1. Project Clover database Tue Dec 20 2016 21:24:09 CET
  2. Package org.xwiki.vfs.internal.attach

File AttachVfsPermissionChecker.java

 

Coverage histogram

../../../../../img/srcFileCovDistChart7.png
64% of files have more coverage

Code metrics

2
3
1
1
70
31
2
0.67
3
1
2

Classes

Class Line # Actions
AttachVfsPermissionChecker 46 3 0% 2 2
0.666666766.7%
 

Contributing tests

This file is covered by 1 test. .

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package org.xwiki.vfs.internal.attach;
21   
22    import javax.inject.Inject;
23    import javax.inject.Named;
24    import javax.inject.Singleton;
25   
26    import org.xwiki.component.annotation.Component;
27    import org.xwiki.model.reference.AttachmentReferenceResolver;
28    import org.xwiki.model.reference.DocumentReference;
29    import org.xwiki.security.authorization.ContextualAuthorizationManager;
30    import org.xwiki.security.authorization.Right;
31    import org.xwiki.vfs.VfsException;
32    import org.xwiki.vfs.VfsPermissionChecker;
33    import org.xwiki.vfs.VfsResourceReference;
34   
35    /**
36    * Permission checker for the Attach VFS URI scheme. We check that the current user has view permissions on the page
37    * holding the attachment. We need to do this here for the moment because of
38    * <a href="http://jira.xwiki.org/browse/XWIKI-12912">this issue</a>.
39    *
40    * @version $Id: 569b6655c10f13ecfa0b387643eeb1ac52363b23 $
41    * @since 7.4M2
42    */
43    @Component
44    @Named("attach")
45    @Singleton
 
46    public class AttachVfsPermissionChecker implements VfsPermissionChecker
47    {
48    @Inject
49    private ContextualAuthorizationManager authorizationManager;
50   
51    @Inject
52    private AttachmentReferenceResolver<String> defaultAttachmentReferenceresolver;
53   
 
54  6 toggle @Override
55    public void checkPermission(VfsResourceReference resourceReference) throws VfsException
56    {
57    // Check for view permission for the page holding the attachment and for the current user.
58   
59    // Extract the document reference from the VFS Resource Reference
60    // Use a default resolver (and not a current one) since we don't have any context, we're in a new
61    // request.
62   
63  6 DocumentReference documentReference = this.defaultAttachmentReferenceresolver.resolve(
64    resourceReference.getURI().getSchemeSpecificPart()).getDocumentReference();
65   
66  6 if (!this.authorizationManager.hasAccess(Right.VIEW, documentReference)) {
67  0 throw new VfsException(String.format("No View permission for document [%s]", documentReference));
68    }
69    }
70    }