@Override public Set<Right> getImpliedRights() { return new RightSet(Right.VIEW, Right.EDIT, Right.DELETE); }
@Override public Set<Right> getImpliedRights() { return new RightSet(Right.VIEW, Right.EDIT, Right.DELETE, Right.COMMENT); }
/** * Enable this right for the given entity type. * @param type the entity type, null for the the main wiki. */ private void enableFor(EntityType type) { Set<Right> rights = ENABLED_RIGHTS.get(type); if (rights == null) { rights = new RightSet(); ENABLED_RIGHTS.put(type, rights); UNMODIFIABLE_ENABLED_RIGHTS.put(type, Collections.unmodifiableSet(rights)); } rights.add(this); }
/** * Clone implied Rights. * @param impliedRights the collection of rights to clone. * @return the cloned collection or null if no valid implied right has been provided. */ private Set<Right> cloneImpliedRights(Set<Right> impliedRights) { if (impliedRights == null || impliedRights.size() == 0) { return null; } Set<Right> implied = new RightSet(impliedRights); if (implied.size() > 0) { return Collections.unmodifiableSet(implied); } else { return null; } }
/** * Create Policies based on default initial policies. */ Policies() { try { if (initialAllowTie == null || Right.size() != initialPolicySize) { initialPolicySize = Right.size(); allowTie = new RightSet(); noOverride = new RightSet(); for (Right right : Right.values()) { set(right, right); } initialAllowTie = ((RightSet) allowTie).clone(); initialNoOverride = ((RightSet) noOverride).clone(); } else { allowTie = initialAllowTie.clone(); noOverride = initialNoOverride.clone(); } } catch (CloneNotSupportedException ignored) { // unexpected } }
@Override protected XWikiSecurityAccess settle(UserSecurityReference user, Collection<GroupSecurityReference> groups, SecurityRuleEntry entry, Policies policies) { Set<Right> enabledRights = Right.getEnabledRights(entry.getReference().getSecurityType()); Set<Right> fromUser = new RightSet(); Set<Right> allowed = new RightSet(); XWikiSecurityAccess access = new XWikiSecurityAccess(); // Evaluate rules from current entity for (Right right : enabledRights) { for (SecurityRule rule : entry.getRules()) { if (rule.match(right)) { if (rule.getState() == ALLOW) { allowed.add(right); } resolveLevel(right, user, groups, rule, access, policies, fromUser); if (access.get(right) == ALLOW) { implyRights(right, access, enabledRights, policies, fromUser); } } } } // The same behavior as the old implementation. I.e., an allow means implicit deny for everyone else. for (Right right : allowed) { if (access.get(right) == UNDETERMINED) { access.deny(right); } } return access; }