@Override public void onEvent(Event event, Object source, Object data) { this.logger.debug("Registered \"manage\" right: {} = {}", ManageRight.MANAGE, Right.toRight("manage")); } }
@Override public Set<String> resolveActions(Class<?> restInterface, Right grantedRight) { Method[] methods = restInterface.getMethods(); Set<String> result = new HashSet<>(); for (Method method : methods) { for (Annotation annotation : method.getAnnotations()) { HttpMethod httpMethod = annotation.annotationType().getAnnotation(HttpMethod.class); if (httpMethod != null) { RequiredAccess rightAnnotation = method.getAnnotation(RequiredAccess.class); if (grantedRight != null && rightAnnotation != null) { Right right = Right.toRight(rightAnnotation.value()); if (right == grantedRight || grantedRight.getImpliedRights() != null && grantedRight.getImpliedRights().contains(right)) { result.add(httpMethod.value()); } } else { result.add(httpMethod.value()); } } } } return result; } }
/** * @param description a right description to compare this right to. * @return true if the right is equivalent to the provided description. */ boolean like(RightDescription description) { return new EqualsBuilder() .append(this.isReadOnly(), description.isReadOnly()) .append(this.getDefaultState(), description.getDefaultState()) .append(this.getTieResolutionPolicy(), description.getTieResolutionPolicy()) .append(this.getInheritanceOverridePolicy(), description.getInheritanceOverridePolicy()) .append(this.getTargetedEntityType(), description.getTargetedEntityType()) .append(this.getImpliedRights(), description.getImpliedRights()) .isEquals(); } }
@Override public String toString() { StringBuilder sb = new StringBuilder("["); boolean first = true; for (int i = 0; i < Right.size(); i++) { if ((rights & (1 << i)) > 0) { if (first) { first = false; } else { sb.append(", "); } sb.append(Right.get(i).getName()); } } sb.append("]"); return sb.toString(); }
@Override public Right register(RightDescription rightDescription) throws UnableToRegisterRightException { try { Right newRight = new Right(rightDescription); // cleanup the cache since a new right scheme enter in action securityCache.remove(securityReferenceFactory.newEntityReference(xwikiBridge.getMainWikiReference())); return newRight; } catch (Throwable e) { Right right = Right.toRight(rightDescription.getName()); if (right != Right.ILLEGAL && right.like(rightDescription)) { return right; } throw new UnableToRegisterRightException(rightDescription, e); } }
@Override public Boolean hasAccess(User user, Right access, EntityReference entity) { if (!ObjectUtils.allNotNull(user, access, entity) || access.getTargetedEntityType() == null || !access.getTargetedEntityType().contains(EntityType.DOCUMENT)) { return null; } // This converts the document to an entity. PrimaryEntity primaryEntity = this.resolver.resolveEntity(entity.toString()); if (primaryEntity == null) { return null; } // This retrieves the access level for the entity. AccessLevel grantedAccess = this.accessHelper.getAccessLevel(primaryEntity, user.getProfileDocument()); Right grantedRight = grantedAccess.getGrantedRight(); if (grantedRight.equals(access) || (grantedRight.getImpliedRights() != null && grantedRight.getImpliedRights().contains(access))) { return true; } return null; } }
@Override public Boolean hasAccess(User user, Right access, EntityReference entity) { if (!ObjectUtils.allNotNull(access, entity) || access.getTargetedEntityType() == null || !access.getTargetedEntityType().contains(EntityType.DOCUMENT)) { return null; } Family family = this.familyRepository.get(entity.toString()); if (family == null) { return null; } return false; } }
/** * Add implied rights of the given right into the current access. * * @param right the right to imply right for. * @param access the access to be augmented (modified and returned). * @param reference the reference to imply rights for. * @param policies the current security policies. * @param priorities A map of current priorities of each rights in the current accumulated access result. */ private void implyRights(Right right, XWikiSecurityAccess access, SecurityReference reference, Policies policies, Map<Right, Integer> priorities) { Set<Right> impliedRights = right.getImpliedRights(); if (impliedRights != null) { for (Right enabledRight : Right.getEnabledRights(reference.getSecurityType())) { if (impliedRights.contains(enabledRight)) { // set the policies of the implied right to the policies of the original right policies.set(enabledRight, right); resolveConflict(ALLOW, enabledRight, access, policies, priorities.get(right), priorities); } } } }
@Override public Boolean hasAccess( @Nullable final User user, @Nonnull final Right access, @Nonnull final EntityReference entity) { // If this is not a template, or the right is read-only, then do not try to authorize. if (!entity.toString().contains(TEMPLATE) || access.isReadOnly()) { return null; } // For templates, only grant access to administrators. return user != null && user.getProfileDocument() != null && this.auth.hasAccess(user, Right.ADMIN, this.resolver.resolve(Constants.XWIKI_SPACE_REFERENCE)); } }
/** * Add implied rights of the given right into the current access. * * @param right the right to imply right for. * @param access the access to be augmented (modified and returned). * @param enabledRights the set of right that could be allowed for the current reference * @param policies the current security policies. * @param fromUser the set of right that have been set by a user rule. */ private void implyRights(Right right, XWikiSecurityAccess access, Set<Right> enabledRights, Policies policies, Set<Right> fromUser) { Set<Right> impliedRights = right.getImpliedRights(); if (impliedRights != null) { for (Right enabledRight : enabledRights) { if (impliedRights.contains(enabledRight)) { // set the policies of the implied right to the policies of the original right policies.set(enabledRight, right); if (fromUser.contains(enabledRight) == fromUser.contains(right)) { // Conflict Implied user/group right, user/group right resolveConflict(ALLOW, enabledRight, access, policies); } else if (fromUser.contains(right)) { // Implied user right win over group right access.set(enabledRight, ALLOW); fromUser.add(enabledRight); } } } } }
@Override public String toString() { return getName(); }
@Override public String toString() { StringBuilder sb = new StringBuilder("["); boolean first = true; for (int i = 0; i < rights.size(); i++) { if (getValue(i) != null) { if (first) { first = false; } else { sb.append(", "); } sb.append(Right.get(i).getName()) .append(" = ") .append(unmaskNull(getValue(i)).toString()); } } sb.append("]"); return sb.toString(); }
@Override public Boolean hasAccess(User user, Right access, EntityReference entity) { if (!ObjectUtils.allNotNull(access, entity) || access.getTargetedEntityType() == null || !access.getTargetedEntityType().contains(EntityType.DOCUMENT)) { return null; } // This converts the document to an entity. PrimaryEntity primaryEntity = this.resolver.resolveEntity(entity.toString()); if (primaryEntity == null) { return null; } Visibility visibility = this.helper.getVisibility(primaryEntity); if (visibility == null) { return null; } // Checks if the visibility of Patient Record and the access rights Right grantedRight = visibility.getDefaultAccessLevel().getGrantedRight(); if (user != null && user.getProfileDocument() != null && (grantedRight.equals(access) || (grantedRight.getImpliedRights() != null && grantedRight.getImpliedRights().contains(access)))) { return true; } return null; } }
@Override public Boolean hasAccess(User user, Right access, EntityReference entity) { if (!ObjectUtils.allNotNull(access, entity) || access.getTargetedEntityType() == null || !access.getTargetedEntityType().contains(EntityType.DOCUMENT)) { return null; } Patient patient = this.patientRepository.get(entity.toString()); if (patient == null) { return null; } return false; } }
@Override public Boolean hasAccess(User user, Right access, EntityReference entity) { if (!(entity instanceof DocumentReference)) { return null; } XWikiContext context = this.contextProvider.get(); try { XWikiDocument doc = context.getWiki().getDocument((DocumentReference) entity, context); BaseObject lock = doc.getXObject(this.lockClassReference); if (lock != null && !access.isReadOnly()) { return Boolean.FALSE; } } catch (XWikiException | NullPointerException e) { return null; } return null; } }
@Override public Boolean hasAccess(User user, Right access, EntityReference entity) { if (!ObjectUtils.allNotNull(user, access, entity) || !(access == Right.VIEW || access == Right.EDIT)) { return null; } Family family = this.familyRepository.get(entity.toString()); if (family == null) { return null; } for (Patient member : family.getMembers()) { AccessLevel grantedAccess = this.manager.getAccessLevel(member, user.getProfileDocument()); Right grantedRight = grantedAccess.getGrantedRight(); if (grantedRight != null && (grantedRight.equals(access) || (grantedRight.getImpliedRights() != null && grantedRight.getImpliedRights().contains(access)))) { return true; } } return null; } }
/** * @param right The right being checked. * @param userReference The user, for which the query was attempted. * @param entityReference The entity, on which the query was attempted. * @param message Message. * @param cause Original cause. */ public AuthorizationException(Right right, DocumentReference userReference, EntityReference entityReference, String message, Throwable cause) { super(String.format("%s when checking %s access to [%s] for user [%s]", message, (right == null) ? "" : "[" + right.getName() + "]", (entityReference == null) ? NULL_ENTITY : entityReference, (userReference == null) ? NULL_USER : userReference), cause); }
@Override public void onEvent(Event event, Object source, Object data) { this.logger.debug("Registered \"manage\" right: {} = {}", ManageRight.MANAGE, Right.toRight("manage")); } }
@Override public Set<String> resolveActions(Class<?> restInterface, Right grantedRight) { Method[] methods = restInterface.getMethods(); Set<String> result = new HashSet<>(); for (Method method : methods) { for (Annotation annotation : method.getAnnotations()) { HttpMethod httpMethod = annotation.annotationType().getAnnotation(HttpMethod.class); if (httpMethod != null) { RequiredAccess rightAnnotation = method.getAnnotation(RequiredAccess.class); if (grantedRight != null && rightAnnotation != null) { Right right = Right.toRight(rightAnnotation.value()); if (right == grantedRight || grantedRight.getImpliedRights() != null && grantedRight.getImpliedRights().contains(right)) { result.add(httpMethod.value()); } } else { result.add(httpMethod.value()); } } } } return result; } }
@Override public Boolean hasAccess(User user, Right access, EntityReference entity) { if (!ObjectUtils.allNotNull(access, entity) || access.getTargetedEntityType() == null || !access.getTargetedEntityType().contains(EntityType.DOCUMENT)) { return null; } // This converts the document to a primary entity. PrimaryEntity primaryEntity = this.resolver.resolveEntity(entity.toString()); if (primaryEntity == null) { return null; } Owner owner = this.manager.getEntityAccess(primaryEntity).getOwner(); if (owner.getUser() == null) { return true; } return null; } }