org.xwiki.security.authorization
Interface AuthorizationManager

All Known Implementing Classes:
DefaultAuthorizationManager

@Role
public interface AuthorizationManager

This is a new experimental API for checking the access rights of users on XWiki entities. It is aims to replace the current com.xpn.xwiki.user.api.XWikiRightService. It should provide better extensibility and improved performance while being almost fully compatible with the existing implementation. See org.xwiki.security.authorization.internal.XWikiCachingRightService for a bridge to this new authorization manager for legacy code. The AuthorisationManager does not provide any help for authentication. Authentication should be provided by another components, yet to be written. Neither this authorization manager has any real use of the context (except for some still to be refactored stuffs, like the read-only mode of XWiki), a separate contextual authorization manager could be written for this purpose.

Since:
4.0M2

Field Summary
static String SUPERADMIN_USER
          The Superadmin username.
 
Method Summary
 void checkAccess(Right right, DocumentReference userReference, EntityReference entityReference)
          Check if the user identified by userReference has the access identified by right on the entity identified by entityReference.
 boolean hasAccess(Right right, DocumentReference userReference, EntityReference entityReference)
          Verifies if the user identified by userReference has the access identified by right on the entity identified by entityReference.
 Right register(RightDescription rightDescription)
          Register a new custom Right.
 

Field Detail

SUPERADMIN_USER

static final String SUPERADMIN_USER
The Superadmin username.

See Also:
Constant Field Values
Method Detail

checkAccess

void checkAccess(Right right,
                 DocumentReference userReference,
                 EntityReference entityReference)
                 throws AccessDeniedException
Check if the user identified by userReference has the access identified by right on the entity identified by entityReference. Note that some rights may be checked higher in hierarchy of the provided entity if such right is not enabled at lowest hierarchy level provided. This function should be used at security checkpoint.

Parameters:
right - the right needed for execution of the action
userReference - the user to check the right for
entityReference - the entity on which to check the right
Throws:
AccessDeniedException - if the action should be denied

hasAccess

boolean hasAccess(Right right,
                  DocumentReference userReference,
                  EntityReference entityReference)
Verifies if the user identified by userReference has the access identified by right on the entity identified by entityReference. Note that some rights may be checked higher in hierarchy of the provided entity if such right is not enabled at lowest hierarchy level provided. This function should be used for interface matters, use checkAccess(org.xwiki.security.authorization.Right, org.xwiki.model.reference.DocumentReference, org.xwiki.model.reference.EntityReference) at security checkpoints.

Parameters:
right - the right to check .
userReference - the user to check the right for
entityReference - the entity on which to check the right
Returns:
true if the user has the specified right on the entity, false otherwise

register

Right register(RightDescription rightDescription)
               throws UnableToRegisterRightException
Register a new custom Right.

Parameters:
rightDescription - the full description of the new Right
Returns:
the created Right
Throws:
UnableToRegisterRightException - if an error prevent creation of the new right. Registering exactly the same right does not cause an exception and return the existing right.