Search in sources :

Example 36 with WikiDescriptor

use of org.xwiki.wiki.descriptor.WikiDescriptor in project xwiki-platform by xwiki.

the class WikiManagerScriptService method canDeleteWiki.

/**
 * Test if a given user can delete a given wiki.
 *
 * @param userId the id of the user to test
 * @param wikiId the id of the wiki
 * @return whether or not the user can delete the specified wiki
 */
public boolean canDeleteWiki(String userId, String wikiId) {
    try {
        // Get target wiki descriptor
        WikiDescriptor descriptor = wikiDescriptorManager.getById(wikiId);
        if (descriptor == null) {
            error(new Exception(String.format("Could not find descriptor for wiki [%s]]", wikiId)));
            return false;
        }
        // Get the full reference of the given user
        DocumentReference userReference = documentReferenceResolver.resolve(userId);
        String fullUserId = entityReferenceSerializer.serialize(userReference);
        // If the user is the owner
        String owner = descriptor.getOwnerId();
        if (fullUserId.equals(owner)) {
            return true;
        }
        // If the user is an admin
        WikiReference wikiReference = new WikiReference(wikiId);
        if (authorizationManager.hasAccess(Right.ADMIN, userReference, wikiReference)) {
            return true;
        }
    } catch (WikiManagerException e) {
        error(String.format("Error while getting the descriptor of wiki [%s]", wikiId), e);
    }
    return false;
}
Also used : WikiManagerException(org.xwiki.wiki.manager.WikiManagerException) WikiReference(org.xwiki.model.reference.WikiReference) WikiDescriptor(org.xwiki.wiki.descriptor.WikiDescriptor) AuthorizationException(org.xwiki.security.authorization.AuthorizationException) WikiManagerException(org.xwiki.wiki.manager.WikiManagerException) AccessDeniedException(org.xwiki.security.authorization.AccessDeniedException) DocumentReference(org.xwiki.model.reference.DocumentReference)

Example 37 with WikiDescriptor

use of org.xwiki.wiki.descriptor.WikiDescriptor in project xwiki-platform by xwiki.

the class WikiManagerScriptService method createWiki.

/**
 * Create a new wiki.
 *
 * @param wikiId unique identifier of the new wiki
 * @param wikiAlias default alias of the new wiki
 * @param ownerId Id of the user that will own the wiki
 * @param failOnExist Fail the operation if the wiki id already exists
 * @return the wiki descriptor of the new wiki, or null if problems occur
 */
public WikiDescriptor createWiki(String wikiId, String wikiAlias, String ownerId, boolean failOnExist) {
    WikiDescriptor descriptor = null;
    XWikiContext context = xcontextProvider.get();
    try {
        // Check if the current script has the programing rights
        checkProgrammingRights();
        // Check right access
        WikiReference mainWikiReference = new WikiReference(getMainWikiId());
        authorizationManager.checkAccess(Right.CREATE_WIKI, context.getUserReference(), mainWikiReference);
        if (!failOnExist) {
            authorizationManager.checkAccess(Right.PROGRAM, context.getUserReference(), mainWikiReference);
        }
        // Create the wiki
        descriptor = wikiManager.create(wikiId, wikiAlias, failOnExist);
        // Set the owner
        descriptor.setOwnerId(ownerId);
        wikiDescriptorManager.saveDescriptor(descriptor);
    } catch (Exception e) {
        error(e);
    }
    return descriptor;
}
Also used : XWikiContext(com.xpn.xwiki.XWikiContext) WikiReference(org.xwiki.model.reference.WikiReference) WikiDescriptor(org.xwiki.wiki.descriptor.WikiDescriptor) AuthorizationException(org.xwiki.security.authorization.AuthorizationException) WikiManagerException(org.xwiki.wiki.manager.WikiManagerException) AccessDeniedException(org.xwiki.security.authorization.AccessDeniedException)

Example 38 with WikiDescriptor

use of org.xwiki.wiki.descriptor.WikiDescriptor in project xwiki-platform by xwiki.

the class WikiManagerScriptService method saveDescriptor.

/**
 * Save the specified descriptor (if you have the right).
 *
 * @param descriptor descriptor to save
 * @return true if it succeed
 */
public boolean saveDescriptor(WikiDescriptor descriptor) {
    XWikiContext context = xcontextProvider.get();
    boolean isAllowed;
    try {
        // Get the wiki owner
        WikiDescriptor oldDescriptor = wikiDescriptorManager.getById(descriptor.getId());
        WikiReference wikiReference = descriptor.getReference();
        if (oldDescriptor != null) {
            // Users that can edit the wiki's descriptor document are allowed to use this API as well. This
            // includes global admins.
            DocumentReference descriptorDocument = wikiDescriptorDocumentHelper.getDocumentReferenceFromId(oldDescriptor.getId());
            isAllowed = authorizationManager.hasAccess(Right.EDIT, context.getUserReference(), descriptorDocument);
            String currentOwner = oldDescriptor.getOwnerId();
            if (!isAllowed) {
                // The current owner can edit anything.
                isAllowed = entityReferenceSerializer.serialize(context.getUserReference()).equals(currentOwner);
            }
            if (!isAllowed) {
                // Local admins can edit the descriptor, except for the "ownerId" field, which should be
                // editable only by the current owner or main wiki admins.
                String newOwner = descriptor.getOwnerId();
                isAllowed = authorizationManager.hasAccess(Right.ADMIN, context.getUserReference(), wikiReference) && StringUtils.equals(newOwner, currentOwner);
            }
        } else {
            // Saving a descriptor that did not already exist should be reserved to global admins
            isAllowed = authorizationManager.hasAccess(Right.ADMIN, context.getUserReference(), new WikiReference(wikiDescriptorManager.getMainWikiId()));
        }
        if (!isAllowed) {
            // Exhausted all options. Deny access for the current user to edit the descriptor.
            throw new AccessDeniedException(context.getUserReference(), wikiReference);
        } else {
            // Execute the operation.
            wikiDescriptorManager.saveDescriptor(descriptor);
        }
        return true;
    } catch (Exception e) {
        error(e);
        return false;
    }
}
Also used : AccessDeniedException(org.xwiki.security.authorization.AccessDeniedException) XWikiContext(com.xpn.xwiki.XWikiContext) WikiReference(org.xwiki.model.reference.WikiReference) WikiDescriptor(org.xwiki.wiki.descriptor.WikiDescriptor) DocumentReference(org.xwiki.model.reference.DocumentReference) AuthorizationException(org.xwiki.security.authorization.AuthorizationException) WikiManagerException(org.xwiki.wiki.manager.WikiManagerException) AccessDeniedException(org.xwiki.security.authorization.AccessDeniedException)

Example 39 with WikiDescriptor

use of org.xwiki.wiki.descriptor.WikiDescriptor in project xwiki-platform by xwiki.

the class WikiManagerScriptServiceTest method saveDescriptorWhenICanEditDescriptorDocument.

@Test
public void saveDescriptorWhenICanEditDescriptorDocument() throws Exception {
    WikiDescriptor oldDescriptor = new WikiDescriptor("wikiId", "wikiAlias");
    oldDescriptor.setOwnerId("SomeUser");
    when(wikiDescriptorManager.getById(oldDescriptor.getId())).thenReturn(oldDescriptor);
    DocumentReference wikiDescriptorDocRef = getAndSetupDescriptorDocument(oldDescriptor.getId());
    when(this.authorizationManager.hasAccess(Right.EDIT, currentUserRef, wikiDescriptorDocRef)).thenReturn(true);
    // Changing some value, not the owner.
    WikiDescriptor descriptor = new WikiDescriptor(oldDescriptor.getId(), "wikiAlias");
    descriptor.setOwnerId(oldDescriptor.getOwnerId());
    boolean result = mocker.getComponentUnderTest().saveDescriptor(descriptor);
    assertTrue(result);
    // The descriptor has been saved
    verify(wikiDescriptorManager).saveDescriptor(descriptor);
}
Also used : WikiDescriptor(org.xwiki.wiki.descriptor.WikiDescriptor) DocumentReference(org.xwiki.model.reference.DocumentReference) Test(org.junit.Test)

Example 40 with WikiDescriptor

use of org.xwiki.wiki.descriptor.WikiDescriptor in project xwiki-platform by xwiki.

the class WikiManagerScriptServiceTest method getMainWikiDescriptor.

@Test
public void getMainWikiDescriptor() throws Exception {
    WikiDescriptor descriptor = new WikiDescriptor("mainWiki", "wikiAlias");
    when(wikiDescriptorManager.getMainWikiDescriptor()).thenReturn(descriptor);
    WikiDescriptor result = mocker.getComponentUnderTest().getMainWikiDescriptor();
    assertEquals(descriptor, result);
}
Also used : WikiDescriptor(org.xwiki.wiki.descriptor.WikiDescriptor) Test(org.junit.Test)

Aggregations

WikiDescriptor (org.xwiki.wiki.descriptor.WikiDescriptor)60 Test (org.junit.Test)40 WikiManagerException (org.xwiki.wiki.manager.WikiManagerException)28 AccessDeniedException (org.xwiki.security.authorization.AccessDeniedException)17 WikiReference (org.xwiki.model.reference.WikiReference)11 XWikiContext (com.xpn.xwiki.XWikiContext)9 WikiTemplateManagerException (org.xwiki.wiki.template.WikiTemplateManagerException)9 ArrayList (java.util.ArrayList)7 DocumentReference (org.xwiki.model.reference.DocumentReference)6 WikiDescriptorManager (org.xwiki.wiki.descriptor.WikiDescriptorManager)6 XWikiDocument (com.xpn.xwiki.doc.XWikiDocument)5 BaseObject (com.xpn.xwiki.objects.BaseObject)5 DefaultWikiDescriptor (org.xwiki.wiki.internal.descriptor.DefaultWikiDescriptor)5 WikiCreationRequest (org.xwiki.platform.wiki.creationjob.WikiCreationRequest)3 AuthorizationException (org.xwiki.security.authorization.AuthorizationException)3 WikiCopiedEvent (org.xwiki.bridge.event.WikiCopiedEvent)2 WikiCreatedEvent (org.xwiki.bridge.event.WikiCreatedEvent)2 WikiCreatingEvent (org.xwiki.bridge.event.WikiCreatingEvent)2 WikiCreationException (org.xwiki.platform.wiki.creationjob.WikiCreationException)2 WikiDescriptorBuilderException (org.xwiki.wiki.internal.descriptor.builder.WikiDescriptorBuilderException)2