/** * restore the wikitty authorisation attached to given extension. * * @return a wikitty with WikittyAuthorisation extension, or null if given * extension has no security policy attached */ protected Wikitty restoreExtensionAuthorisation(String securityToken, WikittyExtension extension) { return restoreExtensionAuthorisation(securityToken, extension.getName()); }
protected void checkStoreExtension(String securityToken, Collection<WikittyExtension> exts) { String userId = getUserId(securityToken); if ( ! isAppAdmin(securityToken, userId)) { for (WikittyExtension extension : exts) { Wikitty extensionAuthorisation = restoreExtensionAuthorisation(securityToken, extension.getName()); if (extensionAuthorisation != null) { // canWrite is true if this user can modify the field for this extension boolean canWrite = canWrite(securityToken, userId, null, extensionAuthorisation); if ( ! canWrite) { throw new SecurityException(t("user %s don't have write right for extension %s", userId, extension)); } } } } }
Wikitty extensionRights = restoreExtensionAuthorisation( securityToken, extensionName); boolean canCreate = extensionRights == null ||