resolution policy", anotherUserRef, docRef, tieAccess, authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), conflictAllowDenySameTarget));
    assertAccess("When denied right for group is allowed for same group in another rule, use tie resolution policy", anotherUserRef, docRef, tieAccess, authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), conflictDenyAllowSameTarget));
    assertAccess("When allowed right for user is denied for its group in another rule, allow it.", userRef, docRef, allowAccess, authorizationSettler.settle(userRef, Arrays.asList(groupRef), conflictAllowDenyUserGroup));
    assertAccess("When allowed right for group is denied for one of its user in another rule, deny it.", anotherUserRef, docRef, denyAccess, authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), conflictAllowDenyUserGroup));
    assertAccess("When denied right for group is allowed for one of its user in another rule, allow it.", userRef, docRef, allowAccess, authorizationSettler.settle(userRef, Arrays.asList(groupRef), conflictDenyAllowUserGroup));
    assertAccess("When denied right for user is allowed for its group in another rule, deny it.", anotherUserRef, docRef, denyAccess, authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), conflictDenyAllowUserGroup));
}
Also used : SecurityRuleEntry(org.xwiki.security.authorization.SecurityRuleEntry) Right(org.xwiki.security.authorization.Right) SecurityRule(org.xwiki.security.authorization.SecurityRule) Test(org.junit.Test)

Example 5 with Right

use of org.xwiki.security.authorization.Right in project xwiki-platform by xwiki.

the class DefaultAuthorizationSettlerTest method testSettleNewRightJustAdded.

@Test
public void testSettleNewRightJustAdded() throws Exception {
    Right newRight = getNewTestRight("RightAddedLater", DENY, DENY, true);
    XWikiSecurityAccess defaultNewRight = defaultAccess.clone();
    defaultNewRight.allow(newRight);
    assertAccess("Allow a new right just added now", userRef, docRef, defaultNewRight, authorizationSettler.settle(userRef, Arrays.asList(groupRef), getMockedSecurityRuleEntries("onlyNewRight", docRef, Arrays.asList(Arrays.asList(getMockedSecurityRule("onlyNewRight", Arrays.asList(userRef), Collections.<GroupSecurityReference>emptyList(), Arrays.asList(newRight), RuleState.ALLOW))))));
}
Also used : Right(org.xwiki.security.authorization.Right) GroupSecurityReference(org.xwiki.security.GroupSecurityReference) Test(org.junit.Test)

Aggregations

Right (org.xwiki.security.authorization.Right)17 SecurityRule (org.xwiki.security.authorization.SecurityRule)6 Test (org.junit.Test)5 GroupSecurityReference (org.xwiki.security.GroupSecurityReference)4 ArrayList (java.util.ArrayList)3 DocumentReference (org.xwiki.model.reference.DocumentReference)3 EntityReference (org.xwiki.model.reference.EntityReference)3 SecurityRuleEntry (org.xwiki.security.authorization.SecurityRuleEntry)3 EntityType (org.xwiki.model.EntityType)2 WikiReference (org.xwiki.model.reference.WikiReference)2 UserSecurityReference (org.xwiki.security.UserSecurityReference)2 XWiki (com.xpn.xwiki.XWiki)1 XWikiContext (com.xpn.xwiki.XWikiContext)1 XWikiException (com.xpn.xwiki.XWikiException)1 Document (com.xpn.xwiki.api.Document)1 XWikiDocument (com.xpn.xwiki.doc.XWikiDocument)1 BaseObject (com.xpn.xwiki.objects.BaseObject)1 Type (java.lang.reflect.Type)1 Comparator (java.util.Comparator)1 List (java.util.List)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial