@Override public WikittyEvent clear(String securityToken) { String userId = getUserId(securityToken); if (isAppAdmin(securityToken, userId)) { // seul les AppAdmin on le droit a cette method WikittyEvent result = getDelegate().clear(securityToken); return result; } else { throw new SecurityException(String.format( "user %s can't clear data", userId)); } }
protected boolean canWrite(String securityToken, String userId, String extensionName, Wikitty wikitty) { boolean canWrite = false; // first, check per-extension rights if (wikitty.hasMetaExtension(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION, extensionName)) { // there is a policy on the extension of fqFieldDirtyName canWrite = isWriter(securityToken, userId, wikitty, extensionName) || canAdmin(securityToken, userId, extensionName, wikitty); } if ( ! canWrite && wikitty.hasExtension(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION) ) { // there is no policy for this extension // but there is a policy for all extension of wikitty canWrite = isWriter(securityToken, userId, wikitty, null) || canAdmin(securityToken, userId, extensionName, wikitty); } else { // no security policy, everything is allowed canWrite = true; } return canWrite; }
protected void checkStoreExtension(String securityToken, Collection<WikittyExtension> exts) { String userId = getUserId(securityToken); if ( ! isAppAdmin(securityToken, userId)) { for (WikittyExtension extension : exts) { Wikitty extensionAuthorisation = restoreExtensionAuthorisation(securityToken, extension.getName()); if (extensionAuthorisation != null) { // canWrite is true if this user can modify the field for this extension boolean canWrite = canWrite(securityToken, userId, null, extensionAuthorisation); if ( ! canWrite) { throw new SecurityException(String.format( "user %s don't have write right for extension %s", userId, extension)); } } } } }
/** * if app-admin group exists, return true if given userId is app-admin * if app-admin group doesn't exists, return true if user is anonymous */ protected boolean userIsAnonymousOrAppAdmin(String securityToken, String userId) { boolean userIsAnonymousOrAppAdmin = false; if (getAppAdminGroup(securityToken) == null) { if (securityToken == null) { // user is anonymous userIsAnonymousOrAppAdmin = true; } } else { if (isAppAdmin(securityToken, userId)) { // user is appAdmin userIsAnonymousOrAppAdmin = true; } } return userIsAnonymousOrAppAdmin; }
/** check if a given user belong to the group of app-admins. */ protected boolean isAppAdmin(String securityToken, String userId) { // si le group n'existe pas alors tout le monde est admin boolean result = true; Wikitty group = getAppAdminGroup(securityToken); if (group != null) { Set<String> ids = WikittyGroupHelper.getMembers(group); result = isMember(securityToken, userId, ids); } return result; }
long start = TimeLog.getTime(); String userId = getUserId(securityToken); for (WikittyEvent e : events) { if (e.getType().contains( || e.getType().contains( WikittyEvent.WikittyEventType.CLEAR_EXTENSION)) { if (isAppAdmin(securityToken, userId)) { checkStore(securityToken, e.getWikitties().values()); checkDelete(securityToken, e.getRemoveDate().keySet()); checkStoreExtension(securityToken, e.getExtensions().values()); checkDeleteExtension(securityToken, e.getDeletedExtensions()); WikittyEvent result = getDelegate().replay(securityToken, events, force); return result;
String userId = getUserId(securityToken); for (Wikitty wikitty : wikitties) { if (wikitty == null) { getDelegate(), securityToken, wikitty.getWikittyId()); Wikitty extensionRights = restoreExtensionAuthorisation( securityToken, extensionName); boolean canCreate = extensionRights == null || canRead(securityToken, userId, null, extensionRights); if ( ! canCreate ) { throw new SecurityException(String.format( canChange = canAdmin(securityToken, userId, concernedExtensionName, wikitty); } else { canChange = canWrite(securityToken, userId, concernedExtensionName, wikitty);
@Override public Wikitty restoreVersion(String securityToken, String wikittyId, String version) { Wikitty wikitty = getDelegate().restoreVersion(securityToken, wikittyId, version); long start = TimeLog.getTime(); String userId = getUserId(securityToken); wikitty = refuseUnauthorizedRead(securityToken, userId, wikitty); timeLog.log(start, "restoreVersion"); return wikitty; }
@Override public boolean canDelete(String securityToken, String wikittyId) { boolean result = true; Wikitty wikitty = WikittyServiceEnhanced.restore( getDelegate(), securityToken, wikittyId); if (wikitty != null) { String userId = getUserId(securityToken); for (String extName : wikitty.getExtensionNames()) { result = result && isWriter(securityToken, userId, wikitty, extName); if (!result) { break; } } } return result; }
@Override public boolean canRead(String securityToken, String wikittyId) { boolean result = true; String userId = getUserId(securityToken); Wikitty wikitty = WikittyServiceEnhanced.restore(getDelegate(), securityToken, wikittyId); if (wikitty == null) { result = false; } else { for (String extName : wikitty.getExtensionNames()) { result = result && isReader(securityToken, userId, wikitty, extName); if (!result) { break; } } } return result; }
/** * Check if we can delete all id passed in argument * @param securityToken * @param ids */ public void checkDelete(String securityToken, Collection<String> ids) { String userId = getUserId(securityToken); List<String> idsAsList = new ArrayList<String>(ids); List<Wikitty> wikitties = getDelegate().restore(securityToken, idsAsList); for (Wikitty wikitty : wikitties) { if (wikitty != null) { for (String extensionName : wikitty.getExtensionNames()) { if ( ! canWrite(securityToken, userId, extensionName, wikitty)) { throw new SecurityException(String.format( "user %s doesn't have rights on extension %s on wikitty %s", userId, extensionName, wikitty)); } } } } }
@Override public WikittyEvent deleteTree(String securityToken, String treeNodeId) { Wikitty treeNodeWikitty = WikittyServiceEnhanced.restore( getDelegate(), securityToken, treeNodeId); long start = TimeLog.getTime(); Collection<Wikitty> wikitties = Collections.singletonList(treeNodeWikitty); // TODO poussin 20101222 perhaps we must check deletion authorization // for all children ? checkStore(securityToken, wikitties); timeLog.log(start, "deleteTree"); return getDelegate().deleteTree(securityToken, treeNodeId); }
getDelegate(), securityToken, id); if (groupWikitty != null && WikittyGroupHelper.hasExtension(groupWikitty)) { Set<String> members = WikittyGroupHelper.getMembers(groupWikitty); return isMember(securityToken, userId, members);
private void checkRestoreTreeNode(String securityToken, String userId, WikittyTreeNode treeNode) { Wikitty treeNodeWikitty = WikittyUtil.getWikitty(getDelegate(), securityToken, treeNode); refuseUnauthorizedRead(securityToken, userId, treeNodeWikitty); }
@Override public WikittyEvent delete(String securityToken, Collection<String> ids) { long start = TimeLog.getTime(); checkDelete(securityToken, ids); timeLog.log(start, "delete"); WikittyEvent result = getDelegate().delete(securityToken, ids); return result; }
@Override public WikittyEvent storeExtension(String securityToken, Collection<WikittyExtension> exts) { long start = TimeLog.getTime(); checkStoreExtension(securityToken, exts); timeLog.log(start, "storeExtension"); return getDelegate().storeExtension(securityToken, exts); }
@Override public WikittyEvent deleteExtension( String securityToken, Collection<String> extNames) { long start = TimeLog.getTime(); checkDeleteExtension(securityToken, extNames); timeLog.log(start, "deleteExtension"); return getDelegate().deleteExtension(securityToken, extNames); }
/** get the wikitty with extension WikittyGroup that contains all app-admin. */ protected Wikitty getAppAdminGroup(String securityToken) { // on a deja fait la recherche precedement, on essaie de reutilise // le meme id Wikitty group = WikittyServiceEnhanced.restore( getDelegate(), securityToken, appAdminGroupId); if (group == null) { // 1er fois, on le recherche WikittyQuery criteria = new WikittyQueryMaker() .eq(WikittyGroup.FQ_FIELD_WIKITTYGROUP_NAME, WikittySecurityHelper.WIKITTY_APPADMIN_GROUP_NAME).end(); String groupId = getClient(securityToken).findByQuery(criteria); appAdminGroupId = groupId; group = WikittyServiceEnhanced.restore( getDelegate(), securityToken, appAdminGroupId); } return group; }
/** * restore the wikitty authorisation attached to given extension. * * @return a wikitty with WikittyAuthorisation extension, or null if given * extension has no security policy attached */ protected Wikitty restoreExtensionAuthorisation(String securityToken, String extensionName) { String wikittyAuthorisationId = WikittyMetaExtensionUtil.generateId( WikittyAuthorisation.EXT_WIKITTYAUTHORISATION, extensionName); Wikitty wikittyAuthorisation = WikittyServiceEnhanced.restore( getDelegate(), securityToken, wikittyAuthorisationId); if (wikittyAuthorisation == null) { log.debug(extensionName + " has no authorisation attached"); } return wikittyAuthorisation; }
protected boolean canRead(String securityToken, String userId, String extensionName, Wikitty wikitty) { boolean canRead = false; // first, check per-extension rights if (wikitty.hasMetaExtension(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION, extensionName)) { // there is a policy on the extension canRead = isReader(securityToken, userId, wikitty, extensionName) || canWrite(securityToken, userId, extensionName, wikitty); } if ( ! canRead && wikitty.hasExtension(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION) ) { // there is no policy for this extension // but there is a policy for all extension of wikitty canRead = isReader(securityToken, userId, wikitty, null) || canWrite(securityToken, userId, extensionName, wikitty); } else { // no security policy, everything is allowed canRead = true; } return canRead; }