Examples with WikiDescriptor org.xwiki.wiki.descriptor.WikiDescriptor used on opensource projects

Example 36 with WikiDescriptor

use of org.xwiki.wiki.descriptor.WikiDescriptor in project xwiki-platform by xwiki.

the class WikiManagerScriptService method canDeleteWiki.

/**
 * Test if a given user can delete a given wiki.
 *
 * @param userId the id of the user to test
 * @param wikiId the id of the wiki
 * @return whether or not the user can delete the specified wiki
 */
public boolean canDeleteWiki(String userId, String wikiId) {
    try {
        // Get target wiki descriptor
        WikiDescriptor descriptor = wikiDescriptorManager.getById(wikiId);
        if (descriptor == null) {
            error(new Exception(String.format("Could not find descriptor for wiki [%s]]", wikiId)));
            return false;
        }
        // Get the full reference of the given user
        DocumentReference userReference = documentReferenceResolver.resolve(userId);
        String fullUserId = entityReferenceSerializer.serialize(userReference);
        // If the user is the owner
        String owner = descriptor.getOwnerId();
        if (fullUserId.equals(owner)) {
            return true;
        }
        // If the user is an admin
        WikiReference wikiReference = new WikiReference(wikiId);
        if (authorizationManager.hasAccess(Right.ADMIN, userReference, wikiReference)) {
            return true;
        }
    } catch (WikiManagerException e) {
        error(String.format("Error while getting the descriptor of wiki [%s]", wikiId), e);
    }
    return false;
}

Example 37 with WikiDescriptor

use of org.xwiki.wiki.descriptor.WikiDescriptor in project xwiki-platform by xwiki.

the class WikiManagerScriptService method createWiki.

/**
 * Create a new wiki.
 *
 * @param wikiId unique identifier of the new wiki
 * @param wikiAlias default alias of the new wiki
 * @param ownerId Id of the user that will own the wiki
 * @param failOnExist Fail the operation if the wiki id already exists
 * @return the wiki descriptor of the new wiki, or null if problems occur
 */
public WikiDescriptor createWiki(String wikiId, String wikiAlias, String ownerId, boolean failOnExist) {
    WikiDescriptor descriptor = null;
    XWikiContext context = xcontextProvider.get();
    try {
        // Check if the current script has the programing rights
        checkProgrammingRights();
        // Check right access
        WikiReference mainWikiReference = new WikiReference(getMainWikiId());
        authorizationManager.checkAccess(Right.CREATE_WIKI, context.getUserReference(), mainWikiReference);
        if (!failOnExist) {
            authorizationManager.checkAccess(Right.PROGRAM, context.getUserReference(), mainWikiReference);
        }
        // Create the wiki
        descriptor = wikiManager.create(wikiId, wikiAlias, failOnExist);
        // Set the owner
        descriptor.setOwnerId(ownerId);
        wikiDescriptorManager.saveDescriptor(descriptor);
    } catch (Exception e) {
        error(e);
    }
    return descriptor;
}

Example 38 with WikiDescriptor

use of org.xwiki.wiki.descriptor.WikiDescriptor in project xwiki-platform by xwiki.

the class WikiManagerScriptService method saveDescriptor.

/**
 * Save the specified descriptor (if you have the right).
 *
 * @param descriptor descriptor to save
 * @return true if it succeed
 */
public boolean saveDescriptor(WikiDescriptor descriptor) {
    XWikiContext context = xcontextProvider.get();
    boolean isAllowed;
    try {
        // Get the wiki owner
        WikiDescriptor oldDescriptor = wikiDescriptorManager.getById(descriptor.getId());
        WikiReference wikiReference = descriptor.getReference();
        if (oldDescriptor != null) {
            // Users that can edit the wiki's descriptor document are allowed to use this API as well. This
            // includes global admins.
            DocumentReference descriptorDocument = wikiDescriptorDocumentHelper.getDocumentReferenceFromId(oldDescriptor.getId());
            isAllowed = authorizationManager.hasAccess(Right.EDIT, context.getUserReference(), descriptorDocument);
            String currentOwner = oldDescriptor.getOwnerId();
            if (!isAllowed) {
                // The current owner can edit anything.
                isAllowed = entityReferenceSerializer.serialize(context.getUserReference()).equals(currentOwner);
            }
            if (!isAllowed) {
                // Local admins can edit the descriptor, except for the "ownerId" field, which should be
                // editable only by the current owner or main wiki admins.
                String newOwner = descriptor.getOwnerId();
                isAllowed = authorizationManager.hasAccess(Right.ADMIN, context.getUserReference(), wikiReference) && StringUtils.equals(newOwner, currentOwner);
            }
        } else {
            // Saving a descriptor that did not already exist should be reserved to global admins
            isAllowed = authorizationManager.hasAccess(Right.ADMIN, context.getUserReference(), new WikiReference(wikiDescriptorManager.getMainWikiId()));
        }
        if (!isAllowed) {
            // Exhausted all options. Deny access for the current user to edit the descriptor.
            throw new AccessDeniedException(context.getUserReference(), wikiReference);
        } else {
            // Execute the operation.
            wikiDescriptorManager.saveDescriptor(descriptor);
        }
        return true;
    } catch (Exception e) {
        error(e);
        return false;
    }
}

Example 39 with WikiDescriptor

use of org.xwiki.wiki.descriptor.WikiDescriptor in project xwiki-platform by xwiki.

the class WikiManagerScriptServiceTest method saveDescriptorWhenICanEditDescriptorDocument.

@Test
public void saveDescriptorWhenICanEditDescriptorDocument() throws Exception {
    WikiDescriptor oldDescriptor = new WikiDescriptor("wikiId", "wikiAlias");
    oldDescriptor.setOwnerId("SomeUser");
    when(wikiDescriptorManager.getById(oldDescriptor.getId())).thenReturn(oldDescriptor);
    DocumentReference wikiDescriptorDocRef = getAndSetupDescriptorDocument(oldDescriptor.getId());
    when(this.authorizationManager.hasAccess(Right.EDIT, currentUserRef, wikiDescriptorDocRef)).thenReturn(true);
    // Changing some value, not the owner.
    WikiDescriptor descriptor = new WikiDescriptor(oldDescriptor.getId(), "wikiAlias");
    descriptor.setOwnerId(oldDescriptor.getOwnerId());
    boolean result = mocker.getComponentUnderTest().saveDescriptor(descriptor);
    assertTrue(result);
    // The descriptor has been saved
    verify(wikiDescriptorManager).saveDescriptor(descriptor);
}

Example 40 with WikiDescriptor

use of org.xwiki.wiki.descriptor.WikiDescriptor in project xwiki-platform by xwiki.

the class WikiManagerScriptServiceTest method getMainWikiDescriptor.

@Test
public void getMainWikiDescriptor() throws Exception {
    WikiDescriptor descriptor = new WikiDescriptor("mainWiki", "wikiAlias");
    when(wikiDescriptorManager.getMainWikiDescriptor()).thenReturn(descriptor);
    WikiDescriptor result = mocker.getComponentUnderTest().getMainWikiDescriptor();
    assertEquals(descriptor, result);
}