1. Project Clover database Tue Dec 20 2016 21:24:09 CET
  2. Package org.xwiki.security.authorization.internal

File AbstractAuthorizationSettler.java

 

Coverage histogram

../../../../../img/srcFileCovDistChart10.png
0% of files have more coverage

Code metrics

24
48
11
3
259
139
28
0.58
4.36
3.67
2.55

Classes

Class Line # Actions
AbstractAuthorizationSettler 43 25 0% 14 0
1.0100%
AbstractAuthorizationSettler.InternalSecurityAccessEntry 57 6 0% 4 0
1.0100%
AbstractAuthorizationSettler.Policies 103 17 0% 10 0
1.0100%
 

Contributing tests

No tests hitting this source file were found.

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package org.xwiki.security.authorization.internal;
21   
22    import java.util.Collection;
23    import java.util.Deque;
24    import java.util.Set;
25   
26    import org.xwiki.model.EntityType;
27    import org.xwiki.security.GroupSecurityReference;
28    import org.xwiki.security.SecurityReference;
29    import org.xwiki.security.UserSecurityReference;
30    import org.xwiki.security.authorization.AuthorizationSettler;
31    import org.xwiki.security.authorization.Right;
32    import org.xwiki.security.authorization.RightSet;
33    import org.xwiki.security.authorization.RuleState;
34    import org.xwiki.security.authorization.SecurityAccess;
35    import org.xwiki.security.authorization.SecurityAccessEntry;
36    import org.xwiki.security.authorization.SecurityRuleEntry;
37   
38    /**
39    * Abstract super class for right resolvers.
40    * @version $Id: 5ee96de6b6337fdb5a1d91de43f79fdf9ce7e3ec $
41    * @since 4.0M2
42    */
 
43    abstract class AbstractAuthorizationSettler implements AuthorizationSettler
44    {
45    /** Cache the initial tie resolution. */
46    private static RightSet initialAllowTie;
47   
48    /** Cache the initial no override inheritance policy. */
49    private static RightSet initialNoOverride;
50   
51    /** The initial policy size. Check to update initial policies if a new Right is added. */
52    private static int initialPolicySize;
53   
54    /**
55    * Private implementation of the {@link SecurityAccessEntry}.
56    */
 
57    private final class InternalSecurityAccessEntry extends AbstractSecurityAccessEntry
58    {
59    /** User reference. */
60    private final UserSecurityReference userReference;
61   
62    /** Entity reference. */
63    private final SecurityReference reference;
64   
65    /** Security access. */
66    private final SecurityAccess access;
67   
68    /**
69    * @param user User reference
70    * @param reference Entity reference
71    * @param access access
72    */
 
73  2452 toggle InternalSecurityAccessEntry(UserSecurityReference user, SecurityReference reference,
74    SecurityAccess access)
75    {
76  2452 this.userReference = user;
77  2452 this.reference = reference;
78  2452 this.access = access;
79    }
80   
 
81  8648 toggle @Override
82    public UserSecurityReference getUserReference()
83    {
84  8648 return this.userReference;
85    }
86   
 
87  62768 toggle @Override
88    public SecurityAccess getAccess()
89    {
90  62768 return this.access;
91    }
92   
 
93  8966 toggle @Override
94    public SecurityReference getReference()
95    {
96  8966 return this.reference;
97    }
98    }
99   
100    /**
101    * Current policies helper.
102    */
 
103    protected final class Policies
104    {
105    /** Current right which has an allow tie. */
106    private Set<Right> allowTie;
107   
108    /** Current right which has an no override inheritance policy. */
109    private Set<Right> noOverride;
110   
111    /**
112    * Create Policies based on default initial policies.
113    */
 
114  2452 toggle Policies() {
115  2452 try {
116  2452 if (initialAllowTie == null || Right.size() != initialPolicySize) {
117  36 initialPolicySize = Right.size();
118  36 allowTie = new RightSet();
119  36 noOverride = new RightSet();
120  36 for (Right right : Right.values()) {
121  453 set(right, right);
122    }
123  36 initialAllowTie = ((RightSet) allowTie).clone();
124  36 initialNoOverride = ((RightSet) noOverride).clone();
125    } else {
126  2416 allowTie = initialAllowTie.clone();
127  2416 noOverride = initialNoOverride.clone();
128    }
129    } catch (CloneNotSupportedException ignored) {
130    // unexpected
131    }
132    }
133   
134    /**
135    * Set the current tie and inheritance policy of an implied right
136    * to the policies of the original right.
137    * Once allowed, the resolution policy could not be denied.
138    * Once a no override policy set, it could not be revoked.
139    *
140    * @param impliedRight the implied right to set
141    * @param originalRight the original right to get
142    */
 
143  1430 toggle public void set(Right impliedRight, Right originalRight) {
144  1430 if (originalRight.getTieResolutionPolicy() == RuleState.ALLOW) {
145  960 allowTie.add(impliedRight);
146    }
147  1430 if (!originalRight.getInheritanceOverridePolicy()) {
148  924 noOverride.add(impliedRight);
149    }
150    }
151   
152    /**
153    * @param right the right to check.
154    * @return the current tie resolution policy of this right.
155    */
 
156  197 toggle public RuleState getTieResolutionPolicy(Right right) {
157  197 return (allowTie.contains(right)) ? RuleState.ALLOW : RuleState.DENY;
158    }
159   
160    /**
161    * @param right the right to check.
162    * @return the current tie resolution policy of this right.
163    */
 
164  323 toggle public boolean getInheritanceOverridePolicy(Right right) {
165  323 return !noOverride.contains(right);
166    }
167    }
168   
 
169  2452 toggle @Override
170    public SecurityAccessEntry settle(UserSecurityReference user,
171    Collection<GroupSecurityReference> groups, Deque<SecurityRuleEntry> ruleEntries)
172    {
173  2452 XWikiSecurityAccess access = new XWikiSecurityAccess();
174  2452 SecurityReference reference = null;
175   
176  2452 Policies policies = new Policies();
177   
178  2452 for (SecurityRuleEntry entry : ruleEntries) {
179  7355 if (!entry.isEmpty()) {
180    // Chose the highest possible level to store the resulting access
181  6371 if (reference == null) {
182  2446 reference = entry.getReference();
183    }
184    // Compute access of this level and merge it with previous access result
185  6371 merge(settle(user, groups, entry, policies), access, entry.getReference(), policies);
186    }
187  7355 if (reference == null && entry.getReference().getType() == EntityType.WIKI) {
188  6 reference = entry.getReference();
189    }
190    }
191   
192    // Apply defaults and return the resulting access entry
193  2452 return new InternalSecurityAccessEntry(user, reference, applyDefaults(user, reference, access));
194    }
195   
196    /**
197    * Apply default values for undetermined rights.
198    *
199    * @param user The user, whose rights are to be determined.
200    * @param reference The entity, which the user wants to access.
201    * @param access The accumulated access result (modified and returned).
202    * @return the accumulated access result.
203    */
 
204  2452 toggle protected XWikiSecurityAccess applyDefaults(UserSecurityReference user, SecurityReference reference,
205    XWikiSecurityAccess access)
206    {
207  2452 for (Right right : Right.values()) {
208  29966 if (access.get(right) == RuleState.UNDETERMINED) {
209  23922 if (!user.isGlobal() && !user.getOriginalReference().getWikiReference()
210    .equals(reference.extractReference(EntityType.WIKI))) {
211    /*
212    * Deny all by default for users from another wiki.
213    */
214  175 access.deny(right);
215    } else {
216  23747 access.set(right, right.getDefaultState());
217    }
218    }
219    }
220   
221  2452 return access;
222    }
223   
224    /**
225    * Compute the access of a particular document hierarchy level.
226    * @param user The user.
227    * @param groups The groups where the user is a member.
228    * @param entry The security entry to settle.
229    * @param policies the current security policies.
230    * @return the resulting access for the user/group based on the given rules.
231    */
232    protected abstract XWikiSecurityAccess settle(UserSecurityReference user, Collection<GroupSecurityReference> groups,
233    SecurityRuleEntry entry, Policies policies);
234   
235    /**
236    * Merge the current access with the result from previous ones.
237    * @param currentAccess The access computed at the current entity in the document hierarchy.
238    * @param access The resulting access previously computed (modified and returned).
239    * @param reference the current entity in the document hierarchy.
240    * @param policies the current security policies.
241    */
 
242  6371 toggle protected void merge(SecurityAccess currentAccess, XWikiSecurityAccess access,
243    SecurityReference reference, Policies policies)
244    {
245  6371 for (Right right : Right.getEnabledRights(reference.getSecurityType())) {
246    // Skip undetermined rights
247  51101 if (currentAccess.get(right) == RuleState.UNDETERMINED) {
248  44289 continue;
249    }
250  6812 if (access.get(right) == RuleState.UNDETERMINED) {
251  6044 access.set(right, currentAccess.get(right));
252  6044 continue;
253    }
254  768 if (currentAccess.get(right) == RuleState.ALLOW && !policies.getInheritanceOverridePolicy(right)) {
255  173 access.allow(right);
256    }
257    }
258    }
259    }