1. Project Clover database Tue Dec 20 2016 21:24:09 CET
  2. Package org.xwiki.security.authorization

File AuthorizationManager.java

 

Code metrics

0
0
0
1
85
13
0
-
-
0
-

Classes

Class Line # Actions
AuthorizationManager 42 0 - 0 0
-1.0 -
 

Contributing tests

No tests hitting this source file were found.

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package org.xwiki.security.authorization;
21   
22    import org.xwiki.component.annotation.Role;
23    import org.xwiki.model.reference.DocumentReference;
24    import org.xwiki.model.reference.EntityReference;
25   
26    /**
27    * This API is for checking the access rights of any users on any XWiki entities. It replaces
28    * {@code com.xpn.xwiki.user.api.XWikiRightService} and provides better extensibility and improved performance while
29    * being almost fully compatible with the existing implementation.
30    * See {@code org.xwiki.security.authorization.internal.XWikiCachingRightService} for a bridge to this new authorization
31    * manager for legacy code.
32    *
33    * The AuthorisationManager does not provide any help for authentication. Authentication should be provided by
34    * another components, yet to be written.
35    * Neither this authorization manager has any real use of the context (except for some still to be refactored
36    * stuffs, like the read-only mode of XWiki), see ContextualAuthorizationManager for this purpose.
37    *
38    * @version $Id: a7e8e226bce1f91e39fde7883ee43c6db5a7902d $
39    * @since 4.0M2
40    */
41    @Role
 
42    public interface AuthorizationManager
43    {
44    /**
45    * The Superadmin username.
46    */
47    String SUPERADMIN_USER = "superadmin";
48   
49    /**
50    * Check if the user identified by {@code userReference} has the access identified by {@code right} on the
51    * entity identified by {@code entityReference}. Note that some rights may be checked higher in hierarchy of the
52    * provided entity if such right is not enabled at lowest hierarchy level provided.
53    * This function should be used at security checkpoint.
54    *
55    * @param right the right needed for execution of the action
56    * @param userReference the user to check the right for
57    * @param entityReference the entity on which to check the right
58    * @throws AccessDeniedException if the action should be denied, which may also happen when an error occurs
59    */
60    void checkAccess(Right right, DocumentReference userReference, EntityReference entityReference)
61    throws AccessDeniedException;
62   
63    /**
64    * Verifies if the user identified by {@code userReference} has the access identified by {@code right} on the
65    * entity identified by {@code entityReference}. Note that some rights may be checked higher in hierarchy of the
66    * provided entity if such right is not enabled at lowest hierarchy level provided.
67    * This function should be used for interface matters, use {@link #checkAccess} at security checkpoints.
68    *
69    * @param right the right to check .
70    * @param userReference the user to check the right for
71    * @param entityReference the entity on which to check the right
72    * @return {@code true} if the user has the specified right on the entity, {@code false} otherwise
73    */
74    boolean hasAccess(Right right, DocumentReference userReference, EntityReference entityReference);
75   
76    /**
77    * Register a new custom {@link Right}.
78    *
79    * @param rightDescription the full description of the new {@link Right}
80    * @return the created {@link Right}
81    * @throws UnableToRegisterRightException if an error prevent creation of the new right. Registering exactly
82    * the same right does not cause an exception and return the existing right.
83    */
84    Right register(RightDescription rightDescription) throws UnableToRegisterRightException;
85    }