Examples with Right org.xwiki.security.authorization.Right used on opensource projects

Search in sources :

Example 11 with Right

use of org.xwiki.security.authorization.Right in project xwiki-platform by xwiki.

the class DefaultAuthorizationSettlerTest method testSettleRightWithImpliedRights.

@Test
public void testSettleRightWithImpliedRights() throws Exception {
    SecurityRule allowImpliedADT = getMockedSecurityRule("allowImpliedADT", Arrays.asList(userRef), Arrays.asList(anotherGroupRef), Arrays.asList(impliedTestRightsADT), ALLOW);
    SecurityRule denyImpliedADT = getMockedSecurityRule("denyImpliedADT", Arrays.asList(userRef), Arrays.asList(anotherGroupRef), Arrays.asList(impliedTestRightsADT), DENY);
    SecurityRule allowImpliedDAF = getMockedSecurityRule("allowImpliedDAF", Arrays.asList(userRef), Arrays.asList(anotherGroupRef), Arrays.asList(impliedTestRightsDAF), ALLOW);
    SecurityRule denyImpliedDAF = getMockedSecurityRule("denyImpliedDAF", Arrays.asList(userRef), Arrays.asList(anotherGroupRef), Arrays.asList(impliedTestRightsDAF), DENY);
    XWikiSecurityAccess allowAccessADT = defaultAccess.clone();
    allowAccessADT.set(impliedTestRightsADT, ALLOW);
    for (Right right : allTestRights) {
        allowAccessADT.allow(right);
    }
    XWikiSecurityAccess tieADT = defaultAccess.clone();
    tieADT.set(impliedTestRightsADT, ALLOW);
    for (Right right : allTestRights) {
        tieADT.set(right, right.getTieResolutionPolicy());
    }
    XWikiSecurityAccess allowAccessDAF = defaultAccess.clone();
    allowAccessDAF.set(impliedTestRightsDAF, ALLOW);
    for (Right right : allTestRights) {
        allowAccessDAF.allow(right);
    }
    XWikiSecurityAccess denyADTAccess = defaultAccess.clone();
    denyADTAccess.deny(impliedTestRightsADT);
    XWikiSecurityAccess denyDAFAccess = defaultAccess.clone();
    denyDAFAccess.deny(impliedTestRightsDAF);
    XWikiSecurityAccess denyAccessADT = defaultAccess.clone();
    denyAccessADT.set(impliedTestRightsADT, ALLOW);
    for (Right right : allTestRights) {
        denyAccessADT.deny(right);
    }
    XWikiSecurityAccess denyAccessDAF = defaultAccess.clone();
    denyAccessDAF.set(impliedTestRightsDAF, ALLOW);
    for (Right right : allTestRights) {
        denyAccessDAF.deny(right);
    }
    assertAccess("When a right implying others rights is allowed, imply those rights (ADT)", userRef, docRef, allowAccessADT, authorizationSettler.settle(userRef, Arrays.asList(groupRef), getMockedSecurityRuleEntries("allowAccessADT", docRef, Arrays.asList(Arrays.asList(allowImpliedADT)))));
    assertAccess("When a right implying others rights is allowed, imply those rights (DAF)", userRef, docRef, allowAccessDAF, authorizationSettler.settle(userRef, Arrays.asList(groupRef), getMockedSecurityRuleEntries("allowAccessDAF", docRef, Arrays.asList(Arrays.asList(allowImpliedDAF)))));
    assertAccess("When a right implying others rights is denied, do not denied implied rights (ADT)", userRef, docRef, denyADTAccess, authorizationSettler.settle(userRef, Arrays.asList(groupRef), getMockedSecurityRuleEntries("denyAccessADT", docRef, Arrays.asList(Arrays.asList(denyImpliedADT)))));
    assertAccess("When a right implying others rights is denied, do not denied implied rights (DAF)", userRef, docRef, denyDAFAccess, authorizationSettler.settle(userRef, Arrays.asList(groupRef), getMockedSecurityRuleEntries("denyAccessDAF", docRef, Arrays.asList(Arrays.asList(denyImpliedDAF)))));
    SecurityRule allowAllTestRightsUserAndAnotherGroup = getMockedSecurityRule("allowAllTestRightsUserAndAnotherGroup", Arrays.asList(userRef), Arrays.asList(anotherGroupRef), allTestRights, ALLOW);
    SecurityRule denyAllTestRightsUserAndAnotherGroup = getMockedSecurityRule("denyAllTestRightsUserAndAnotherGroup", Arrays.asList(userRef), Arrays.asList(anotherGroupRef), allTestRights, DENY);
    SecurityRule denyAllTestRightsAnotherUserAndGroup = getMockedSecurityRule("denyAllTestRightsAnotherUserAndGroup", Arrays.asList(anotherUserRef), Arrays.asList(groupRef), allTestRights, DENY);
    Deque<SecurityRuleEntry> conflictAllowDenySameTargetADT = getMockedSecurityRuleEntries("conflictAllowDenySameTargetADT", docRef, Arrays.asList(Arrays.asList(allowImpliedADT, denyAllTestRightsUserAndAnotherGroup)));
    Deque<SecurityRuleEntry> conflictAllowDenySameTargetDAF = getMockedSecurityRuleEntries("conflictAllowDenySameTargetDAF", docRef, Arrays.asList(Arrays.asList(allowImpliedDAF, denyAllTestRightsUserAndAnotherGroup)));
    Deque<SecurityRuleEntry> conflictAllowDenyUserGroupADT = getMockedSecurityRuleEntries("conflictAllowDenyUserGroupADT", docRef, Arrays.asList(Arrays.asList(allowImpliedADT, denyAllTestRightsAnotherUserAndGroup)));
    Deque<SecurityRuleEntry> conflictAllowDenyUserGroupDAF = getMockedSecurityRuleEntries("conflictAllowDenyUserGroupDAF", docRef, Arrays.asList(Arrays.asList(allowImpliedDAF, denyAllTestRightsAnotherUserAndGroup)));
    assertAccess("When allowed implied right for user is denied for same user in another rule, use most favorable tie resolution policy (ADT)", userRef, docRef, tieADT, authorizationSettler.settle(userRef, Arrays.asList(groupRef), conflictAllowDenySameTargetADT));
    assertAccess("When allowed implied right for user is denied for same user in another rule, use most favorable tie resolution policy (DAF)", userRef, docRef, allowAccessDAF, authorizationSettler.settle(userRef, Arrays.asList(groupRef), conflictAllowDenySameTargetDAF));
    assertAccess("When allowed implied right for group is denied for same group in another rule, use most favorable tie resolution policy (ADT)", anotherUserRef, docRef, tieADT, authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), conflictAllowDenySameTargetADT));
    assertAccess("When allowed implied right for group is denied for same group in another rule, use most favorable tie resolution policy (DAF)", anotherUserRef, docRef, allowAccessDAF, authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), conflictAllowDenySameTargetDAF));
    assertAccess("When allowed implied right for user is denied for its group in another rule, allow it. (ADT)", userRef, docRef, allowAccessADT, authorizationSettler.settle(userRef, Arrays.asList(groupRef), conflictAllowDenyUserGroupADT));
    assertAccess("When allowed implied right for user is denied for its group in another rule, allow it. (DAF)", userRef, docRef, allowAccessDAF, authorizationSettler.settle(userRef, Arrays.asList(groupRef), conflictAllowDenyUserGroupDAF));
    assertAccess("When allowed implied right for group is denied for one of its user in another rule, deny it. (ADT)", anotherUserRef, docRef, denyAccessADT, authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), conflictAllowDenyUserGroupADT));
    assertAccess("When allowed implied right for group is denied for one of its user in another rule, deny it. (DAF)", anotherUserRef, docRef, denyAccessDAF, authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), conflictAllowDenyUserGroupDAF));
}
Also used : SecurityRuleEntry(org.xwiki.security.authorization.SecurityRuleEntry) Right(org.xwiki.security.authorization.Right) SecurityRule(org.xwiki.security.authorization.SecurityRule) Test(org.junit.Test)

Example 12 with Right

use of org.xwiki.security.authorization.Right in project xwiki-platform by xwiki.

the class DefaultAuthorizationSettlerTest method getMockedSecurityRule.

private SecurityRule getMockedSecurityRule(String name, Iterable<UserSecurityReference> users, Iterable<GroupSecurityReference> groups, Iterable<Right> rights, final RuleState state) {
    final SecurityRule rule = mock(SecurityRule.class, name);
    final List<Matcher<? super UserSecurityReference>> userMatchers = new ArrayList<Matcher<? super UserSecurityReference>>();
    final List<Matcher<? super GroupSecurityReference>> groupMatchers = new ArrayList<Matcher<? super GroupSecurityReference>>();
    final List<Matcher<? super Right>> rightMatchers = new ArrayList<Matcher<? super Right>>();
    for (UserSecurityReference user : users) {
        userMatchers.add(is(user));
    }
    for (GroupSecurityReference group : groups) {
        groupMatchers.add(is(group));
    }
    for (Right right : rights) {
        rightMatchers.add(is(right));
    }
    when(rule.match(argThat(anyOf(userMatchers)))).thenReturn(true);
    when(rule.match(argThat(anyOf(groupMatchers)))).thenReturn(true);
    when(rule.match(argThat(anyOf(rightMatchers)))).thenReturn(true);
    when(rule.match(argThat(not(anyOf(userMatchers))))).thenReturn(false);
    when(rule.match(argThat(not(anyOf(groupMatchers))))).thenReturn(false);
    when(rule.match(argThat(not(anyOf(rightMatchers))))).thenReturn(false);
    when(rule.getState()).thenReturn(state);
    return rule;
}
Also used : Matcher(org.hamcrest.Matcher) ArrayList(java.util.ArrayList) Right(org.xwiki.security.authorization.Right) SecurityRule(org.xwiki.security.authorization.SecurityRule) UserSecurityReference(org.xwiki.security.UserSecurityReference) GroupSecurityReference(org.xwiki.security.GroupSecurityReference)

Example 13 with Right

use of org.xwiki.security.authorization.Right in project xwiki-platform by xwiki.

the class DefaultAuthorizationSettlerTest method testSettleInheritancePolicy.

@Test
public void testSettleInheritancePolicy() throws Exception {
    SecurityRule allowAllTestRightsRulesToXuser = getMockedSecurityRule("allowAllTestRightsRulesToXuser", Arrays.asList(xuserRef), Collections.<GroupSecurityReference>emptyList(), allTestRights, ALLOW);
    SecurityRule denyAllTestRightsRulesToXuser = getMockedSecurityRule("denyAllTestRightsRulesToXuser", Arrays.asList(xuserRef), Collections.<GroupSecurityReference>emptyList(), allTestRights, DENY);
    SecurityRule allowAllTestRightsRulesToUser = getMockedSecurityRule("allowAllTestRightsRulesToUser", Arrays.asList(userRef), Collections.<GroupSecurityReference>emptyList(), allTestRights, ALLOW);
    SecurityRule denyAllTestRightsRulesToUser = getMockedSecurityRule("denyAllTestRightsRulesToUser", Arrays.asList(userRef), Collections.<GroupSecurityReference>emptyList(), allTestRights, DENY);
    SecurityRule allowAllTestRightsRulesToAnotherWikiUser = getMockedSecurityRule("allowAllTestRightsRulesToAnotherWikiUser", Arrays.asList(anotherWikiUserRef), Collections.<GroupSecurityReference>emptyList(), allTestRights, ALLOW);
    SecurityRule denyAllTestRightsRulesToAnotherWikiUser = getMockedSecurityRule("denyAllTestRightsRulesToAnotherWikiUser", Arrays.asList(anotherWikiUserRef), Collections.<GroupSecurityReference>emptyList(), allTestRights, DENY);
    Deque<SecurityRuleEntry> allowThenDenyRulesForXdocSpace = getMockedSecurityRuleEntries("allowThenDenyRulesForXdocSpace", xdocRef, Arrays.asList(Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser), Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser)));
    Deque<SecurityRuleEntry> denyThenAllowRulesForXdocSpace = getMockedSecurityRuleEntries("denyThenAllowRulesForXdocSpace", xdocRef, Arrays.asList(Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser), Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser)));
    Deque<SecurityRuleEntry> allowThenDenyRulesForDocSpace = getMockedSecurityRuleEntries("allowThenDenyRulesForDocSpace", docRef, Arrays.asList(Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser), Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser)));
    Deque<SecurityRuleEntry> denyThenAllowRulesForDocSpace = getMockedSecurityRuleEntries("denyThenAllowRulesForDocSpace", docRef, Arrays.asList(Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser), Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser)));
    Deque<SecurityRuleEntry> allowThenDenyRulesForXDocWiki = getMockedSecurityRuleEntries("allowThenDenyRulesForXDocWiki", xdocRef, Arrays.asList(Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser), Collections.<SecurityRule>emptyList(), Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser)));
    Deque<SecurityRuleEntry> denyThenAllowRulesForXdocWiki = getMockedSecurityRuleEntries("denyThenAllowRulesForXdocWiki", xdocRef, Arrays.asList(Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser), Collections.<SecurityRule>emptyList(), Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser)));
    Deque<SecurityRuleEntry> allowThenDenyRulesForDocWiki = getMockedSecurityRuleEntries("allowThenDenyRulesForDocWiki", docRef, Arrays.asList(Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser), Collections.<SecurityRule>emptyList(), Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser)));
    Deque<SecurityRuleEntry> denyThenAllowRulesForDocWiki = getMockedSecurityRuleEntries("denyThenAllowRulesForDocWiki", docRef, Arrays.asList(Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser), Collections.<SecurityRule>emptyList(), Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser)));
    Deque<SecurityRuleEntry> allowThenDenyRulesForDocXWiki = getMockedSecurityRuleEntries("allowThenDenyRulesForDocXWiki", docRef, Arrays.asList(Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser), Collections.<SecurityRule>emptyList(), Collections.<SecurityRule>emptyList(), Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser)));
    Deque<SecurityRuleEntry> denyThenAllowRulesForDocXWiki = getMockedSecurityRuleEntries("denyThenAllowRulesForDocXWiki", docRef, Arrays.asList(Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser), Collections.<SecurityRule>emptyList(), Collections.<SecurityRule>emptyList(), Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser)));
    XWikiSecurityAccess allowDenyAccess = new XWikiSecurityAccess();
    for (Right right : allTestRights) {
        allowDenyAccess.allow(right);
    }
    XWikiSecurityAccess denyAllowAccess = new XWikiSecurityAccess();
    for (Right right : allTestRights) {
        denyAllowAccess.set(right, right.getInheritanceOverridePolicy() ? DENY : ALLOW);
    }
    assertAccess("When allowed right on doc are denied on space from main wiki for main wiki user, use inheritance policy", xuserRef, xdocRef, allowDenyAccess, authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), allowThenDenyRulesForXdocSpace));
    assertAccess("When denied right on doc are allowed on space from main wiki for main wiki user, use inheritance policy", xuserRef, xdocRef, denyAllowAccess, authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), denyThenAllowRulesForXdocSpace));
    assertAccess("When allowed right on doc are denied on space from local wiki for main wiki user, use inheritance policy", xuserRef, docRef, allowDenyAccess, authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), allowThenDenyRulesForDocSpace));
    assertAccess("When denied right on doc are allowed on space from local wiki for main wiki user, use inheritance policy", xuserRef, docRef, denyAllowAccess, authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), denyThenAllowRulesForDocSpace));
    assertAccess("When allowed right on doc are denied on space from local wiki for local wiki user, use inheritance policy", userRef, docRef, allowDenyAccess, authorizationSettler.settle(userRef, Collections.<GroupSecurityReference>emptyList(), allowThenDenyRulesForDocSpace));
    assertAccess("When denied right on doc are allowed on space from local wiki for local wiki user, use inheritance policy", userRef, docRef, denyAllowAccess, authorizationSettler.settle(userRef, Collections.<GroupSecurityReference>emptyList(), denyThenAllowRulesForDocSpace));
    assertAccess("When allowed right on doc are denied on space from local wiki for another wiki user, use inheritance policy", anotherWikiUserRef, docRef, allowDenyAccess, authorizationSettler.settle(anotherWikiUserRef, Collections.<GroupSecurityReference>emptyList(), allowThenDenyRulesForDocSpace));
    assertAccess("When denied right on doc are allowed on space from local wiki for another wiki user, use inheritance policy", anotherWikiUserRef, docRef, denyAllowAccess, authorizationSettler.settle(anotherWikiUserRef, Collections.<GroupSecurityReference>emptyList(), denyThenAllowRulesForDocSpace));
    // 
    assertAccess("When allowed right on doc are denied on wiki from main wiki for main wiki user, use inheritance policy", xuserRef, xdocRef, allowDenyAccess, authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), allowThenDenyRulesForXDocWiki));
    assertAccess("When denied right on doc are allowed on wiki from main wiki for main wiki user, use inheritance policy", xuserRef, xdocRef, denyAllowAccess, authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), denyThenAllowRulesForXdocWiki));
    assertAccess("When allowed right on doc are denied on wiki from local wiki for main wiki user, use inheritance policy", xuserRef, docRef, allowDenyAccess, authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), allowThenDenyRulesForDocWiki));
    assertAccess("When denied right on doc are allowed on wiki from local wiki for main wiki user, use inheritance policy", xuserRef, docRef, denyAllowAccess, authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), denyThenAllowRulesForDocWiki));
    assertAccess("When allowed right on doc are denied on wiki from local wiki for local wiki user, use inheritance policy", userRef, docRef, allowDenyAccess, authorizationSettler.settle(userRef, Collections.<GroupSecurityReference>emptyList(), allowThenDenyRulesForDocWiki));
    assertAccess("When denied right on doc are allowed on wiki from local wiki for local wiki user, use inheritance policy", userRef, docRef, denyAllowAccess, authorizationSettler.settle(userRef, Collections.<GroupSecurityReference>emptyList(), denyThenAllowRulesForDocWiki));
    assertAccess("When allowed right on doc are denied on wiki from local wiki for another wiki user, use inheritance policy", anotherWikiUserRef, docRef, allowDenyAccess, authorizationSettler.settle(anotherWikiUserRef, Collections.<GroupSecurityReference>emptyList(), allowThenDenyRulesForDocWiki));
    assertAccess("When denied right on doc are allowed on wiki from local wiki for another wiki user, use inheritance policy", anotherWikiUserRef, docRef, denyAllowAccess, authorizationSettler.settle(anotherWikiUserRef, Collections.<GroupSecurityReference>emptyList(), denyThenAllowRulesForDocWiki));
    // 
    assertAccess("When allowed right on doc are denied on main wiki from local wiki for local wiki user, use inheritance policy", userRef, docRef, allowDenyAccess, authorizationSettler.settle(userRef, Collections.<GroupSecurityReference>emptyList(), allowThenDenyRulesForDocXWiki));
    assertAccess("When denied right on doc are allowed on main wiki from local wiki for local wiki user, use inheritance policy", userRef, docRef, denyAllowAccess, authorizationSettler.settle(userRef, Collections.<GroupSecurityReference>emptyList(), denyThenAllowRulesForDocXWiki));
    assertAccess("When allowed right on doc are denied on main wiki from local wiki for another wiki user, use inheritance policy", anotherWikiUserRef, docRef, allowDenyAccess, authorizationSettler.settle(anotherWikiUserRef, Collections.<GroupSecurityReference>emptyList(), allowThenDenyRulesForDocXWiki));
    assertAccess("When denied right on doc are allowed on main wiki from local wiki for another wiki user, use inheritance policy", anotherWikiUserRef, docRef, denyAllowAccess, authorizationSettler.settle(anotherWikiUserRef, Collections.<GroupSecurityReference>emptyList(), denyThenAllowRulesForDocXWiki));
}
Also used : SecurityRuleEntry(org.xwiki.security.authorization.SecurityRuleEntry) Right(org.xwiki.security.authorization.Right) SecurityRule(org.xwiki.security.authorization.SecurityRule) GroupSecurityReference(org.xwiki.security.GroupSecurityReference) Test(org.junit.Test)

Example 14 with Right

use of org.xwiki.security.authorization.Right in project xwiki-platform by xwiki.

the class DefaultAuthorizationSettler method settle.

@Override
protected XWikiSecurityAccess settle(UserSecurityReference user, Collection<GroupSecurityReference> groups, SecurityRuleEntry entry, Policies policies) {
    Set<Right> enabledRights = Right.getEnabledRights(entry.getReference().getSecurityType());
    Set<Right> fromUser = new RightSet();
    Set<Right> allowed = new RightSet();
    XWikiSecurityAccess access = new XWikiSecurityAccess();
    // Evaluate rules from current entity
    for (Right right : enabledRights) {
        for (SecurityRule rule : entry.getRules()) {
            if (rule.match(right)) {
                if (rule.getState() == ALLOW) {
                    allowed.add(right);
                }
                resolveLevel(right, user, groups, rule, access, policies, fromUser);
                if (access.get(right) == ALLOW) {
                    implyRights(right, access, enabledRights, policies, fromUser);
                }
            }
        }
    }
    // The same behavior as the old implementation. I.e., an allow means implicit deny for everyone else.
    for (Right right : allowed) {
        if (access.get(right) == UNDETERMINED) {
            access.deny(right);
        }
    }
    return access;
}
Also used : RightSet(org.xwiki.security.authorization.RightSet) Right(org.xwiki.security.authorization.Right) SecurityRule(org.xwiki.security.authorization.SecurityRule)

Example 15 with Right

use of org.xwiki.security.authorization.Right in project xwiki-platform by xwiki.

the class PrioritizingAuthorizationSettler method implyRights.

/**
 * Add implied rights of the given right into the current access.
 *
 * @param right the right to imply right for.
 * @param access the access to be augmented (modified and returned).
 * @param reference the reference to imply rights for.
 * @param policies the current security policies.
 * @param priorities A map of current priorities of each rights in the current accumulated access result.
 */
private void implyRights(Right right, XWikiSecurityAccess access, SecurityReference reference, Policies policies, Map<Right, Integer> priorities) {
    Set<Right> impliedRights = right.getImpliedRights();
    if (impliedRights != null) {
        for (Right enabledRight : Right.getEnabledRights(reference.getSecurityType())) {
            if (impliedRights.contains(enabledRight)) {
                // set the policies of the implied right to the policies of the original right
                policies.set(enabledRight, right);
                resolveConflict(ALLOW, enabledRight, access, policies, priorities.get(right), priorities);
            }
        }
    }
}
Also used : Right(org.xwiki.security.authorization.Right)

Aggregations

Right (org.xwiki.security.authorization.Right)17 SecurityRule (org.xwiki.security.authorization.SecurityRule)6 Test (org.junit.Test)5 GroupSecurityReference (org.xwiki.security.GroupSecurityReference)4 ArrayList (java.util.ArrayList)3 DocumentReference (org.xwiki.model.reference.DocumentReference)3 EntityReference (org.xwiki.model.reference.EntityReference)3 SecurityRuleEntry (org.xwiki.security.authorization.SecurityRuleEntry)3 EntityType (org.xwiki.model.EntityType)2 WikiReference (org.xwiki.model.reference.WikiReference)2 UserSecurityReference (org.xwiki.security.UserSecurityReference)2 XWiki (com.xpn.xwiki.XWiki)1 XWikiContext (com.xpn.xwiki.XWikiContext)1 XWikiException (com.xpn.xwiki.XWikiException)1 Document (com.xpn.xwiki.api.Document)1 XWikiDocument (com.xpn.xwiki.doc.XWikiDocument)1 BaseObject (com.xpn.xwiki.objects.BaseObject)1 Type (java.lang.reflect.Type)1 Comparator (java.util.Comparator)1 List (java.util.List)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial