@Override public boolean hasAccessLevel(String right, String username, String docname, XWikiContext context) throws XWikiException { WikiReference wikiReference = new WikiReference(context.getDatabase()); DocumentReference document = resolveDocumentName(docname, wikiReference); LOGGER.debug("Resolved '{}' into {}", docname, document); DocumentReference user = resolveUserName(username, wikiReference); return authorizationManager.hasAccess(Right.toRight(right), user, document); }
@Override public boolean hasProgrammingRights(XWikiDocument doc, XWikiContext context) { DocumentReference user; WikiReference wiki; if (doc != null) { user = doc.getContentAuthorReference(); wiki = doc.getDocumentReference().getWikiReference(); } else { user = context.getUserReference(); wiki = new WikiReference(context.getDatabase()); } return authorizationManager.hasAccess(Right.PROGRAM, user, wiki); }
/** * Remove every generated files corresponding to a filesystem skin. The script calling this method * needs the programming rights. * * @param skin name of the filesystem skin * @return true if the operation succeed */ public boolean clearCacheFromFileSystemSkin(String skin) { XWikiContext xcontext = xcontextProvider.get(); // Check if the current script has the programing rights if (!authorizationManager.hasAccess( Right.PROGRAM, xcontext.getDoc().getAuthorReference(), xcontext.getDoc().getDocumentReference())) { return false; } lessCache.clearFromFileSystemSkin(skin); colorThemeCache.clearFromFileSystemSkin(skin); return true; }
@Override public boolean checkAccess(String action, XWikiDocument doc, XWikiContext context) throws XWikiException { Right right = actionToRight(action); EntityReference entityReference = doc.getDocumentReference(); LOGGER.debug("checkAccess for action {} on entity {}.", right, entityReference); DocumentReference userReference = authenticateUser(right, entityReference, context); if (userReference == null) { showLogin(context); return false; } if (authorizationManager.hasAccess(right, userReference, entityReference)) { return true; } // If the right has been denied, and we have guest user, redirect the user to login page // unless the denied is on the login action, which could cause infinite redirection. // FIXME: The hasAccessLevel is broken (do not allow document creator) on the delete action in // the old // implementation, so code that simply want to verify if a user can delete (but is not actually // deleting) // has to call checkAccess. This happen really often, and this why we should not redirect to // login on failed // delete, since it would prevent most user to do anything. if (context.getUserReference() == null && !DELETE_ACTION.equals(action) && !LOGIN_ACTION.equals(action)) { LOGGER.debug( "Redirecting guest user to login, since it have been denied {} on {}.", right, entityReference); showLogin(context); } return false; }
@Override public boolean hasWikiAdminRights(XWikiContext context) { DocumentReference user = context.getUserReference(); WikiReference wiki = new WikiReference(context.getDatabase()); return authorizationManager.hasAccess(Right.ADMIN, user, wiki); }
@Override public boolean hasAdminRights(XWikiContext context) { DocumentReference user = context.getUserReference(); DocumentReference document = context.getDoc().getDocumentReference(); return authorizationManager.hasAccess(Right.ADMIN, user, document); }
@Override public boolean isEventViewable(WatchListEvent event, String subscriber) { DocumentReference userReference = resolver.resolve(subscriber); return authorizationManager.hasAccess(Right.VIEW, userReference, event.getDocumentReference()); }