Examples with RuleState org.xwiki.security.authorization.RuleState used on opensource projects

Example 1 with RuleState

use of org.xwiki.security.authorization.RuleState in project xwiki-platform by xwiki.

the class TestDefinitionParserTest method testDefinitionTestParser.

@Test
public void testDefinitionTestParser() throws Exception {
    TestDefinitionParser parser = new DefaultTestDefinitionParser();
    EntityReferenceResolver<String> resolver = componentManager.getInstance(EntityReferenceResolver.TYPE_STRING);
    EntityReferenceSerializer<String> serializer = componentManager.getInstance(EntityReferenceSerializer.TYPE_STRING);
    TestDefinition testDefinition = parser.parse("testwikis" + File.separatorChar + "parserTester.xml", resolver, serializer);
    Collection<TestWiki> testWikis = testDefinition.getWikis();
    assertThat("There should be some wikis", testWikis, notNullValue());
    assertThat("The wikis count should be 3", testWikis.size(), equalTo(3));
    TestWiki mainwiki = testDefinition.getMainWiki();
    assertThat("Main wiki should be defined", mainwiki, notNullValue());
    assertThat("Main wiki should be named 'wiki'", mainwiki.getWikiReference(), equalTo(new WikiReference("wiki")));
    assertThat("Main wiki should be main wiki", mainwiki.isMainWiki(), is(true));
    assertThat("Main wiki owner should be XWiki.Admin", mainwiki.getOwner(), equalTo(new DocumentReference("wiki", "XWiki", "Admin")));
    assertThat("Main wiki should have 4 users (2 groups, and 2 users)", mainwiki.getUsers().size(), equalTo(4));
    assertThat("Main wiki should have 2 groups", mainwiki.getGroups().size(), equalTo(2));
    assertThat("Main wiki should have a groupA", mainwiki.getGroup("groupA"), notNullValue());
    assertThat("Main wiki should have a userA", mainwiki.getUser("userA"), notNullValue());
    Collection<TestGroup> groups = mainwiki.getUser("userA").getGroups();
    assertThat("UserA of Main wiki should be in 2 groups", groups.size(), equalTo(2));
    List<DocumentReference> groupRefs = new ArrayList<DocumentReference>();
    for (TestGroup group : groups) {
        groupRefs.add(group.getGroupReference());
    }
    assertThat("User A is in GroupA of the main wiki and the subwiki", groupRefs, hasItems(new DocumentReference("wiki", "XWiki", "groupA"), new DocumentReference("wiki1", "XWiki", "groupA")));
    Collection<TestAccessRule> rules = mainwiki.getAccessRules();
    assertThat("There must be 26 access rules on main wiki", rules.size(), equalTo(26));
    List<DocumentReference> userRefs = new ArrayList<DocumentReference>();
    List<Right> rights = new ArrayList<Right>();
    List<RuleState> states = new ArrayList<RuleState>();
    for (TestAccessRule rule : rules) {
        userRefs.add(rule.getUser());
        rights.add(rule.getRight());
        states.add(rule.getState());
    }
    assertThat("Users in access rules of main wiki mismatch", userRefs, hasItems(new DocumentReference("wiki", "XWiki", "userA"), new DocumentReference("wiki", "XWiki", "userB"), new DocumentReference("wiki", "XWiki", "groupA"), new DocumentReference("wiki", "XWiki", "groupB")));
    assertThat("Rights in access rules of main wiki mismatch", rights, hasItems(Right.VIEW, Right.LOGIN, Right.EDIT, Right.COMMENT, Right.DELETE, Right.REGISTER, Right.ADMIN, Right.PROGRAM));
    assertThat("State in access rules of main wiki mismatch", states, hasItems(RuleState.ALLOW, RuleState.DENY));
    assertThat("Main wiki should have 3 spaces (2 plus XWiki)", mainwiki.getSpaces().size(), equalTo(3));
    TestSpace space = mainwiki.getSpace("space1");
    assertThat("Main wiki should have a space named 'space1'", space, notNullValue());
    assertThat("'space1' of main wiki should have description 'space 1'", space.getDescription(), equalTo("space 1"));
    rules = space.getAccessRules();
    assertThat("There must be 8 access rules on space 1", rules.size(), equalTo(8));
    userRefs = new ArrayList<DocumentReference>();
    rights = new ArrayList<Right>();
    states = new ArrayList<RuleState>();
    for (TestAccessRule rule : rules) {
        userRefs.add(rule.getUser());
        rights.add(rule.getRight());
        states.add(rule.getState());
    }
    assertThat("Users in access rules of space 1 of main wiki mismatch", userRefs, hasItems(new DocumentReference("wiki", "XWiki", "userA"), new DocumentReference("wiki", "XWiki", "userB"), new DocumentReference("wiki", "XWiki", "groupB")));
    assertThat("Rights in access rules of space 1 of main wiki mismatch", rights, hasItems(Right.VIEW, Right.EDIT, Right.COMMENT, Right.DELETE, Right.ADMIN));
    assertThat("State in access rules of space 1 of main wiki mismatch", states, hasItems(RuleState.DENY));
    assertThat("Space 1 of main wiki should have 2 documents", space.getDocuments().size(), equalTo(2));
    TestDocument document = space.getDocument("document1");
    assertThat("Space 1 of main wiki should have a document named 'document1'", document, notNullValue());
    assertThat("'document1' of 'space1' of main wiki should have description 'Document 1'", document.getDescription(), equalTo("Document 1"));
    rules = document.getAccessRules();
    assertThat("There must be 7 access rules on document 1", rules.size(), equalTo(7));
    userRefs = new ArrayList<DocumentReference>();
    rights = new ArrayList<Right>();
    states = new ArrayList<RuleState>();
    for (TestAccessRule rule : rules) {
        userRefs.add(rule.getUser());
        rights.add(rule.getRight());
        states.add(rule.getState());
    }
    assertThat("Users in access rules of document 1 of space 1 of main wiki mismatch", userRefs, hasItems(new DocumentReference("wiki", "XWiki", "userA"), new DocumentReference("wiki", "XWiki", "userB"), new DocumentReference("wiki", "XWiki", "groupA")));
    assertThat("Rights in access rules of document 1 of space 1 of main wiki mismatch", rights, hasItems(Right.VIEW, Right.EDIT, Right.COMMENT, Right.DELETE));
    assertThat("State in access rules of document 1 of space 1 of main wiki mismatch", states, hasItems(RuleState.ALLOW));
}

Example 2 with RuleState

use of org.xwiki.security.authorization.RuleState in project xwiki-platform by xwiki.

the class DefaultAuthorizationSettler method resolveLevel.

/**
 * Update the resulting {@code access} to include the rule state defined by the given {@link SecurityRule}
 * for the given user and group, and the requested {@link Right}.
 *
 * @param right The right to settle.
 * @param user The user to check.
 * @param groups The groups where the user is a member.
 * @param rule The currently considered rule.
 * @param access The accumulated access result.
 * @param policies the current security policies.
 * @param fromUser the set of right that have been set by a user rule.
 */
private void resolveLevel(Right right, UserSecurityReference user, Collection<GroupSecurityReference> groups, SecurityRule rule, XWikiSecurityAccess access, Policies policies, Set<Right> fromUser) {
    RuleState state = rule.getState();
    if (state == UNDETERMINED) {
        return;
    }
    if (rule.match(user)) {
        if (!fromUser.contains(right)) {
            // User right win over group right
            access.set(right, state);
            fromUser.add(right);
        } else {
            // Conflict between user rights
            resolveConflict(state, right, access, policies);
        }
    } else if (!fromUser.contains(right)) {
        for (GroupSecurityReference group : groups) {
            if (rule.match(group)) {
                // Conflict between group rights
                resolveConflict(state, right, access, policies);
                break;
            }
        }
    }
}