1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
|
18 |
|
|
19 |
|
|
20 |
|
package org.xwiki.security.authorization.internal; |
21 |
|
|
22 |
|
import java.util.HashMap; |
23 |
|
import java.util.List; |
24 |
|
|
25 |
|
import org.slf4j.Logger; |
26 |
|
import org.slf4j.LoggerFactory; |
27 |
|
import org.xwiki.model.reference.DocumentReference; |
28 |
|
import org.xwiki.model.reference.DocumentReferenceResolver; |
29 |
|
import org.xwiki.model.reference.EntityReference; |
30 |
|
import org.xwiki.model.reference.WikiReference; |
31 |
|
import org.xwiki.rendering.transformation.RenderingContext; |
32 |
|
import org.xwiki.security.authorization.AuthorizationManager; |
33 |
|
import org.xwiki.security.authorization.ContextualAuthorizationManager; |
34 |
|
import org.xwiki.security.authorization.Right; |
35 |
|
import org.xwiki.security.internal.XWikiConstants; |
36 |
|
|
37 |
|
import com.xpn.xwiki.XWikiContext; |
38 |
|
import com.xpn.xwiki.XWikiException; |
39 |
|
import com.xpn.xwiki.doc.XWikiDocument; |
40 |
|
import com.xpn.xwiki.user.api.XWikiRightService; |
41 |
|
import com.xpn.xwiki.user.api.XWikiUser; |
42 |
|
import com.xpn.xwiki.web.Utils; |
43 |
|
|
44 |
|
|
45 |
|
|
46 |
|
@version |
47 |
|
@since |
48 |
|
|
|
|
| 66.7% |
Uncovered Elements: 30 (90) |
Complexity: 36 |
Complexity Density: 0.65 |
|
49 |
|
public class XWikiCachingRightService implements XWikiRightService |
50 |
|
{ |
51 |
|
|
52 |
|
private static final Logger LOGGER = LoggerFactory.getLogger(XWikiCachingRightService.class); |
53 |
|
|
54 |
|
|
55 |
|
private static final String DELETE_ACTION = "delete"; |
56 |
|
|
57 |
|
|
58 |
|
private static final String LOGIN_ACTION = "login"; |
59 |
|
|
60 |
|
|
61 |
|
|
62 |
|
|
63 |
|
private static final ActionMap ACTION_MAP = new ActionMap(); |
64 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
65 |
39 |
static {... |
66 |
39 |
ACTION_MAP |
67 |
|
.putAction(LOGIN_ACTION, Right.LOGIN) |
68 |
|
.putAction("imagecaptcha", Right.LOGIN) |
69 |
|
.putAction("view", Right.VIEW) |
70 |
|
.putAction(DELETE_ACTION, Right.DELETE) |
71 |
|
.putAction("distribution", Right.VIEW) |
72 |
|
.putAction("admin", Right.ADMIN) |
73 |
|
.putAction("programming", Right.PROGRAM) |
74 |
|
.putAction("edit", Right.EDIT) |
75 |
|
.putAction("register", Right.REGISTER) |
76 |
|
.putAction("logout", Right.LOGIN) |
77 |
|
.putAction("loginerror", Right.LOGIN) |
78 |
|
.putAction("loginsubmit", Right.LOGIN) |
79 |
|
.putAction("viewrev", Right.VIEW) |
80 |
|
.putAction("viewattachrev", Right.VIEW) |
81 |
|
.putAction("get", Right.VIEW) |
82 |
|
.putAction("downloadrev", Right.VIEW) |
83 |
|
.putAction("plain", Right.VIEW) |
84 |
|
.putAction("raw", Right.VIEW) |
85 |
|
.putAction("attach", Right.VIEW) |
86 |
|
.putAction("charting", Right.VIEW) |
87 |
|
.putAction("skin", Right.VIEW) |
88 |
|
.putAction("download", Right.VIEW) |
89 |
|
.putAction("dot", Right.VIEW) |
90 |
|
.putAction("svg", Right.VIEW) |
91 |
|
.putAction("pdf", Right.VIEW) |
92 |
|
|
93 |
|
|
94 |
|
|
95 |
|
.putAction("undelete", Right.EDIT) |
96 |
|
.putAction("reset", Right.DELETE) |
97 |
|
.putAction("commentadd", Right.COMMENT) |
98 |
|
.putAction("commentsave", Right.COMMENT) |
99 |
|
.putAction("redirect", Right.VIEW) |
100 |
|
.putAction("export", Right.VIEW) |
101 |
|
.putAction("import", Right.ADMIN) |
102 |
|
.putAction("jsx", Right.VIEW) |
103 |
|
.putAction("ssx", Right.VIEW) |
104 |
|
.putAction("tex", Right.VIEW) |
105 |
|
.putAction("unknown", Right.VIEW) |
106 |
|
.putAction("save", Right.EDIT) |
107 |
|
.putAction("preview", Right.EDIT) |
108 |
|
.putAction("lock", Right.EDIT) |
109 |
|
.putAction("cancel", Right.EDIT) |
110 |
|
.putAction("delattachment", Right.EDIT) |
111 |
|
.putAction("inline", Right.EDIT) |
112 |
|
.putAction("propadd", Right.EDIT) |
113 |
|
.putAction("propupdate", Right.EDIT) |
114 |
|
.putAction("propdelete", Right.EDIT) |
115 |
|
.putAction("propdisable", Right.EDIT) |
116 |
|
.putAction("propenable", Right.EDIT) |
117 |
|
.putAction("objectadd", Right.EDIT) |
118 |
|
.putAction("objectremove", Right.EDIT) |
119 |
|
.putAction("objectsync", Right.EDIT) |
120 |
|
.putAction("rollback", Right.EDIT) |
121 |
|
.putAction("upload", Right.EDIT) |
122 |
|
.putAction("create", Right.VIEW) |
123 |
|
.putAction("deleteversions", Right.ADMIN) |
124 |
|
.putAction("deletespace", Right.ADMIN) |
125 |
|
.putAction("temp", Right.VIEW) |
126 |
|
.putAction("webjars", Right.VIEW); |
127 |
|
} |
128 |
|
|
129 |
|
|
130 |
|
@SuppressWarnings("unchecked") |
131 |
|
private DocumentReferenceResolver<String> documentReferenceResolver |
132 |
|
= Utils.getComponent(DocumentReferenceResolver.TYPE_STRING, "currentmixed"); |
133 |
|
|
134 |
|
|
135 |
|
@SuppressWarnings("unchecked") |
136 |
|
private DocumentReferenceResolver<String> userAndGroupReferenceResolver |
137 |
|
= Utils.getComponent(DocumentReferenceResolver.TYPE_STRING, "user"); |
138 |
|
|
139 |
|
|
140 |
|
private final RenderingContext renderingContext |
141 |
|
= Utils.getComponent(RenderingContext.class); |
142 |
|
|
143 |
|
|
144 |
|
private final AuthorizationManager authorizationManager |
145 |
|
= Utils.getComponent(AuthorizationManager.class); |
146 |
|
|
147 |
|
|
148 |
|
private final ContextualAuthorizationManager contextualAuthorizationManager |
149 |
|
= Utils.getComponent(ContextualAuthorizationManager.class); |
150 |
|
|
151 |
|
|
152 |
|
|
153 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (3) |
Complexity: 1 |
Complexity Density: 0.5 |
|
154 |
|
private static class ActionMap extends HashMap<String, Right> |
155 |
|
{ |
156 |
|
|
157 |
|
private static final long serialVersionUID = 1; |
158 |
|
|
159 |
|
|
160 |
|
@param |
161 |
|
@param |
162 |
|
@return |
163 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (2) |
Complexity: 1 |
Complexity Density: 0.5 |
|
164 |
2223 |
public ActionMap putAction(String action, Right right)... |
165 |
|
{ |
166 |
2223 |
put(action, right); |
167 |
2223 |
return this; |
168 |
|
} |
169 |
|
} |
170 |
|
|
171 |
|
|
172 |
|
|
173 |
|
@param |
174 |
|
@return |
175 |
|
|
176 |
|
|
|
|
| 66.7% |
Uncovered Elements: 2 (6) |
Complexity: 2 |
Complexity Density: 0.5 |
|
177 |
10560 |
public static Right actionToRight(String action)... |
178 |
|
{ |
179 |
10560 |
Right right = ACTION_MAP.get(action); |
180 |
10550 |
if (right == null) { |
181 |
0 |
return Right.ILLEGAL; |
182 |
|
} |
183 |
10547 |
return right; |
184 |
|
} |
185 |
|
|
186 |
|
|
187 |
|
@param |
188 |
|
@param |
189 |
|
@return |
190 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
191 |
64445 |
private DocumentReference resolveUserName(String username, WikiReference wikiReference)... |
192 |
|
{ |
193 |
64442 |
return userAndGroupReferenceResolver.resolve(username, wikiReference); |
194 |
|
} |
195 |
|
|
196 |
|
|
197 |
|
@param |
198 |
|
@param |
199 |
|
|
200 |
|
@return |
201 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
202 |
56345 |
private DocumentReference resolveDocumentName(String docname, WikiReference wikiReference)... |
203 |
|
{ |
204 |
56344 |
return documentReferenceResolver.resolve(docname, wikiReference); |
205 |
|
} |
206 |
|
|
207 |
|
|
208 |
|
|
209 |
|
@param |
210 |
|
|
|
|
| 0% |
Uncovered Elements: 6 (6) |
Complexity: 5 |
Complexity Density: 1.25 |
|
211 |
0 |
private void showLogin(XWikiContext context)... |
212 |
|
{ |
213 |
0 |
try { |
214 |
0 |
if (context.getRequest() != null |
215 |
|
|
216 |
|
|
217 |
|
|
218 |
|
|
219 |
|
|
220 |
|
|
221 |
|
&& !LOGIN_ACTION.equals(context.getAction()) |
222 |
|
&& !context.getWiki().Param("xwiki.hidelogin", "false").equalsIgnoreCase("true")) { |
223 |
0 |
context.getWiki().getAuthService().showLogin(context); |
224 |
|
} |
225 |
|
} catch (XWikiException e) { |
226 |
0 |
LOGGER.error("Failed to show login page.", e); |
227 |
|
} |
228 |
|
} |
229 |
|
|
230 |
|
|
231 |
|
|
232 |
|
|
233 |
|
@param |
234 |
|
|
|
|
| 85% |
Uncovered Elements: 3 (20) |
Complexity: 10 |
Complexity Density: 0.83 |
|
235 |
10550 |
private void authenticateUser(XWikiContext context)... |
236 |
|
{ |
237 |
10552 |
DocumentReference contextUserReference = context.getUserReference(); |
238 |
10545 |
DocumentReference userReference = contextUserReference; |
239 |
|
|
240 |
10553 |
if (userReference == null && context.getMode() != XWikiContext.MODE_XMLRPC) { |
241 |
8417 |
try { |
242 |
8416 |
XWikiUser user = context.getWiki().checkAuth(context); |
243 |
8419 |
if (user != null) { |
244 |
8098 |
userReference = resolveUserName(user.getUser(), new WikiReference(context.getWikiId())); |
245 |
|
} |
246 |
|
} catch (XWikiException e) { |
247 |
0 |
LOGGER.error("Caught exception while authenticating user.", e); |
248 |
|
} |
249 |
|
} |
250 |
|
|
251 |
10559 |
if (userReference != null && XWikiConstants.GUEST_USER.equals(userReference.getName())) { |
252 |
|
|
253 |
|
|
254 |
0 |
userReference = null; |
255 |
|
} |
256 |
|
|
257 |
10558 |
if (userReference != contextUserReference |
258 |
|
&& (userReference == null || !userReference.equals(contextUserReference))) { |
259 |
8105 |
context.setUserReference(userReference); |
260 |
|
} |
261 |
|
} |
262 |
|
|
|
|
| 78.6% |
Uncovered Elements: 3 (14) |
Complexity: 5 |
Complexity Density: 0.5 |
|
263 |
10561 |
@Override... |
264 |
|
public boolean checkAccess(String action, XWikiDocument doc, XWikiContext context) |
265 |
|
throws XWikiException |
266 |
|
{ |
267 |
10556 |
Right right = actionToRight(action); |
268 |
10552 |
EntityReference entityReference = doc.getDocumentReference(); |
269 |
|
|
270 |
10551 |
LOGGER.debug("checkAccess for action [{}] on entity [{}].", right, entityReference); |
271 |
|
|
272 |
10556 |
authenticateUser(context); |
273 |
|
|
274 |
10555 |
if (contextualAuthorizationManager.hasAccess(right, entityReference)) { |
275 |
10546 |
return true; |
276 |
|
} |
277 |
|
|
278 |
|
|
279 |
|
|
280 |
|
|
281 |
|
|
282 |
|
|
283 |
|
|
284 |
6 |
if (context.getUserReference() == null && !DELETE_ACTION.equals(action) && !LOGIN_ACTION.equals(action)) { |
285 |
0 |
LOGGER.debug("Redirecting unauthenticated user to login, since it have been denied [{}] on [{}].", |
286 |
|
right, entityReference); |
287 |
0 |
showLogin(context); |
288 |
|
} |
289 |
|
|
290 |
6 |
return false; |
291 |
|
} |
292 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (10) |
Complexity: 3 |
Complexity Density: 0.38 |
|
293 |
56345 |
@Override... |
294 |
|
public boolean hasAccessLevel(String rightName, String username, String docname, XWikiContext context) |
295 |
|
throws XWikiException |
296 |
|
{ |
297 |
56344 |
WikiReference wikiReference = new WikiReference(context.getWikiId()); |
298 |
56345 |
DocumentReference document = resolveDocumentName(docname, wikiReference); |
299 |
56342 |
LOGGER.debug("hasAccessLevel() resolved document named [{}] into reference [{}]", docname, document); |
300 |
56342 |
DocumentReference user = resolveUserName(username, wikiReference); |
301 |
|
|
302 |
56343 |
if (user != null && XWikiConstants.GUEST_USER.equals(user.getName())) { |
303 |
|
|
304 |
3518 |
user = null; |
305 |
|
} |
306 |
|
|
307 |
56342 |
Right right = Right.toRight(rightName); |
308 |
|
|
309 |
56342 |
return authorizationManager.hasAccess(right, user, document); |
310 |
|
} |
311 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
312 |
273 |
@Override... |
313 |
|
public boolean hasProgrammingRights(XWikiContext context) |
314 |
|
{ |
315 |
273 |
return contextualAuthorizationManager.hasAccess(Right.PROGRAM); |
316 |
|
} |
317 |
|
|
|
|
| 0% |
Uncovered Elements: 14 (14) |
Complexity: 4 |
Complexity Density: 0.4 |
|
318 |
0 |
@Override... |
319 |
|
public boolean hasProgrammingRights(XWikiDocument doc, XWikiContext context) |
320 |
|
{ |
321 |
0 |
DocumentReference user; |
322 |
0 |
WikiReference wiki; |
323 |
|
|
324 |
0 |
if (doc != null) { |
325 |
0 |
user = doc.getContentAuthorReference(); |
326 |
0 |
wiki = doc.getDocumentReference().getWikiReference(); |
327 |
|
} else { |
328 |
0 |
user = context.getUserReference(); |
329 |
0 |
wiki = new WikiReference(context.getWikiId()); |
330 |
|
} |
331 |
|
|
332 |
0 |
if (user != null && XWikiConstants.GUEST_USER.equals(user.getName())) { |
333 |
|
|
334 |
|
|
335 |
0 |
user = null; |
336 |
|
} |
337 |
|
|
338 |
|
|
339 |
|
|
340 |
0 |
return authorizationManager.hasAccess(Right.PROGRAM, user, wiki); |
341 |
|
} |
342 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
343 |
387 |
@Override... |
344 |
|
public boolean hasAdminRights(XWikiContext context) |
345 |
|
{ |
346 |
387 |
return contextualAuthorizationManager.hasAccess(Right.ADMIN); |
347 |
|
} |
348 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
349 |
266 |
@Override... |
350 |
|
public boolean hasWikiAdminRights(XWikiContext context) |
351 |
|
{ |
352 |
266 |
return contextualAuthorizationManager.hasAccess(Right.ADMIN, new WikiReference(context.getWikiId())); |
353 |
|
} |
354 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
355 |
2 |
@Override... |
356 |
|
public List<String> listAllLevels(XWikiContext context) |
357 |
|
throws XWikiException |
358 |
|
{ |
359 |
2 |
return Right.getAllRightsAsString(); |
360 |
|
} |
361 |
|
} |