1. Project Clover database Sat Feb 2 2019 06:45:20 CET
  2. Package org.xwiki.rendering.internal.macro.groovy

File GroovyMacroPermissionPolicy.java

 

Coverage histogram

../../../../../../img/srcFileCovDistChart10.png
0% of files have more coverage

Code metrics

2
5
1
1
69
30
2
0.4
5
1
2

Classes

Class Line # Actions
GroovyMacroPermissionPolicy 47 5 0% 2 0
1.0100%
 

Contributing tests

This file is covered by 30 tests. .

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package org.xwiki.rendering.internal.macro.groovy;
21   
22    import javax.inject.Inject;
23    import javax.inject.Named;
24    import javax.inject.Singleton;
25   
26    import org.xwiki.component.annotation.Component;
27    import org.xwiki.groovy.GroovyConfiguration;
28    import org.xwiki.rendering.macro.script.AbstractScriptMacroPermissionPolicy;
29    import org.xwiki.rendering.macro.script.ScriptMacroParameters;
30    import org.xwiki.rendering.transformation.MacroTransformationContext;
31    import org.xwiki.security.authorization.Right;
32   
33    /**
34    * Decide if Groovy script execution is allowed. Allow execution if one of the following conditions is met:
35    * <ul>
36    * <li>if the Secure Groovy Customizer is active and the transformation context
37    * is <strong>not</strong> restricted</li>
38    * <li>if the current document has programming rights</li>
39    * </ul>
40    *
41    * @version $Id: 6f1b59d816f851f9d13e01992d44d00ed1872234 $
42    * @since 4.1M1
43    */
44    @Component
45    @Named("groovy")
46    @Singleton
 
47    public class GroovyMacroPermissionPolicy extends AbstractScriptMacroPermissionPolicy
48    {
49    /**
50    * Used to verify if the Groovy Secure Customizer is active. If so, we delegate security checks to it.
51    */
52    @Inject
53    private GroovyConfiguration configuration;
54   
 
55  260 toggle @Override
56    public boolean hasPermission(ScriptMacroParameters parameters, MacroTransformationContext context)
57    {
58  260 boolean hasPermission;
59  260 if (this.configuration.getCompilationCustomizerNames().contains("secure")) {
60    // If we are not running in a restricted context and we have the script right, the macro may run, but
61    // security will be delegated to the Groovy Secure Customizer.
62  5 hasPermission =
63    !context.getTransformationContext().isRestricted() && getAuthorizationManager().hasAccess(Right.SCRIPT);
64    } else {
65  255 hasPermission = super.hasPermission(parameters, context);
66    }
67  260 return hasPermission;
68    }
69    }