@Override public Set<Right> getImpliedRights() { return new RightSet(Right.VIEW, Right.EDIT, Right.DELETE); }
@Override public boolean match(Right right) { return rights.contains(right); }
/** * Create Policies based on default initial policies. */ Policies() { try { if (initialAllowTie == null || Right.size() != initialPolicySize) { initialPolicySize = Right.size(); allowTie = new RightSet(); noOverride = new RightSet(); for (Right right : Right.values()) { set(right, right); } initialAllowTie = ((RightSet) allowTie).clone(); initialNoOverride = ((RightSet) noOverride).clone(); } else { allowTie = initialAllowTie.clone(); noOverride = initialNoOverride.clone(); } } catch (CloneNotSupportedException ignored) { // unexpected } }
Right right = Right.toRight(level); if (right != Right.ILLEGAL && (!disableEditRight || right != Right.EDIT)) { rights.add(right); if (rights.size() > 0) { for (String user : UsersClass.getListFromString(obj.getStringValue(XWikiConstants.USERS_FIELD_NAME))) { DocumentReference ref = resolver.resolve(user, wikiReference);
/** * Constructor to used for implied rules. * @param rights The set of rights. * @param state The state of this rights object. * @param users The set of users. * @param groups The set of groups. */ protected XWikiSecurityRule(Set<Right> rights, RuleState state, Collection<DocumentReference> users, Collection<DocumentReference> groups) { if (users != null) { this.users.addAll(users); } if (groups != null) { this.groups.addAll(groups); } this.rights.addAll(rights); this.state = state; }
/** * Create and return a new Security rule based on an existing BaseObject. * @param obj An xwiki rights object. * @param resolver A document reference resolver for user and group pages. * @param wikiReference A reference to the wiki from which these rules are extracted. * @param disableEditRight when true, edit right is disregarded while building this rule. * @return a newly created security rule. * @throws IllegalArgumentException if the source object for the rules is badly formed. */ static SecurityRule createNewRule(BaseObject obj, DocumentReferenceResolver<String> resolver, WikiReference wikiReference, boolean disableEditRight) throws IllegalArgumentException { XWikiSecurityRule rule = new XWikiSecurityRule(obj, resolver, wikiReference, disableEditRight); if (rule.rights.size() == 0) { throw new IllegalArgumentException("No rights to build this rule."); } if (rule.users.size() == 0 && rule.groups.size() == 0) { throw new IllegalArgumentException("No user/group to build this rule."); } return rule; }
@Override public boolean equals(Object object) { if (object == this) { return true; } if (object == null || object.getClass() != getClass()) { return false; } XWikiSecurityRule other = (XWikiSecurityRule) object; return state == other.state && rights.equals(other.rights) && users.equals(other.users) && groups.equals(other.groups); }
/** * Create a new initialized set. * * @param rights a collection of {@code Right} object to initialize the set */ public RightSet(Collection<? extends Right> rights) { if (Right.size() > 64) { throw new IllegalStateException(); } this.addAll(rights); }
@Override public Set<Right> getImpliedRights() { return new RightSet(Right.VIEW, Right.EDIT, Right.DELETE, Right.COMMENT); }
/** * Enable this right for the given entity type. * @param type the entity type, null for the the main wiki. */ private void enableFor(EntityType type) { Set<Right> rights = ENABLED_RIGHTS.get(type); if (rights == null) { rights = new RightSet(); ENABLED_RIGHTS.put(type, rights); UNMODIFIABLE_ENABLED_RIGHTS.put(type, Collections.unmodifiableSet(rights)); } rights.add(this); }
/** * Clone implied Rights. * @param impliedRights the collection of rights to clone. * @return the cloned collection or null if no valid implied right has been provided. */ private Set<Right> cloneImpliedRights(Set<Right> impliedRights) { if (impliedRights == null || impliedRights.size() == 0) { return null; } Set<Right> implied = new RightSet(impliedRights); if (implied.size() > 0) { return Collections.unmodifiableSet(implied); } else { return null; } }
@Override protected XWikiSecurityAccess settle(UserSecurityReference user, Collection<GroupSecurityReference> groups, SecurityRuleEntry entry, Policies policies) { Set<Right> enabledRights = Right.getEnabledRights(entry.getReference().getSecurityType()); Set<Right> fromUser = new RightSet(); Set<Right> allowed = new RightSet(); XWikiSecurityAccess access = new XWikiSecurityAccess(); // Evaluate rules from current entity for (Right right : enabledRights) { for (SecurityRule rule : entry.getRules()) { if (rule.match(right)) { if (rule.getState() == ALLOW) { allowed.add(right); } resolveLevel(right, user, groups, rule, access, policies, fromUser); if (access.get(right) == ALLOW) { implyRights(right, access, enabledRights, policies, fromUser); } } } } // The same behavior as the old implementation. I.e., an allow means implicit deny for everyone else. for (Right right : allowed) { if (access.get(right) == UNDETERMINED) { access.deny(right); } } return access; }