1. Project Clover database Tue Dec 20 2016 21:24:09 CET
  2. Package org.xwiki.annotation.rights.internal

File XWikiAnnotationRightService.java

 

Coverage histogram

../../../../../img/srcFileCovDistChart7.png
64% of files have more coverage

Code metrics

2
15
7
1
148
76
9
0.6
2.14
7
1.29

Classes

Class Line # Actions
XWikiAnnotationRightService 47 15 0% 9 9
0.62562.5%
 

Contributing tests

No tests hitting this source file were found.

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package org.xwiki.annotation.rights.internal;
21   
22    import javax.inject.Inject;
23    import javax.inject.Named;
24    import javax.inject.Singleton;
25   
26    import org.slf4j.Logger;
27    import org.xwiki.annotation.Annotation;
28    import org.xwiki.annotation.io.IOService;
29    import org.xwiki.annotation.reference.TypedStringEntityReferenceResolver;
30    import org.xwiki.annotation.rights.AnnotationRightService;
31    import org.xwiki.component.annotation.Component;
32    import org.xwiki.model.EntityType;
33    import org.xwiki.model.reference.DocumentReference;
34    import org.xwiki.model.reference.DocumentReferenceResolver;
35    import org.xwiki.model.reference.EntityReference;
36    import org.xwiki.security.authorization.AuthorizationManager;
37    import org.xwiki.security.authorization.Right;
38   
39    /**
40    * Implementation of the rights service based on the XWiki access rights.
41    *
42    * @version $Id: 9c13995a51096ccd89e49238ca052c020a18a7c6 $
43    * @since 2.3M1
44    */
45    @Component
46    @Singleton
 
47    public class XWikiAnnotationRightService implements AnnotationRightService
48    {
49    /**
50    * Entity reference handler to resolve the reference target. <br>
51    * TODO: should be a current reference resolver, to be fully correct, but for the moment it will be a default one,
52    * since current resolver does not exist in 2.1.1 and a current typed resolver would fail. Plus, all references
53    * passed to this service should be absolute.
54    */
55    @Inject
56    private TypedStringEntityReferenceResolver referenceResolver;
57   
58    /**
59    * The annotations storage service, used to retrieve information about annotations to check the rights on it.
60    */
61    @Inject
62    private IOService annotationsStorageService;
63   
64    @Inject
65    private AuthorizationManager authorization;
66   
67    @Inject
68    @Named("user/current")
69    private DocumentReferenceResolver<String> userAndGroupReferenceResolver;
70   
71    /**
72    * The logger to log.
73    */
74    @Inject
75    private Logger logger;
76   
 
77  8 toggle @Override
78    public boolean canAddAnnotation(String target, String userName)
79    {
80    // if the user has comment right on the document represented by the target
81  8 return this.authorization.hasAccess(Right.COMMENT, getUserReference(userName), getDocumentReference(target));
82    }
83   
 
84  12 toggle @Override
85    public boolean canEditAnnotation(String annotationId, String target, String userName)
86    {
87    // if the user has edit right on the document represented by the target, or is the author of the annotation
88  12 try {
89  12 boolean hasEditRight =
90    this.authorization.hasAccess(Right.EDIT, getUserReference(userName), getDocumentReference(target));
91  12 if (hasEditRight) {
92  12 return true;
93    }
94   
95    // check if it's the author of the annotation
96  0 Annotation ann = annotationsStorageService.getAnnotation(target, annotationId);
97  0 return ann != null && ann.getAuthor().equals(userName);
98    } catch (Exception e) {
99  0 logException(e, target, userName);
100  0 return false;
101    }
102    }
103   
 
104  0 toggle @Override
105    public boolean canViewAnnotatedTarget(String target, String userName)
106    {
107  0 return canViewAnnotations(target, userName);
108    }
109   
 
110  9 toggle @Override
111    public boolean canViewAnnotations(String target, String userName)
112    {
113    // if user can view the target, it should be able to view annotations on it
114  9 return this.authorization.hasAccess(Right.VIEW, getUserReference(userName), getDocumentReference(target));
115    }
116   
117    /**
118    * Helper method to parse the target as a reference and extract a serialized document reference from it: the
119    * document reference serialized if the target can be parsed as a typed reference, or the initial string itself
120    * otherwise.
121    *
122    * @param target the serialized reference to target to extract the document reference from
123    * @return the serialized reference to the document to which the target refers
124    */
 
125  29 toggle private EntityReference getDocumentReference(String target)
126    {
127  29 EntityReference ref = this.referenceResolver.resolve(target, EntityType.DOCUMENT);
128   
129  29 return ref.extractReference(EntityType.DOCUMENT);
130    }
131   
 
132  29 toggle private DocumentReference getUserReference(String username)
133    {
134  29 return this.userAndGroupReferenceResolver.resolve(username);
135    }
136   
137    /**
138    * Helper method to log an xwiki exception during rights checking process.
139    *
140    * @param e exception to log
141    * @param target the annotation target for which exception has occurred
142    * @param user the user name for which exception occurred on verification
143    */
 
144  0 toggle private void logException(Exception e, String target, String user)
145    {
146  0 this.logger.warn("Couldn't get access rights for the target [{}] for user [{}]", target, user, e);
147    }
148    }