@Override public Boolean hasAccess(User user, Right access, EntityReference entity) { return this.authorizationManager.hasAccess(access, user == null ? null : user.getProfileDocument(), entity); } }
/** * @param document the translation document * @param scope the scope * @throws AccessDeniedException thrown when the document author does not have enough right for the provided * {@link Scope} */ private void checkRegistrationAuthorization(XWikiDocument document, Scope scope) throws AccessDeniedException { switch (scope) { case GLOBAL: this.authorizationManager.checkAccess(Right.PROGRAM, document.getAuthorReference(), null); break; case WIKI: this.authorizationManager.checkAccess(Right.ADMIN, document.getAuthorReference(), document .getDocumentReference().getWikiReference()); break; default: break; } }
private boolean hasViewRights(String familyID, DocumentReference userProfileDocument) { DocumentReference doc = this.stringResolver.resolve(String.valueOf(familyID), Family.DATA_SPACE); if (!this.access.hasAccess(Right.VIEW, userProfileDocument, doc)) { return false; } return true; } }
private void checkAccess(Right right, DocumentReference user, EntityReference entity) throws AccessDeniedException { if (!checkPreAccess(right)) { throw new AccessDeniedException(right, user, entity); } this.authorizationManager.checkAccess(right, user, getFullReference(entity)); }
@Override public Boolean hasAccess(User user, Right access, EntityReference entity) { return this.authorizationManager.hasAccess(access, user == null ? null : user.getProfileDocument(), entity); } }
private void checkProgrammingRights() throws AuthorizationException { XWikiContext xcontext = this.xcontextProvider.get(); authorizationManager.checkAccess(Right.PROGRAM, xcontext.getDoc().getAuthorReference(), xcontext.getDoc() .getDocumentReference()); }
@Override public boolean isAdministrator(Patient patient, DocumentReference user) { if (patient == null || patient.getDocument() == null) { return false; } return this.rights.hasAccess(Right.ADMIN, user, patient.getDocument()); }
/** * Check that all required permissions are respected by both the script and the user. * * @param wikiId the id of the wiki concerned by the operation * @param user the user concerned by the operation * * @throws AccessDeniedException if the permissions are not respected */ private void checkRights(String wikiId, DocumentReference user) throws AccessDeniedException { XWikiContext context = xcontextProvider.get(); // Does the script author have the admin right? // // The goal is to avoid that a non-granted user writes a script, which could be executed by an administrator, // which uses this script service to perform "nasty" operations, like being invited to a sub-wiki. // // By the past, we checked for the programing right, but it was too restrictive, as it make impossible to // a user without programing rights to create a wiki and then invite some peoples in it. authorizationManager.checkAccess(Right.ADMIN, context.getDoc().getAuthorReference(), context.getDoc().getDocumentReference()); // Is the user concerned by the operation? if (user != null && user.equals(context.getUserReference())) { // If the user is concerned, then she has the right to perform this operation. return; } // Does the current user have the admin right? authorizationManager.checkAccess(Right.ADMIN, context.getUserReference(), new WikiReference(wikiId)); }
@Override public boolean hasProgrammingRights(DocumentReference reference) throws WikiComponentException { XWikiDocument document = getDocument(reference); return this.authorization.hasAccess(Right.PROGRAM, document.getAuthorReference(), null); }
authorizationManager.checkAccess(Right.CREATE_WIKI, context.getUserReference(), mainWikiReference); if (!failOnExist) { authorizationManager.checkAccess(Right.PROGRAM, context.getUserReference(), mainWikiReference);
@Override public boolean isEventViewable(WatchListEvent event, String subscriber) { DocumentReference userReference = resolver.resolve(subscriber); return authorizationManager.hasAccess(Right.VIEW, userReference, event.getDocumentReference()); }
XWikiContext context = xcontextProvider.get(); authorizationManager.checkAccess(Right.PROGRAM, context.getDoc().getAuthorReference(), context.getDoc().getDocumentReference()); authorizationManager.checkAccess(Right.CREATE_WIKI, context.getUserReference(), new WikiReference(context.getMainXWiki()));
protected boolean hasAccess(Right right, EntityReference reference) { return ((!this.request.isCheckRights() || this.authorization.hasAccess(right, this.request.getUserReference(), reference)) && (!this.request.isCheckAuthorRights() || this.authorization.hasAccess(right, this.request.getAuthorReference(), reference))); }
try { authorizationManager.checkAccess(Right.PROGRAM, context.getDoc().getAuthorReference(), context.getDoc().getDocumentReference()); String currentUser = entityReferenceSerializer.serialize(context.getUserReference()); if (!currentUser.equals(owner)) { authorizationManager.checkAccess(Right.ADMIN, context.getUserReference(), wikiReference);
@Override public boolean canAddAnnotation(String target, String userName) { // if the user has comment right on the document represented by the target return this.authorization.hasAccess(Right.COMMENT, getUserReference(userName), getDocumentReference(target)); }
@Override public boolean isAdministrator(@Nullable final PrimaryEntity entity, @Nullable final DocumentReference user) { return !this.helper.isGroup(user) && entity != null && entity.getDocumentReference() != null && this.rights.hasAccess(Right.ADMIN, user, entity.getDocumentReference()); }
/** * Check the current user's access to alter the index of the wiki owning the given referenced entity. * * @param reference the reference whose owning wiki to check. * @throws IllegalAccessException if the user is not allowed or if problems occur. */ private void checkAccessToWikiIndex(EntityReference reference) throws IllegalAccessException { EntityReference wikiReference = reference.extractReference(EntityType.WIKI); XWikiContext xcontext = this.xcontextProvider.get(); DocumentReference userReference = xcontext.getUserReference(); DocumentReference programmingUserReference = xcontext.getDoc().getContentAuthorReference(); if (!this.authorization.hasAccess(Right.ADMIN, userReference, wikiReference) || !this.authorization.hasAccess(Right.PROGRAM, programmingUserReference, wikiReference)) { throw new IllegalAccessException(String.format( "The user '%s' is not allowed to alter the index for the entity '%s'", userReference, reference)); } }
@Override public boolean canViewAnnotations(String target, String userName) { // if user can view the target, it should be able to view annotations on it return this.authorization.hasAccess(Right.VIEW, getUserReference(userName), getDocumentReference(target)); }
private boolean hasAccess(Right right, DocumentReference user, EntityReference entity) { return checkPreAccess(right) && this.authorizationManager.hasAccess(right, user, getFullReference(entity)); }
@Override public Response getFamily(String id) { this.logger.warn("Retrieving family record [{}] via REST", id); Family family = this.repository.getFamilyById(id); if (family == null) { this.logger.warn(NO_SUCH_FAMILY_ERROR_MESSAGE, id); return Response.status(Status.NOT_FOUND).build(); } User currentUser = this.users.getCurrentUser(); if (!this.access.hasAccess(Right.VIEW, currentUser == null ? null : currentUser.getProfileDocument(), family.getDocumentReference())) { this.logger.error("View access denied to user [{}] on family record [{}]", currentUser, id); return Response.status(Status.FORBIDDEN).build(); } JSONObject json = family.toJSON(); json.put("links", this.autolinker.get().forResource(getClass(), this.uriInfo).build()); return Response.ok(json, MediaType.APPLICATION_JSON_TYPE).build(); }