use of org.xwiki.wiki.descriptor.WikiDescriptor in project xwiki-platform by xwiki.
the class WikiManagerScriptService method canDeleteWiki.
/**
* Test if a given user can delete a given wiki.
*
* @param userId the id of the user to test
* @param wikiId the id of the wiki
* @return whether or not the user can delete the specified wiki
*/
public boolean canDeleteWiki(String userId, String wikiId) {
try {
// Get target wiki descriptor
WikiDescriptor descriptor = wikiDescriptorManager.getById(wikiId);
if (descriptor == null) {
error(new Exception(String.format("Could not find descriptor for wiki [%s]]", wikiId)));
return false;
}
// Get the full reference of the given user
DocumentReference userReference = documentReferenceResolver.resolve(userId);
String fullUserId = entityReferenceSerializer.serialize(userReference);
// If the user is the owner
String owner = descriptor.getOwnerId();
if (fullUserId.equals(owner)) {
return true;
}
// If the user is an admin
WikiReference wikiReference = new WikiReference(wikiId);
if (authorizationManager.hasAccess(Right.ADMIN, userReference, wikiReference)) {
return true;
}
} catch (WikiManagerException e) {
error(String.format("Error while getting the descriptor of wiki [%s]", wikiId), e);
}
return false;
}
use of org.xwiki.wiki.descriptor.WikiDescriptor in project xwiki-platform by xwiki.
the class WikiManagerScriptService method createWiki.
/**
* Create a new wiki.
*
* @param wikiId unique identifier of the new wiki
* @param wikiAlias default alias of the new wiki
* @param ownerId Id of the user that will own the wiki
* @param failOnExist Fail the operation if the wiki id already exists
* @return the wiki descriptor of the new wiki, or null if problems occur
*/
public WikiDescriptor createWiki(String wikiId, String wikiAlias, String ownerId, boolean failOnExist) {
WikiDescriptor descriptor = null;
XWikiContext context = xcontextProvider.get();
try {
// Check if the current script has the programing rights
checkProgrammingRights();
// Check right access
WikiReference mainWikiReference = new WikiReference(getMainWikiId());
authorizationManager.checkAccess(Right.CREATE_WIKI, context.getUserReference(), mainWikiReference);
if (!failOnExist) {
authorizationManager.checkAccess(Right.PROGRAM, context.getUserReference(), mainWikiReference);
}
// Create the wiki
descriptor = wikiManager.create(wikiId, wikiAlias, failOnExist);
// Set the owner
descriptor.setOwnerId(ownerId);
wikiDescriptorManager.saveDescriptor(descriptor);
} catch (Exception e) {
error(e);
}
return descriptor;
}
use of org.xwiki.wiki.descriptor.WikiDescriptor in project xwiki-platform by xwiki.
the class WikiManagerScriptService method saveDescriptor.
/**
* Save the specified descriptor (if you have the right).
*
* @param descriptor descriptor to save
* @return true if it succeed
*/
public boolean saveDescriptor(WikiDescriptor descriptor) {
XWikiContext context = xcontextProvider.get();
boolean isAllowed;
try {
// Get the wiki owner
WikiDescriptor oldDescriptor = wikiDescriptorManager.getById(descriptor.getId());
WikiReference wikiReference = descriptor.getReference();
if (oldDescriptor != null) {
// Users that can edit the wiki's descriptor document are allowed to use this API as well. This
// includes global admins.
DocumentReference descriptorDocument = wikiDescriptorDocumentHelper.getDocumentReferenceFromId(oldDescriptor.getId());
isAllowed = authorizationManager.hasAccess(Right.EDIT, context.getUserReference(), descriptorDocument);
String currentOwner = oldDescriptor.getOwnerId();
if (!isAllowed) {
// The current owner can edit anything.
isAllowed = entityReferenceSerializer.serialize(context.getUserReference()).equals(currentOwner);
}
if (!isAllowed) {
// Local admins can edit the descriptor, except for the "ownerId" field, which should be
// editable only by the current owner or main wiki admins.
String newOwner = descriptor.getOwnerId();
isAllowed = authorizationManager.hasAccess(Right.ADMIN, context.getUserReference(), wikiReference) && StringUtils.equals(newOwner, currentOwner);
}
} else {
// Saving a descriptor that did not already exist should be reserved to global admins
isAllowed = authorizationManager.hasAccess(Right.ADMIN, context.getUserReference(), new WikiReference(wikiDescriptorManager.getMainWikiId()));
}
if (!isAllowed) {
// Exhausted all options. Deny access for the current user to edit the descriptor.
throw new AccessDeniedException(context.getUserReference(), wikiReference);
} else {
// Execute the operation.
wikiDescriptorManager.saveDescriptor(descriptor);
}
return true;
} catch (Exception e) {
error(e);
return false;
}
}
use of org.xwiki.wiki.descriptor.WikiDescriptor in project xwiki-platform by xwiki.
the class WikiManagerScriptServiceTest method saveDescriptorWhenICanEditDescriptorDocument.
@Test
public void saveDescriptorWhenICanEditDescriptorDocument() throws Exception {
WikiDescriptor oldDescriptor = new WikiDescriptor("wikiId", "wikiAlias");
oldDescriptor.setOwnerId("SomeUser");
when(wikiDescriptorManager.getById(oldDescriptor.getId())).thenReturn(oldDescriptor);
DocumentReference wikiDescriptorDocRef = getAndSetupDescriptorDocument(oldDescriptor.getId());
when(this.authorizationManager.hasAccess(Right.EDIT, currentUserRef, wikiDescriptorDocRef)).thenReturn(true);
// Changing some value, not the owner.
WikiDescriptor descriptor = new WikiDescriptor(oldDescriptor.getId(), "wikiAlias");
descriptor.setOwnerId(oldDescriptor.getOwnerId());
boolean result = mocker.getComponentUnderTest().saveDescriptor(descriptor);
assertTrue(result);
// The descriptor has been saved
verify(wikiDescriptorManager).saveDescriptor(descriptor);
}
use of org.xwiki.wiki.descriptor.WikiDescriptor in project xwiki-platform by xwiki.
the class WikiManagerScriptServiceTest method getMainWikiDescriptor.
@Test
public void getMainWikiDescriptor() throws Exception {
WikiDescriptor descriptor = new WikiDescriptor("mainWiki", "wikiAlias");
when(wikiDescriptorManager.getMainWikiDescriptor()).thenReturn(descriptor);
WikiDescriptor result = mocker.getComponentUnderTest().getMainWikiDescriptor();
assertEquals(descriptor, result);
}
Aggregations