@Override
public boolean hasAccessLevel(String right, String username, String docname, XWikiContext context)
throws XWikiException {
WikiReference wikiReference = new WikiReference(context.getDatabase());
DocumentReference document = resolveDocumentName(docname, wikiReference);
LOGGER.debug("Resolved '{}' into {}", docname, document);
DocumentReference user = resolveUserName(username, wikiReference);
return authorizationManager.hasAccess(Right.toRight(right), user, document);
}
@Override
public boolean hasProgrammingRights(XWikiDocument doc, XWikiContext context) {
DocumentReference user;
WikiReference wiki;
if (doc != null) {
user = doc.getContentAuthorReference();
wiki = doc.getDocumentReference().getWikiReference();
} else {
user = context.getUserReference();
wiki = new WikiReference(context.getDatabase());
}
return authorizationManager.hasAccess(Right.PROGRAM, user, wiki);
}
/**
* Remove every generated files corresponding to a filesystem skin. The script calling this method
* needs the programming rights.
*
* @param skin name of the filesystem skin
* @return true if the operation succeed
*/
public boolean clearCacheFromFileSystemSkin(String skin) {
XWikiContext xcontext = xcontextProvider.get();
// Check if the current script has the programing rights
if (!authorizationManager.hasAccess(
Right.PROGRAM,
xcontext.getDoc().getAuthorReference(),
xcontext.getDoc().getDocumentReference())) {
return false;
}
lessCache.clearFromFileSystemSkin(skin);
colorThemeCache.clearFromFileSystemSkin(skin);
return true;
}
@Override
public boolean checkAccess(String action, XWikiDocument doc, XWikiContext context)
throws XWikiException {
Right right = actionToRight(action);
EntityReference entityReference = doc.getDocumentReference();
LOGGER.debug("checkAccess for action {} on entity {}.", right, entityReference);
DocumentReference userReference = authenticateUser(right, entityReference, context);
if (userReference == null) {
showLogin(context);
return false;
}
if (authorizationManager.hasAccess(right, userReference, entityReference)) {
return true;
}
// If the right has been denied, and we have guest user, redirect the user to login page
// unless the denied is on the login action, which could cause infinite redirection.
// FIXME: The hasAccessLevel is broken (do not allow document creator) on the delete action in
// the old
// implementation, so code that simply want to verify if a user can delete (but is not actually
// deleting)
// has to call checkAccess. This happen really often, and this why we should not redirect to
// login on failed
// delete, since it would prevent most user to do anything.
if (context.getUserReference() == null
&& !DELETE_ACTION.equals(action)
&& !LOGIN_ACTION.equals(action)) {
LOGGER.debug(
"Redirecting guest user to login, since it have been denied {} on {}.",
right,
entityReference);
showLogin(context);
}
return false;
}
@Override
public boolean hasWikiAdminRights(XWikiContext context) {
DocumentReference user = context.getUserReference();
WikiReference wiki = new WikiReference(context.getDatabase());
return authorizationManager.hasAccess(Right.ADMIN, user, wiki);
}
@Override
public boolean hasAdminRights(XWikiContext context) {
DocumentReference user = context.getUserReference();
DocumentReference document = context.getDoc().getDocumentReference();
return authorizationManager.hasAccess(Right.ADMIN, user, document);
}
@Override
public boolean isEventViewable(WatchListEvent event, String subscriber) {
DocumentReference userReference = resolver.resolve(subscriber);
return authorizationManager.hasAccess(Right.VIEW, userReference, event.getDocumentReference());
}
