1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
|
18 |
|
|
19 |
|
|
20 |
|
package org.xwiki.security.authorization.internal; |
21 |
|
|
22 |
|
import java.util.Collection; |
23 |
|
import java.util.Deque; |
24 |
|
import java.util.Set; |
25 |
|
|
26 |
|
import org.xwiki.model.EntityType; |
27 |
|
import org.xwiki.security.GroupSecurityReference; |
28 |
|
import org.xwiki.security.SecurityReference; |
29 |
|
import org.xwiki.security.UserSecurityReference; |
30 |
|
import org.xwiki.security.authorization.AuthorizationSettler; |
31 |
|
import org.xwiki.security.authorization.Right; |
32 |
|
import org.xwiki.security.authorization.RightSet; |
33 |
|
import org.xwiki.security.authorization.RuleState; |
34 |
|
import org.xwiki.security.authorization.SecurityAccess; |
35 |
|
import org.xwiki.security.authorization.SecurityAccessEntry; |
36 |
|
import org.xwiki.security.authorization.SecurityRuleEntry; |
37 |
|
|
38 |
|
|
39 |
|
|
40 |
|
@version |
41 |
|
@since |
42 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (44) |
Complexity: 14 |
Complexity Density: 0.56 |
|
43 |
|
abstract class AbstractAuthorizationSettler implements AuthorizationSettler |
44 |
|
{ |
45 |
|
|
46 |
|
private static RightSet initialAllowTie; |
47 |
|
|
48 |
|
|
49 |
|
private static RightSet initialNoOverride; |
50 |
|
|
51 |
|
|
52 |
|
private static int initialPolicySize; |
53 |
|
|
54 |
|
|
55 |
|
@link |
56 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (10) |
Complexity: 4 |
Complexity Density: 0.67 |
|
57 |
|
private final class InternalSecurityAccessEntry extends AbstractSecurityAccessEntry |
58 |
|
{ |
59 |
|
|
60 |
|
private final UserSecurityReference userReference; |
61 |
|
|
62 |
|
|
63 |
|
private final SecurityReference reference; |
64 |
|
|
65 |
|
|
66 |
|
private final SecurityAccess access; |
67 |
|
|
68 |
|
|
69 |
|
@param |
70 |
|
@param |
71 |
|
@param |
72 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (3) |
Complexity: 1 |
Complexity Density: 0.33 |
|
73 |
2452 |
InternalSecurityAccessEntry(UserSecurityReference user, SecurityReference reference,... |
74 |
|
SecurityAccess access) |
75 |
|
{ |
76 |
2452 |
this.userReference = user; |
77 |
2452 |
this.reference = reference; |
78 |
2452 |
this.access = access; |
79 |
|
} |
80 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
81 |
8648 |
@Override... |
82 |
|
public UserSecurityReference getUserReference() |
83 |
|
{ |
84 |
8648 |
return this.userReference; |
85 |
|
} |
86 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
87 |
62768 |
@Override... |
88 |
|
public SecurityAccess getAccess() |
89 |
|
{ |
90 |
62768 |
return this.access; |
91 |
|
} |
92 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
93 |
8966 |
@Override... |
94 |
|
public SecurityReference getReference() |
95 |
|
{ |
96 |
8966 |
return this.reference; |
97 |
|
} |
98 |
|
} |
99 |
|
|
100 |
|
|
101 |
|
|
102 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (29) |
Complexity: 10 |
Complexity Density: 0.59 |
|
103 |
|
protected final class Policies |
104 |
|
{ |
105 |
|
|
106 |
|
private Set<Right> allowTie; |
107 |
|
|
108 |
|
|
109 |
|
private Set<Right> noOverride; |
110 |
|
|
111 |
|
|
112 |
|
|
113 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (13) |
Complexity: 4 |
Complexity Density: 0.36 |
|
114 |
2452 |
Policies() {... |
115 |
2452 |
try { |
116 |
2452 |
if (initialAllowTie == null || Right.size() != initialPolicySize) { |
117 |
36 |
initialPolicySize = Right.size(); |
118 |
36 |
allowTie = new RightSet(); |
119 |
36 |
noOverride = new RightSet(); |
120 |
36 |
for (Right right : Right.values()) { |
121 |
453 |
set(right, right); |
122 |
|
} |
123 |
36 |
initialAllowTie = ((RightSet) allowTie).clone(); |
124 |
36 |
initialNoOverride = ((RightSet) noOverride).clone(); |
125 |
|
} else { |
126 |
2416 |
allowTie = initialAllowTie.clone(); |
127 |
2416 |
noOverride = initialNoOverride.clone(); |
128 |
|
} |
129 |
|
} catch (CloneNotSupportedException ignored) { |
130 |
|
|
131 |
|
} |
132 |
|
} |
133 |
|
|
134 |
|
|
135 |
|
|
136 |
|
|
137 |
|
|
138 |
|
|
139 |
|
|
140 |
|
@param |
141 |
|
@param |
142 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (8) |
Complexity: 3 |
Complexity Density: 0.75 |
|
143 |
1430 |
public void set(Right impliedRight, Right originalRight) {... |
144 |
1430 |
if (originalRight.getTieResolutionPolicy() == RuleState.ALLOW) { |
145 |
960 |
allowTie.add(impliedRight); |
146 |
|
} |
147 |
1430 |
if (!originalRight.getInheritanceOverridePolicy()) { |
148 |
924 |
noOverride.add(impliedRight); |
149 |
|
} |
150 |
|
} |
151 |
|
|
152 |
|
|
153 |
|
@param |
154 |
|
@return |
155 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (3) |
Complexity: 2 |
Complexity Density: 2 |
|
156 |
197 |
public RuleState getTieResolutionPolicy(Right right) {... |
157 |
197 |
return (allowTie.contains(right)) ? RuleState.ALLOW : RuleState.DENY; |
158 |
|
} |
159 |
|
|
160 |
|
|
161 |
|
@param |
162 |
|
@return |
163 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
164 |
323 |
public boolean getInheritanceOverridePolicy(Right right) {... |
165 |
323 |
return !noOverride.contains(right); |
166 |
|
} |
167 |
|
} |
168 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (17) |
Complexity: 5 |
Complexity Density: 0.45 |
|
169 |
2452 |
@Override... |
170 |
|
public SecurityAccessEntry settle(UserSecurityReference user, |
171 |
|
Collection<GroupSecurityReference> groups, Deque<SecurityRuleEntry> ruleEntries) |
172 |
|
{ |
173 |
2452 |
XWikiSecurityAccess access = new XWikiSecurityAccess(); |
174 |
2452 |
SecurityReference reference = null; |
175 |
|
|
176 |
2452 |
Policies policies = new Policies(); |
177 |
|
|
178 |
2452 |
for (SecurityRuleEntry entry : ruleEntries) { |
179 |
7355 |
if (!entry.isEmpty()) { |
180 |
|
|
181 |
6371 |
if (reference == null) { |
182 |
2446 |
reference = entry.getReference(); |
183 |
|
} |
184 |
|
|
185 |
6371 |
merge(settle(user, groups, entry, policies), access, entry.getReference(), policies); |
186 |
|
} |
187 |
7355 |
if (reference == null && entry.getReference().getType() == EntityType.WIKI) { |
188 |
6 |
reference = entry.getReference(); |
189 |
|
} |
190 |
|
} |
191 |
|
|
192 |
|
|
193 |
2452 |
return new InternalSecurityAccessEntry(user, reference, applyDefaults(user, reference, access)); |
194 |
|
} |
195 |
|
|
196 |
|
|
197 |
|
|
198 |
|
|
199 |
|
@param |
200 |
|
@param |
201 |
|
@param |
202 |
|
@return |
203 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (10) |
Complexity: 4 |
Complexity Density: 0.67 |
|
204 |
2452 |
protected XWikiSecurityAccess applyDefaults(UserSecurityReference user, SecurityReference reference,... |
205 |
|
XWikiSecurityAccess access) |
206 |
|
{ |
207 |
2452 |
for (Right right : Right.values()) { |
208 |
29966 |
if (access.get(right) == RuleState.UNDETERMINED) { |
209 |
23922 |
if (!user.isGlobal() && !user.getOriginalReference().getWikiReference() |
210 |
|
.equals(reference.extractReference(EntityType.WIKI))) { |
211 |
|
|
212 |
|
|
213 |
|
|
214 |
175 |
access.deny(right); |
215 |
|
} else { |
216 |
23747 |
access.set(right, right.getDefaultState()); |
217 |
|
} |
218 |
|
} |
219 |
|
} |
220 |
|
|
221 |
2452 |
return access; |
222 |
|
} |
223 |
|
|
224 |
|
|
225 |
|
|
226 |
|
@param |
227 |
|
@param |
228 |
|
@param |
229 |
|
@param |
230 |
|
@return |
231 |
|
|
232 |
|
protected abstract XWikiSecurityAccess settle(UserSecurityReference user, Collection<GroupSecurityReference> groups, |
233 |
|
SecurityRuleEntry entry, Policies policies); |
234 |
|
|
235 |
|
|
236 |
|
|
237 |
|
@param |
238 |
|
@param |
239 |
|
@param |
240 |
|
@param |
241 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (14) |
Complexity: 5 |
Complexity Density: 0.62 |
|
242 |
6371 |
protected void merge(SecurityAccess currentAccess, XWikiSecurityAccess access,... |
243 |
|
SecurityReference reference, Policies policies) |
244 |
|
{ |
245 |
6371 |
for (Right right : Right.getEnabledRights(reference.getSecurityType())) { |
246 |
|
|
247 |
51101 |
if (currentAccess.get(right) == RuleState.UNDETERMINED) { |
248 |
44289 |
continue; |
249 |
|
} |
250 |
6812 |
if (access.get(right) == RuleState.UNDETERMINED) { |
251 |
6044 |
access.set(right, currentAccess.get(right)); |
252 |
6044 |
continue; |
253 |
|
} |
254 |
768 |
if (currentAccess.get(right) == RuleState.ALLOW && !policies.getInheritanceOverridePolicy(right)) { |
255 |
173 |
access.allow(right); |
256 |
|
} |
257 |
|
} |
258 |
|
} |
259 |
|
} |