@Override public boolean hasAccessLevel(String right, String username, String docname, XWikiContext context) throws XWikiException { if (context != null && context.getRequest() != null && context.getRequest().getSession() != null) { LimsAuthentication limsAuth = (LimsAuthentication) context.getRequest().getSession().getAttribute(Lims247AuthServiceImpl.SESSION_KEY); @SuppressWarnings("deprecation") XWikiDocument doc = context.getWiki().getDocument(docname, context); String access = (String) context.getRequest().getSession().getAttribute(Lims247AuthServiceImpl.ACCESS_KEY); if (doc.getXObject(Patient.CLASS_REFERENCE) != null && limsAuth != null && StringUtils.equals(limsAuth.getUser().getUser(), username) && StringUtils.isNotEmpty(access)) { Right requested = actionToRight(right); Right granted = actionToRight(access); return requested.compareTo(granted) <= 0; } } return super.hasAccessLevel(right, username, docname, context); } }
@Override public boolean checkAccess(String action, XWikiDocument doc, XWikiContext context) throws XWikiException { if (context != null && context.getRequest() != null) { XWikiUser user = context.getWiki().checkAuth(context); if (user != null) { DocumentReference userReference = this.userAndGroupReferenceResolver .resolve(user.getUser(), new WikiReference(context.getDatabase())); context.setUserReference(userReference); } else { context.setUserReference(null); } LimsAuthentication limsAuth = (LimsAuthentication) context.getRequest().getSession().getAttribute(Lims247AuthServiceImpl.SESSION_KEY); String access = (String) context.getRequest().getSession().getAttribute(Lims247AuthServiceImpl.ACCESS_KEY); if (doc.getXObject(Patient.CLASS_REFERENCE) != null && limsAuth != null && StringUtils.isNotEmpty(access)) { Right requested = actionToRight(action); Right granted = actionToRight(access); return requested.compareTo(granted) <= 0; } } return super.checkAccess(action, doc, context); }