|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
@Role public interface AuthorizationManager
This is a new experimental API for checking the access rights of users on XWiki entities. It is aims to replace the current com.xpn.xwiki.user.api.XWikiRightService. It should provide better extensibility and improved performance while being almost fully compatible with the existing implementation. See org.xwiki.security.authorization.internal.XWikiCachingRightService for a bridge to this new authorization manager for legacy code. The AuthorisationManager does not provide any help for authentication. Authentication should be provided by another components, yet to be written. Neither this authorization manager has any real use of the context (except for some still to be refactored stuffs, like the read-only mode of XWiki), a separate contextual authorization manager could be written for this purpose.
Field Summary | |
---|---|
static String |
SUPERADMIN_USER
The Superadmin username. |
Method Summary | |
---|---|
void |
checkAccess(Right right,
DocumentReference userReference,
EntityReference entityReference)
Check if the user identified by userReference has the access identified by right on the
entity identified by entityReference . |
boolean |
hasAccess(Right right,
DocumentReference userReference,
EntityReference entityReference)
Verifies if the user identified by userReference has the access identified by right on the
entity identified by entityReference . |
Right |
register(RightDescription rightDescription)
Register a new custom Right . |
Field Detail |
---|
static final String SUPERADMIN_USER
Method Detail |
---|
void checkAccess(Right right, DocumentReference userReference, EntityReference entityReference) throws AccessDeniedException
userReference
has the access identified by right
on the
entity identified by entityReference
. Note that some rights may be checked higher in hierarchy of the
provided entity if such right is not enabled at lowest hierarchy level provided.
This function should be used at security checkpoint.
right
- the right needed for execution of the actionuserReference
- the user to check the right forentityReference
- the entity on which to check the right
AccessDeniedException
- if the action should be deniedboolean hasAccess(Right right, DocumentReference userReference, EntityReference entityReference)
userReference
has the access identified by right
on the
entity identified by entityReference
. Note that some rights may be checked higher in hierarchy of the
provided entity if such right is not enabled at lowest hierarchy level provided.
This function should be used for interface matters, use checkAccess(org.xwiki.security.authorization.Right, org.xwiki.model.reference.DocumentReference, org.xwiki.model.reference.EntityReference)
at security checkpoints.
right
- the right to check .userReference
- the user to check the right forentityReference
- the entity on which to check the right
true
if the user has the specified right on the entity, false
otherwiseRight register(RightDescription rightDescription) throws UnableToRegisterRightException
Right
.
rightDescription
- the full description of the new Right
Right
UnableToRegisterRightException
- if an error prevent creation of the new right. Registering exactly
the same right does not cause an exception and return the existing right.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |