1. Project Clover database Sat Feb 2 2019 06:45:20 CET
  2. Package org.xwiki.security.authorization.internal

File AbstractAuthorizationSettler.java

 

Coverage histogram

../../../../../img/srcFileCovDistChart10.png
0% of files have more coverage

Code metrics

24
48
11
3
259
139
28
0.58
4.36
3.67
2.55

Classes

Class Line # Actions
AbstractAuthorizationSettler 43 25 0% 14 0
1.0100%
AbstractAuthorizationSettler.InternalSecurityAccessEntry 57 6 0% 4 0
1.0100%
AbstractAuthorizationSettler.Policies 103 17 0% 10 0
1.0100%
 

Contributing tests

No tests hitting this source file were found.

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package org.xwiki.security.authorization.internal;
21   
22    import java.util.Collection;
23    import java.util.Deque;
24    import java.util.Set;
25   
26    import org.xwiki.model.EntityType;
27    import org.xwiki.security.GroupSecurityReference;
28    import org.xwiki.security.SecurityReference;
29    import org.xwiki.security.UserSecurityReference;
30    import org.xwiki.security.authorization.AuthorizationSettler;
31    import org.xwiki.security.authorization.Right;
32    import org.xwiki.security.authorization.RightSet;
33    import org.xwiki.security.authorization.RuleState;
34    import org.xwiki.security.authorization.SecurityAccess;
35    import org.xwiki.security.authorization.SecurityAccessEntry;
36    import org.xwiki.security.authorization.SecurityRuleEntry;
37   
38    /**
39    * Abstract super class for right resolvers.
40    * @version $Id: 5ee96de6b6337fdb5a1d91de43f79fdf9ce7e3ec $
41    * @since 4.0M2
42    */
 
43    abstract class AbstractAuthorizationSettler implements AuthorizationSettler
44    {
45    /** Cache the initial tie resolution. */
46    private static RightSet initialAllowTie;
47   
48    /** Cache the initial no override inheritance policy. */
49    private static RightSet initialNoOverride;
50   
51    /** The initial policy size. Check to update initial policies if a new Right is added. */
52    private static int initialPolicySize;
53   
54    /**
55    * Private implementation of the {@link SecurityAccessEntry}.
56    */
 
57    private final class InternalSecurityAccessEntry extends AbstractSecurityAccessEntry
58    {
59    /** User reference. */
60    private final UserSecurityReference userReference;
61   
62    /** Entity reference. */
63    private final SecurityReference reference;
64   
65    /** Security access. */
66    private final SecurityAccess access;
67   
68    /**
69    * @param user User reference
70    * @param reference Entity reference
71    * @param access access
72    */
 
73  35572 toggle InternalSecurityAccessEntry(UserSecurityReference user, SecurityReference reference,
74    SecurityAccess access)
75    {
76  35576 this.userReference = user;
77  35577 this.reference = reference;
78  35579 this.access = access;
79    }
80   
 
81  137870 toggle @Override
82    public UserSecurityReference getUserReference()
83    {
84  137878 return this.userReference;
85    }
86   
 
87  1352610 toggle @Override
88    public SecurityAccess getAccess()
89    {
90  1352646 return this.access;
91    }
92   
 
93  139218 toggle @Override
94    public SecurityReference getReference()
95    {
96  139221 return this.reference;
97    }
98    }
99   
100    /**
101    * Current policies helper.
102    */
 
103    protected final class Policies
104    {
105    /** Current right which has an allow tie. */
106    private Set<Right> allowTie;
107   
108    /** Current right which has an no override inheritance policy. */
109    private Set<Right> noOverride;
110   
111    /**
112    * Create Policies based on default initial policies.
113    */
 
114  35568 toggle Policies() {
115  35575 try {
116  35580 if (initialAllowTie == null || Right.size() != initialPolicySize) {
117  43 initialPolicySize = Right.size();
118  43 allowTie = new RightSet();
119  43 noOverride = new RightSet();
120  43 for (Right right : Right.values()) {
121  537 set(right, right);
122    }
123  43 initialAllowTie = ((RightSet) allowTie).clone();
124  43 initialNoOverride = ((RightSet) noOverride).clone();
125    } else {
126  35531 allowTie = initialAllowTie.clone();
127  35541 noOverride = initialNoOverride.clone();
128    }
129    } catch (CloneNotSupportedException ignored) {
130    // unexpected
131    }
132    }
133   
134    /**
135    * Set the current tie and inheritance policy of an implied right
136    * to the policies of the original right.
137    * Once allowed, the resolution policy could not be denied.
138    * Once a no override policy set, it could not be revoked.
139    *
140    * @param impliedRight the implied right to set
141    * @param originalRight the original right to get
142    */
 
143  505622 toggle public void set(Right impliedRight, Right originalRight) {
144  505619 if (originalRight.getTieResolutionPolicy() == RuleState.ALLOW) {
145  437312 allowTie.add(impliedRight);
146    }
147  505606 if (!originalRight.getInheritanceOverridePolicy()) {
148  437258 noOverride.add(impliedRight);
149    }
150    }
151   
152    /**
153    * @param right the right to check.
154    * @return the current tie resolution policy of this right.
155    */
 
156  222 toggle public RuleState getTieResolutionPolicy(Right right) {
157  222 return (allowTie.contains(right)) ? RuleState.ALLOW : RuleState.DENY;
158    }
159   
160    /**
161    * @param right the right to check.
162    * @return the current tie resolution policy of this right.
163    */
 
164  34804 toggle public boolean getInheritanceOverridePolicy(Right right) {
165  34803 return !noOverride.contains(right);
166    }
167    }
168   
 
169  35573 toggle @Override
170    public SecurityAccessEntry settle(UserSecurityReference user,
171    Collection<GroupSecurityReference> groups, Deque<SecurityRuleEntry> ruleEntries)
172    {
173  35579 XWikiSecurityAccess access = new XWikiSecurityAccess();
174  35577 SecurityReference reference = null;
175   
176  35577 Policies policies = new Policies();
177   
178  35571 for (SecurityRuleEntry entry : ruleEntries) {
179  115285 if (!entry.isEmpty()) {
180    // Chose the highest possible level to store the resulting access
181  110428 if (reference == null) {
182  35573 reference = entry.getReference();
183    }
184    // Compute access of this level and merge it with previous access result
185  110424 merge(settle(user, groups, entry, policies), access, entry.getReference(), policies);
186    }
187  115290 if (reference == null && entry.getReference().getType() == EntityType.WIKI) {
188  6 reference = entry.getReference();
189    }
190    }
191   
192    // Apply defaults and return the resulting access entry
193  35579 return new InternalSecurityAccessEntry(user, reference, applyDefaults(user, reference, access));
194    }
195   
196    /**
197    * Apply default values for undetermined rights.
198    *
199    * @param user The user, whose rights are to be determined.
200    * @param reference The entity, which the user wants to access.
201    * @param access The accumulated access result (modified and returned).
202    * @return the accumulated access result.
203    */
 
204  35576 toggle protected XWikiSecurityAccess applyDefaults(UserSecurityReference user, SecurityReference reference,
205    XWikiSecurityAccess access)
206    {
207  35582 for (Right right : Right.values()) {
208  427517 if (access.get(right) == RuleState.UNDETERMINED) {
209  88940 if (!user.isGlobal() && !user.getOriginalReference().getWikiReference()
210    .equals(reference.extractReference(EntityType.WIKI))) {
211    /*
212    * Deny all by default for users from another wiki.
213    */
214  175 access.deny(right);
215    } else {
216  88767 access.set(right, right.getDefaultState());
217    }
218    }
219    }
220   
221  35583 return access;
222    }
223   
224    /**
225    * Compute the access of a particular document hierarchy level.
226    * @param user The user.
227    * @param groups The groups where the user is a member.
228    * @param entry The security entry to settle.
229    * @param policies the current security policies.
230    * @return the resulting access for the user/group based on the given rules.
231    */
232    protected abstract XWikiSecurityAccess settle(UserSecurityReference user, Collection<GroupSecurityReference> groups,
233    SecurityRuleEntry entry, Policies policies);
234   
235    /**
236    * Merge the current access with the result from previous ones.
237    * @param currentAccess The access computed at the current entity in the document hierarchy.
238    * @param access The resulting access previously computed (modified and returned).
239    * @param reference the current entity in the document hierarchy.
240    * @param policies the current security policies.
241    */
 
242  110409 toggle protected void merge(SecurityAccess currentAccess, XWikiSecurityAccess access,
243    SecurityReference reference, Policies policies)
244    {
245  110428 for (Right right : Right.getEnabledRights(reference.getSecurityType())) {
246    // Skip undetermined rights
247  841087 if (currentAccess.get(right) == RuleState.UNDETERMINED) {
248  465358 continue;
249    }
250  375730 if (access.get(right) == RuleState.UNDETERMINED) {
251  338580 access.set(right, currentAccess.get(right));
252  338578 continue;
253    }
254  37147 if (currentAccess.get(right) == RuleState.ALLOW && !policies.getInheritanceOverridePolicy(right)) {
255  32081 access.allow(right);
256    }
257    }
258    }
259    }