/** * Note that this method allows extending classes to override it to allow jars parameters to be used without * programming rights for example or to use some other conditions. * * @return true if the user can use the macro parameter used to pass additional JARs to the class loader used to * evaluate a script */ private boolean canHaveJarsParameters() { return this.authorizationManager.hasAccess(Right.PROGRAM); } }
protected boolean hasProgrammingRights() { return this.authorization.hasAccess(Right.PROGRAM); } }
@Override public boolean hasPermission(ScriptMacroParameters parameters, MacroTransformationContext context) { return authorizationManager.hasAccess(Right.PROGRAM); }
@Override public boolean hasAdminRights(XWikiContext context) { return contextualAuthorizationManager.hasAccess(Right.ADMIN); }
@Override public List filterResults(List results) { List<Object> filteredResults = new LinkedList<>(); for (Object result : results) { EntityReference entityReference = null; if (result instanceof EntityReference) { entityReference = (EntityReference) result; } else if (result instanceof Object[] && ((Object[]) result)[0] instanceof EntityReference) { entityReference = (EntityReference) ((Object[]) result)[0]; } if (entityReference != null && this.authorization.hasAccess(Right.VIEW, entityReference)) { filteredResults.add(result); } } return filteredResults; } }
@Override public boolean hasWikiAdminRights(XWikiContext context) { return contextualAuthorizationManager.hasAccess(Right.ADMIN, new WikiReference(context.getWikiId())); }
/** * Prepares a list of history records for replay. * * @param records the history records to prepare for replay * @param preserveUsers {@code true} if the given history records should be replayed using their original users, * {@code false} if the current user should be used instead * @param namespaces the namespaces where to replay the given history records; pass {@code null} or an empty * collection if you want to preserve the original namespaces * @return the modified history records, prepared to be replayed */ public List<ExtensionJobHistoryRecord> createReplayPlan(List<ExtensionJobHistoryRecord> records, boolean preserveUsers, Collection<String> namespaces) { String currentWiki = this.xcontextProvider.get().getWikiId(); if (!this.authorization.hasAccess(Right.ADMIN, new WikiReference(currentWiki))) { return Collections.emptyList(); } else if (!this.authorization.hasAccess(Right.PROGRAM)) { // Replay on the current wiki using the current user. return createReplayPlanInternal(records, false, Arrays.asList(WIKI_NAMESPACE_PREFIX + currentWiki)); } else { // Only the users that have PR can preserve the rights-related properties of the original extension request. return createReplayPlanInternal(records, preserveUsers, namespaces); } }
/** * @param documentReference the Skin Extension's document reference * @param context the XWiki Context * @return true if the specified document is accessible (i.e. has view rights) by the current user; false otherwise * @since 7.4.1 */ protected boolean isAccessible(DocumentReference documentReference, XWikiContext context) { if (!Utils.getComponent(ContextualAuthorizationManager.class).hasAccess(Right.VIEW, documentReference)) { LOGGER.debug("[{}] The current user [{}] does not have 'view' rights on the Skin Extension document [{}]", getName(), context.getUserReference(), documentReference); return false; } return true; }
@Override public <T> List<T> execute(Query query) throws QueryException { if (query instanceof SecureQuery) { SecureQuery secureQuery = (SecureQuery) query; // Force checking current author rights secureQuery.checkCurrentAuthor(true); } else if (!this.authorization.hasAccess(Right.PROGRAM)) { throw new QueryException("Unsecure query require programming right", query, null); } return this.defaultQueryExecutorManager.execute(query); }
@Override public boolean checkAccess(String action, XWikiDocument doc, XWikiContext context) throws XWikiException { Right right = actionToRight(action); EntityReference entityReference = doc.getDocumentReference(); LOGGER.debug("checkAccess for action [{}] on entity [{}].", right, entityReference); authenticateUser(context); if (contextualAuthorizationManager.hasAccess(right, entityReference)) { return true; } // If the right has been denied, and we have guest user, redirect the user to login page // unless the denied is on the login action, which could cause infinite redirection. // FIXME: The hasAccessLevel is broken (do not allow document creator) on the delete action in the old // implementation, so code that simply want to verify if a user can delete (but is not actually deleting) // has to call checkAccess. This happen really often, and this why we should not redirect to login on failed // delete, since it would prevent most user to do anything. if (context.getUserReference() == null && !DELETE_ACTION.equals(action) && !LOGIN_ACTION.equals(action)) { LOGGER.debug("Redirecting unauthenticated user to login, since it have been denied [{}] on [{}].", right, entityReference); showLogin(context); } return false; }
/** * Used for backward compatibility. Uses the following algorithm: * <ul> * <li>if the executing Macro doesn't implements PrivilegedScriptMacro then allow execution</li> * <li>otherwise allow execution only if the current document has Programming Rights</li> * </ul> * * @param macroId the information about the current executing script macro * @param event the script event which we use to cancel script execution if permission is not allowed */ private void backwardCompatibilityCheck(MacroId macroId, CancelableEvent event) { try { if (!(macroManager.getMacro(macroId) instanceof PrivilegedScriptMacro)) { // no special permission needed return; } // with not protected script engine, we are testing if programming right is allowed if (!this.authorizationManager.hasAccess(Right.PROGRAM)) { event.cancel( String.format("You need Programming Rights to execute the script macro [%s]", macroId.getId())); } } catch (MacroLookupException exception) { // should not happen, this method was called from that macro } } }
/** * Get the status of the currently executing job, if any. * * @return status of the currently executing job, or {@code null} if no job is being executed */ public JobStatus getCurrentJobStatus() { Job job = getCurrentJobInternal(); JobStatus jobStatus; if (job != null) { jobStatus = job.getStatus(); if (!this.authorization.hasAccess(Right.PROGRAM)) { jobStatus = safe(jobStatus); } } else { jobStatus = null; } return jobStatus; }
@Override public boolean hasPermission(ScriptMacroParameters parameters, MacroTransformationContext context) { boolean hasPermission; if (this.configuration.getCompilationCustomizerNames().contains("secure")) { // If we are not running in a restricted context and we have the script right, the macro may run, but // security will be delegated to the Groovy Secure Customizer. hasPermission = !context.getTransformationContext().isRestricted() && getAuthorizationManager().hasAccess(Right.SCRIPT); } else { hasPermission = super.hasPermission(parameters, context); } return hasPermission; } }
/** * Get a reference to the currently job executed. * <p> * Current here basically means the extension related job that is going to block any new job that would be * associated to the current namespace. * * @return currently executing job, or {@code null} if no job is being executed */ public Job getCurrentJob() { setError(null); if (!this.authorization.hasAccess(Right.PROGRAM)) { setError(new JobException("You need programming rights to get the current job.")); return null; } return getCurrentJobInternal(); }
/** * Start the asynchronous installation plan creation process for an extension. * * @param installRequest installation instructions * @return the {@link Job} object which can be used to monitor the progress of the installation process, or * {@code null} in case of failure */ public Job createInstallPlan(InstallRequest installRequest) { setError(null); if (!this.authorization.hasAccess(Right.PROGRAM)) { // Make sure only PR user can remove the right checking or change the users setRightsProperties(installRequest); } Job job = null; try { job = this.jobExecutor.execute(InstallPlanJob.JOBTYPE, installRequest); } catch (JobException e) { setError(e); } return job; }
/** * Adds a new job to the job queue to perform the given uninstall plan request. * <p> * This method requires programming rights. * * @param uninstallRequest the uninstall plan request to perform * @return the {@link Job} object which can be used to monitor the progress of the uninstall plan process, or * {@code null} in case of failure */ private Job createUninstallPlan(UninstallRequest uninstallRequest) { setError(null); if (!this.authorization.hasAccess(Right.PROGRAM)) { // Make sure only PR user can remove the right checking or change the users setRightsProperties(uninstallRequest); } Job job = null; try { job = this.jobExecutor.execute(UninstallPlanJob.JOBTYPE, uninstallRequest); } catch (JobException e) { setError(e); } return job; }
if (!this.authorization.hasAccess(Right.PROGRAM)) {
/** * Count the number of message statuses matching the passed filters. * * @param filterMap the map of Mail Status parameters to match (e.g. "status", "wiki", "batchId", etc) * @return the number of mail statuses or 0 if not allowed or an error happens */ public long count(Map<String, Object> filterMap) { // Only admins are allowed if (this.authorizationManager.hasAccess(Right.ADMIN)) { try { return this.mailStatusStore.count(normalizeFilterMap(filterMap)); } catch (MailStoreException e) { // Save the exception for reporting through the script services's getLastError() API setError(e); return 0; } } else { // Save the exception for reporting through the script services's getLastError() API setError(new MailStoreException("You need Admin rights to count mail statuses")); return 0; } }
/** * Executes a refactoring request. * * @param type the type of refactoring to execute * @param request the refactoring request to execute * @return the job that has been scheduled and that can be used to monitor the progress of the operation, * {@code null} in case of failure */ private Job execute(String type, AbstractCheckRightsRequest request) { setError(null); // Make sure that only the PR users can change the rights and context properties from the request. if (!this.authorization.hasAccess(Right.PROGRAM)) { getRequestFactory().setRightsProperties(request); } try { return this.jobExecutor.execute(type, request); } catch (JobException e) { setError(e); return null; } }
@Override public boolean hasProgrammingRights(XWikiDocument doc, XWikiContext context) { DocumentReference user; WikiReference wiki; if (doc != null) { user = doc.getContentAuthorReference(); wiki = doc.getDocumentReference().getWikiReference(); } else { user = context.getUserReference(); wiki = new WikiReference(context.getWikiId()); } if (user != null && XWikiConstants.GUEST_USER.equals(user.getName())) { // Public users (not logged in) should be passed as null in the new API. It may happen that badly // design code, and poorly written API does not take care, so we prevent security issue here. user = null; } // This method as never check for external contextual aspect like rendering context restriction or dropping of // permissions. So we do not use the contextual authorization manager to keep backward compatibility. return authorizationManager.hasAccess(Right.PROGRAM, user, wiki); }