Class | Line # | Actions | |||||
---|---|---|---|---|---|---|---|
DefaultVfsPermissionChecker | 41 | 2 | 0% | 2 | 0 |
1 | /* | |
2 | * See the NOTICE file distributed with this work for additional | |
3 | * information regarding copyright ownership. | |
4 | * | |
5 | * This is free software; you can redistribute it and/or modify it | |
6 | * under the terms of the GNU Lesser General Public License as | |
7 | * published by the Free Software Foundation; either version 2.1 of | |
8 | * the License, or (at your option) any later version. | |
9 | * | |
10 | * This software is distributed in the hope that it will be useful, | |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
13 | * Lesser General Public License for more details. | |
14 | * | |
15 | * You should have received a copy of the GNU Lesser General Public | |
16 | * License along with this software; if not, write to the Free | |
17 | * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA | |
18 | * 02110-1301 USA, or see the FSF site: http://www.fsf.org. | |
19 | */ | |
20 | package org.xwiki.vfs.internal; | |
21 | ||
22 | import javax.inject.Inject; | |
23 | import javax.inject.Singleton; | |
24 | ||
25 | import org.xwiki.component.annotation.Component; | |
26 | import org.xwiki.security.authorization.ContextualAuthorizationManager; | |
27 | import org.xwiki.security.authorization.Right; | |
28 | import org.xwiki.vfs.VfsException; | |
29 | import org.xwiki.vfs.VfsPermissionChecker; | |
30 | import org.xwiki.vfs.VfsResourceReference; | |
31 | ||
32 | /** | |
33 | * Generic Permission checked used when there's no scheme-specific Permission Checker and that verifies that the current | |
34 | * user has Programming Rights. | |
35 | * | |
36 | * @version $Id: 6adc734ee7ea841f48b67b4c4489f7919c25bba7 $ | |
37 | * @since 7.4M2 | |
38 | */ | |
39 | @Component | |
40 | @Singleton | |
41 | public class DefaultVfsPermissionChecker implements VfsPermissionChecker | |
42 | { | |
43 | @Inject | |
44 | private ContextualAuthorizationManager authorizationManager; | |
45 | ||
46 | 2 | @Override |
47 | public void checkPermission(VfsResourceReference resourceReference) throws VfsException | |
48 | { | |
49 | // By default we only allow VFS access when the current user has Programming Rights, for security reason. | |
50 | // Without this a wiki user could access the local filesystem for example by using the File URI scheme. | |
51 | 2 | if (!this.authorizationManager.hasAccess(Right.PROGRAM)) { |
52 | 1 | throw new VfsException(String.format( |
53 | "Current logged-in user needs to have Programming Rights to use the [%s] VFS", | |
54 | resourceReference.getURI().getScheme())); | |
55 | } | |
56 | } | |
57 | } |