1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
|
18 |
|
|
19 |
|
|
20 |
|
package org.xwiki.security.authorization.internal; |
21 |
|
|
22 |
|
import java.util.ArrayList; |
23 |
|
import java.util.Collection; |
24 |
|
import java.util.Collections; |
25 |
|
import java.util.List; |
26 |
|
import java.util.Set; |
27 |
|
|
28 |
|
import javax.inject.Inject; |
29 |
|
import javax.inject.Named; |
30 |
|
import javax.inject.Singleton; |
31 |
|
|
32 |
|
import org.xwiki.component.annotation.Component; |
33 |
|
import org.xwiki.context.Execution; |
34 |
|
import org.xwiki.model.EntityType; |
35 |
|
import org.xwiki.model.reference.DocumentReference; |
36 |
|
import org.xwiki.model.reference.DocumentReferenceResolver; |
37 |
|
import org.xwiki.model.reference.SpaceReference; |
38 |
|
import org.xwiki.model.reference.WikiReference; |
39 |
|
import org.xwiki.security.SecurityReference; |
40 |
|
import org.xwiki.security.authorization.AuthorizationException; |
41 |
|
import org.xwiki.security.authorization.EntityTypeNotSupportedException; |
42 |
|
import org.xwiki.security.authorization.Right; |
43 |
|
import org.xwiki.security.authorization.RightSet; |
44 |
|
import org.xwiki.security.authorization.RuleState; |
45 |
|
import org.xwiki.security.authorization.SecurityEntryReader; |
46 |
|
import org.xwiki.security.authorization.SecurityRule; |
47 |
|
import org.xwiki.security.authorization.SecurityRuleEntry; |
48 |
|
import org.xwiki.security.internal.XWikiConstants; |
49 |
|
|
50 |
|
import com.xpn.xwiki.XWikiContext; |
51 |
|
import com.xpn.xwiki.XWikiException; |
52 |
|
import com.xpn.xwiki.doc.XWikiDocument; |
53 |
|
import com.xpn.xwiki.objects.BaseObject; |
54 |
|
|
55 |
|
|
56 |
|
|
57 |
|
|
58 |
|
@version |
59 |
|
@since |
60 |
|
|
61 |
|
@Component |
62 |
|
@Singleton |
|
|
| 92.7% |
Uncovered Elements: 8 (109) |
Complexity: 29 |
Complexity Density: 0.38 |
|
63 |
|
public class DefaultSecurityEntryReader implements SecurityEntryReader |
64 |
|
{ |
65 |
|
|
66 |
|
private static final SecurityRule DENY_EDIT = new AllowEditToNoOneRule(); |
67 |
|
|
68 |
|
|
69 |
|
private static final Set<Right> MAINWIKIOWNER_RIGHTS = new RightSet(Right.PROGRAM); |
70 |
|
|
71 |
|
|
72 |
|
private static final Set<Right> OWNER_RIGHTS = new RightSet(Right.ADMIN); |
73 |
|
|
74 |
|
|
75 |
|
private static final Set<Right> CREATOR_RIGHTS = new RightSet(Right.CREATOR); |
76 |
|
|
77 |
|
|
78 |
|
@Inject |
79 |
|
@Named("user") |
80 |
|
private DocumentReferenceResolver<String> resolver; |
81 |
|
|
82 |
|
|
83 |
|
@Inject |
84 |
|
private Execution execution; |
85 |
|
|
86 |
|
|
87 |
|
@return |
88 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
89 |
3334 |
private XWikiContext getXWikiContext() {... |
90 |
3334 |
return ((XWikiContext) execution.getContext().getProperty(XWikiContext.EXECUTIONCONTEXT_KEY)); |
91 |
|
} |
92 |
|
|
93 |
|
|
94 |
|
|
95 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (7) |
Complexity: 3 |
Complexity Density: 0.75 |
|
96 |
|
private final class InternalSecurityRuleEntry extends AbstractSecurityRuleEntry |
97 |
|
{ |
98 |
|
|
99 |
|
private final SecurityReference reference; |
100 |
|
|
101 |
|
|
102 |
|
private final Collection<SecurityRule> rules; |
103 |
|
|
104 |
|
|
105 |
|
@param |
106 |
|
@param |
107 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (2) |
Complexity: 1 |
Complexity Density: 0.5 |
|
108 |
2060 |
private InternalSecurityRuleEntry(SecurityReference reference, Collection<SecurityRule> rules)... |
109 |
|
{ |
110 |
2061 |
this.reference = reference; |
111 |
2061 |
this.rules = Collections.unmodifiableCollection(rules); |
112 |
|
} |
113 |
|
|
114 |
|
|
115 |
|
@return |
116 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
117 |
25887 |
@Override... |
118 |
|
public SecurityReference getReference() |
119 |
|
{ |
120 |
25887 |
return reference; |
121 |
|
} |
122 |
|
|
123 |
|
|
124 |
|
@return |
125 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
126 |
125037 |
@Override... |
127 |
|
public Collection<SecurityRule> getRules() |
128 |
|
{ |
129 |
125038 |
return rules; |
130 |
|
} |
131 |
|
} |
132 |
|
|
133 |
|
|
134 |
|
|
135 |
|
|
136 |
|
@param |
137 |
|
@return |
138 |
|
@throws |
139 |
|
|
140 |
|
|
|
|
| 80.6% |
Uncovered Elements: 6 (31) |
Complexity: 6 |
Complexity Density: 0.22 |
|
141 |
2062 |
@Override... |
142 |
|
public SecurityRuleEntry read(SecurityReference entity) throws AuthorizationException |
143 |
|
{ |
144 |
2060 |
if (entity == null) { |
145 |
0 |
return null; |
146 |
|
} |
147 |
|
|
148 |
2062 |
if (entity.getOriginalReference() == null) { |
149 |
|
|
150 |
|
|
151 |
0 |
return new InternalSecurityRuleEntry(entity, Collections.<SecurityRule>emptyList()); |
152 |
|
} |
153 |
|
|
154 |
2061 |
DocumentReference documentReference; |
155 |
2062 |
DocumentReference classReference; |
156 |
2062 |
WikiReference wikiReference; |
157 |
|
|
158 |
2061 |
switch (entity.getType()) { |
159 |
151 |
case WIKI: |
160 |
151 |
wikiReference = new WikiReference(entity); |
161 |
150 |
SpaceReference wikiSpace = new SpaceReference(XWikiConstants.XWIKI_SPACE, wikiReference); |
162 |
151 |
documentReference = new DocumentReference(XWikiConstants.WIKI_DOC, wikiSpace); |
163 |
151 |
classReference = new DocumentReference(XWikiConstants.GLOBAL_CLASSNAME, wikiSpace); |
164 |
151 |
break; |
165 |
487 |
case SPACE: |
166 |
487 |
wikiReference = new WikiReference(entity.extractReference(EntityType.WIKI)); |
167 |
487 |
documentReference = new DocumentReference(XWikiConstants.SPACE_DOC, new SpaceReference(entity)); |
168 |
487 |
classReference = new DocumentReference(XWikiConstants.GLOBAL_CLASSNAME, |
169 |
|
new SpaceReference(XWikiConstants.XWIKI_SPACE, wikiReference)); |
170 |
487 |
break; |
171 |
1424 |
case DOCUMENT: |
172 |
1424 |
wikiReference = new WikiReference(entity.extractReference(EntityType.WIKI)); |
173 |
1424 |
documentReference = new DocumentReference(entity); |
174 |
1423 |
classReference = new DocumentReference(XWikiConstants.LOCAL_CLASSNAME, |
175 |
|
new SpaceReference(XWikiConstants.XWIKI_SPACE, wikiReference)); |
176 |
1424 |
break; |
177 |
0 |
default: |
178 |
0 |
throw new EntityTypeNotSupportedException(entity.getType(), this); |
179 |
|
} |
180 |
|
|
181 |
2062 |
return new InternalSecurityRuleEntry(entity, |
182 |
|
getSecurityRules(documentReference, classReference, wikiReference)); |
183 |
|
} |
184 |
|
|
185 |
|
|
186 |
|
|
187 |
|
@param |
188 |
|
@return |
189 |
|
@throws |
190 |
|
|
|
|
| 88.9% |
Uncovered Elements: 1 (9) |
Complexity: 4 |
Complexity Density: 0.57 |
|
191 |
2059 |
private XWikiDocument getDocument(DocumentReference documentReference) throws AuthorizationException... |
192 |
|
{ |
193 |
2060 |
XWikiContext context = getXWikiContext(); |
194 |
|
|
195 |
2062 |
try { |
196 |
2061 |
XWikiDocument doc = context.getWiki().getDocument(documentReference, context); |
197 |
2060 |
if (doc == null || doc.isNew()) { |
198 |
1137 |
return null; |
199 |
|
} |
200 |
924 |
return doc; |
201 |
|
} catch (XWikiException e) { |
202 |
0 |
throw new AuthorizationException(documentReference, |
203 |
|
"Could not retrieve the document to check security access", e); |
204 |
|
} |
205 |
|
} |
206 |
|
|
207 |
|
|
208 |
|
@param |
209 |
|
@return |
210 |
|
@throws |
211 |
|
|
|
|
| 90% |
Uncovered Elements: 1 (10) |
Complexity: 3 |
Complexity Density: 0.38 |
|
212 |
638 |
private DocumentReference getWikiOwner(WikiReference wikiReference) throws AuthorizationException... |
213 |
|
{ |
214 |
638 |
XWikiContext context = getXWikiContext(); |
215 |
638 |
String wikiOwner; |
216 |
638 |
try { |
217 |
638 |
wikiOwner = context.getWiki().getWikiOwner(wikiReference.getName(), context); |
218 |
|
} catch (XWikiException e) { |
219 |
0 |
throw new AuthorizationException(wikiReference, |
220 |
|
"Could not retrieve the owner of this wiki", e); |
221 |
|
} |
222 |
|
|
223 |
638 |
if (wikiOwner == null) { |
224 |
4 |
return null; |
225 |
|
} |
226 |
|
|
227 |
634 |
return resolver.resolve(wikiOwner, wikiReference); |
228 |
|
} |
229 |
|
|
230 |
|
|
231 |
|
|
232 |
|
@param |
233 |
|
@param |
234 |
|
@param |
235 |
|
@return |
236 |
|
@throws |
237 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (22) |
Complexity: 5 |
Complexity Density: 0.31 |
|
238 |
2060 |
private Collection<SecurityRule> getSecurityRules(DocumentReference documentReference,... |
239 |
|
DocumentReference classReference, WikiReference wikiReference) throws AuthorizationException |
240 |
|
{ |
241 |
2060 |
boolean isGlobalRightsReference = isGlobalRightsReference(documentReference); |
242 |
2062 |
boolean isGlobalRightRequested = classReference.getName().equals(XWikiConstants.GLOBAL_CLASSNAME); |
243 |
2061 |
XWikiDocument doc = getDocument(documentReference); |
244 |
|
|
245 |
|
|
246 |
2061 |
List<SecurityRule> securityRules = |
247 |
|
getImpliedRules(documentReference, doc, isGlobalRightsReference, isGlobalRightRequested); |
248 |
|
|
249 |
2061 |
if (doc == null) { |
250 |
1138 |
return securityRules; |
251 |
|
} |
252 |
|
|
253 |
|
|
254 |
924 |
List<BaseObject> baseObjects = doc.getXObjects(classReference); |
255 |
924 |
if (baseObjects != null) { |
256 |
219 |
for (BaseObject obj : baseObjects) { |
257 |
251 |
if (obj != null) { |
258 |
243 |
SecurityRule rule; |
259 |
243 |
try { |
260 |
|
|
261 |
|
|
262 |
243 |
rule = XWikiSecurityRule.createNewRule(obj, resolver, wikiReference, |
263 |
|
isGlobalRightsReference && !isGlobalRightRequested); |
264 |
|
} catch (IllegalArgumentException e) { |
265 |
|
|
266 |
2 |
continue; |
267 |
|
} |
268 |
241 |
securityRules.add(rule); |
269 |
|
} |
270 |
|
} |
271 |
|
} |
272 |
|
|
273 |
924 |
return securityRules; |
274 |
|
} |
275 |
|
|
276 |
|
|
277 |
|
|
278 |
|
@param |
279 |
|
@param |
280 |
|
@param |
281 |
|
@param |
282 |
|
@return |
283 |
|
@throws |
284 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (28) |
Complexity: 9 |
Complexity Density: 0.56 |
|
285 |
2061 |
private List<SecurityRule> getImpliedRules(DocumentReference documentReference, XWikiDocument document,... |
286 |
|
boolean isGlobalRightsReference, boolean isGlobalRightRequested) throws AuthorizationException |
287 |
|
{ |
288 |
2061 |
List<SecurityRule> rules = new ArrayList<SecurityRule>(); |
289 |
|
|
290 |
2061 |
if (isGlobalRightsReference) { |
291 |
810 |
if (isGlobalRightRequested) { |
292 |
638 |
WikiReference documentWiki = documentReference.getWikiReference(); |
293 |
638 |
DocumentReference owner = getWikiOwner(documentWiki); |
294 |
638 |
if (owner != null) { |
295 |
634 |
XWikiContext context = getXWikiContext(); |
296 |
|
|
297 |
|
|
298 |
634 |
if (context.isMainWiki(documentWiki.getName())) { |
299 |
616 |
rules.add(new XWikiSecurityRule(MAINWIKIOWNER_RIGHTS, RuleState.ALLOW, Collections.singleton(owner), null)); |
300 |
|
} else { |
301 |
18 |
rules.add(new XWikiSecurityRule(OWNER_RIGHTS, RuleState.ALLOW, Collections.singleton(owner), null)); |
302 |
|
} |
303 |
|
} |
304 |
|
} else { |
305 |
|
|
306 |
172 |
rules.add(DENY_EDIT); |
307 |
|
} |
308 |
|
} |
309 |
|
|
310 |
2060 |
if (!isGlobalRightRequested && document != null) { |
311 |
760 |
DocumentReference creator = document.getCreatorReference(); |
312 |
|
|
313 |
|
|
314 |
761 |
if (creator != null && !XWikiConstants.GUEST_USER.equals(creator.getName())) { |
315 |
750 |
rules.add(new XWikiSecurityRule(CREATOR_RIGHTS, RuleState.ALLOW, Collections.singleton(creator), null)); |
316 |
|
} |
317 |
|
} |
318 |
|
|
319 |
2060 |
return rules; |
320 |
|
} |
321 |
|
|
322 |
|
|
323 |
|
|
324 |
|
|
325 |
|
|
326 |
|
@param |
327 |
|
@return |
328 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
329 |
2062 |
private boolean isGlobalRightsReference(DocumentReference documentReference) {... |
330 |
2062 |
return (XWikiConstants.SPACE_DOC.equals(documentReference.getName()) |
331 |
|
|| (XWikiConstants.WIKI_DOC.equals(documentReference.getName()) |
332 |
|
&& XWikiConstants.XWIKI_SPACE.equals(documentReference.getParent().getName()))); |
333 |
|
} |
334 |
|
} |
335 |
|
|