/** * @param document the translation document * @param scope the scope * @throws AccessDeniedException thrown when the document author does not have enough right for the provided * {@link Scope} */ private void checkRegistrationAuthorization(XWikiDocument document, Scope scope) throws AccessDeniedException { switch (scope) { case GLOBAL: this.authorizationManager.checkAccess(Right.PROGRAM, document.getAuthorReference(), null); break; case WIKI: this.authorizationManager.checkAccess(Right.ADMIN, document.getAuthorReference(), document .getDocumentReference().getWikiReference()); break; default: break; } }
private void checkAccess(Right right, DocumentReference user, EntityReference entity) throws AccessDeniedException { if (!checkPreAccess(right)) { throw new AccessDeniedException(right, user, entity); } this.authorizationManager.checkAccess(right, user, getFullReference(entity)); }
private void checkProgrammingRights() throws AuthorizationException { XWikiContext xcontext = this.xcontextProvider.get(); authorizationManager.checkAccess(Right.PROGRAM, xcontext.getDoc().getAuthorReference(), xcontext.getDoc() .getDocumentReference()); }
/** * Check that all required permissions are respected by both the script and the user. * * @param wikiId the id of the wiki concerned by the operation * @param user the user concerned by the operation * * @throws AccessDeniedException if the permissions are not respected */ private void checkRights(String wikiId, DocumentReference user) throws AccessDeniedException { XWikiContext context = xcontextProvider.get(); // Does the script author have the admin right? // // The goal is to avoid that a non-granted user writes a script, which could be executed by an administrator, // which uses this script service to perform "nasty" operations, like being invited to a sub-wiki. // // By the past, we checked for the programing right, but it was too restrictive, as it make impossible to // a user without programing rights to create a wiki and then invite some peoples in it. authorizationManager.checkAccess(Right.ADMIN, context.getDoc().getAuthorReference(), context.getDoc().getDocumentReference()); // Is the user concerned by the operation? if (user != null && user.equals(context.getUserReference())) { // If the user is concerned, then she has the right to perform this operation. return; } // Does the current user have the admin right? authorizationManager.checkAccess(Right.ADMIN, context.getUserReference(), new WikiReference(wikiId)); }
authorizationManager.checkAccess(Right.CREATE_WIKI, context.getUserReference(), mainWikiReference); if (!failOnExist) { authorizationManager.checkAccess(Right.PROGRAM, context.getUserReference(), mainWikiReference);
XWikiContext context = xcontextProvider.get(); authorizationManager.checkAccess(Right.PROGRAM, context.getDoc().getAuthorReference(), context.getDoc().getDocumentReference()); authorizationManager.checkAccess(Right.CREATE_WIKI, context.getUserReference(), new WikiReference(context.getMainXWiki()));
try { authorizationManager.checkAccess(Right.PROGRAM, context.getDoc().getAuthorReference(), context.getDoc().getDocumentReference()); String currentUser = entityReferenceSerializer.serialize(context.getUserReference()); if (!currentUser.equals(owner)) { authorizationManager.checkAccess(Right.ADMIN, context.getUserReference(), wikiReference);