protected boolean canRead(String securityToken, String userId, String extensionName, Wikitty wikitty) { boolean canRead = false; // first, check per-extension rights if (wikitty.hasMetaExtension(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION, extensionName)) { // there is a policy on the extension canRead = isReader(securityToken, userId, wikitty, extensionName) || canWrite(securityToken, userId, extensionName, wikitty); } if ( ! canRead && wikitty.hasExtension(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION) ) { // there is no policy for this extension // but there is a policy for all extension of wikitty canRead = isReader(securityToken, userId, wikitty, null) || canWrite(securityToken, userId, extensionName, wikitty); } else { // no security policy, everything is allowed canRead = true; } return canRead; }
/** * Check if we can delete all id passed in argument * @param securityToken * @param ids */ public void checkDelete(String securityToken, Collection<String> ids) { String userId = getUserId(securityToken); List<String> idsAsList = new ArrayList<String>(ids); List<Wikitty> wikitties = getDelegate().restore(securityToken, idsAsList); for (Wikitty wikitty : wikitties) { if (wikitty != null) { for (String extensionName : wikitty.getExtensionNames()) { if ( ! canWrite(securityToken, userId, extensionName, wikitty)) { throw new SecurityException(String.format( "user %s doesn't have rights on extension %s on wikitty %s", userId, extensionName, wikitty)); } } } } }
protected void checkStoreExtension(String securityToken, Collection<WikittyExtension> exts) { String userId = getUserId(securityToken); if ( ! isAppAdmin(securityToken, userId)) { for (WikittyExtension extension : exts) { Wikitty extensionAuthorisation = restoreExtensionAuthorisation(securityToken, extension.getName()); if (extensionAuthorisation != null) { // canWrite is true if this user can modify the field for this extension boolean canWrite = canWrite(securityToken, userId, null, extensionAuthorisation); if ( ! canWrite) { throw new SecurityException(String.format( "user %s don't have write right for extension %s", userId, extension)); } } } } }
userId, concernedExtensionName, wikitty); } else { canChange = canWrite(securityToken, userId, concernedExtensionName, wikitty);