Class SecurityAuthorizationScriptService

  • All Implemented Interfaces:
    org.xwiki.script.service.ScriptService

    @Component
    @Named("security.authorization")
    @Singleton
    public class SecurityAuthorizationScriptService
    extends Object
    implements org.xwiki.script.service.ScriptService
    Security Authorization Script Service.
    Since:
    6.1RC1
    Version:
    $Id: 67fda8ba1dee4760cc5d28cdcf33c193ed9ee435 $
    • Field Summary

      Fields 
      Modifier and Type Field Description
      static String ID
      The role hint of this component.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void checkAccess​(Right right)
      Check if access identified by right on the current entity is allowed in the current context.
      void checkAccess​(Right right, org.xwiki.model.reference.DocumentReference userReference, org.xwiki.model.reference.EntityReference entityReference)
      Check if the user identified by userReference has the access identified by right on the entity identified by entityReference.
      void checkAccess​(Right right, org.xwiki.model.reference.EntityReference entityReference)
      Check if access identified by right on the given entity is allowed in the current context.
      List<String> getAllRightsNames()  
      boolean hasAccess​(Right right)
      Verifies if access identified by right on the current entity would be allowed in the current context.
      boolean hasAccess​(Right right, org.xwiki.model.reference.DocumentReference userReference, org.xwiki.model.reference.EntityReference entityReference)
      Verifies if the user identified by userReference has the access identified by right on the entity identified by entityReference.
      boolean hasAccess​(Right right, org.xwiki.model.reference.EntityReference entityReference)
      Verifies if access identified by right on the given entity would be allowed in the current context.
      boolean isRightRegistered​(String rightName)
      Check that a specific right is registered or not.
    • Constructor Detail

      • SecurityAuthorizationScriptService

        public SecurityAuthorizationScriptService()
    • Method Detail

      • checkAccess

        public void checkAccess​(Right right)
                         throws AccessDeniedException
        Check if access identified by right on the current entity is allowed in the current context. The context includes information like the authenticated user, the current macro being executed, the rendering context restriction, the dropping of rights by macro, etc... This function should be used at security checkpoint.
        Parameters:
        right - the right needed for execution of the action
        Throws:
        AccessDeniedException - if the action should be denied, which may also happen when an error occurs
      • hasAccess

        public boolean hasAccess​(Right right)
        Verifies if access identified by right on the current entity would be allowed in the current context. The context includes information like the authenticated user, the current macro being executed, the rendering context restriction, the dropping of rights by macro, etc... This function should be used for interface matters, use checkAccess(org.xwiki.security.authorization.Right) at security checkpoints.
        Parameters:
        right - the right to check .
        Returns:
        true if the user has the specified right on the entity, false otherwise
      • checkAccess

        public void checkAccess​(Right right,
                                org.xwiki.model.reference.EntityReference entityReference)
                         throws AccessDeniedException
        Check if access identified by right on the given entity is allowed in the current context. The context includes information like the authenticated user, the current macro being executed, the rendering context restriction, the dropping of rights by macro, etc... This function should be used at security checkpoint.
        Parameters:
        right - the right needed for execution of the action
        entityReference - the entity on which to check the right
        Throws:
        AccessDeniedException - if the action should be denied, which may also happen when an error occurs
      • hasAccess

        public boolean hasAccess​(Right right,
                                 org.xwiki.model.reference.EntityReference entityReference)
        Verifies if access identified by right on the given entity would be allowed in the current context. The context includes information like the authenticated user, the current macro being executed, the rendering context restriction, the dropping of rights by macro, etc... This function should be used for interface matters, use checkAccess(org.xwiki.security.authorization.Right) at security checkpoints.
        Parameters:
        right - the right to check.
        entityReference - the entity on which to check the right
        Returns:
        true if the user has the specified right on the entity, false otherwise
      • checkAccess

        public void checkAccess​(Right right,
                                org.xwiki.model.reference.DocumentReference userReference,
                                org.xwiki.model.reference.EntityReference entityReference)
                         throws AccessDeniedException
        Check if the user identified by userReference has the access identified by right on the entity identified by entityReference. Note that some rights may be checked higher in hierarchy of the provided entity if such right is not enabled at lowest hierarchy level provided. This function should be used at security checkpoint.
        Parameters:
        right - the right needed for execution of the action
        userReference - the user to check the right for
        entityReference - the entity on which to check the right
        Throws:
        AccessDeniedException - if the action should be denied, which may also happen when an error occurs
      • hasAccess

        public boolean hasAccess​(Right right,
                                 org.xwiki.model.reference.DocumentReference userReference,
                                 org.xwiki.model.reference.EntityReference entityReference)
        Verifies if the user identified by userReference has the access identified by right on the entity identified by entityReference. Note that some rights may be checked higher in hierarchy of the provided entity if such right is not enabled at lowest hierarchy level provided. This function should be used for interface matters, use checkAccess(org.xwiki.security.authorization.Right) at security checkpoints.
        Parameters:
        right - the right to check .
        userReference - the user to check the right for
        entityReference - the entity on which to check the right
        Returns:
        true if the user has the specified right on the entity, false otherwise
      • isRightRegistered

        public boolean isRightRegistered​(String rightName)
        Check that a specific right is registered or not.
        Parameters:
        rightName - the name of the right to check for registration.
        Returns:
        true only if the right name can be find.
        Since:
        12.7RC1
      • getAllRightsNames

        @Unstable
        public List<String> getAllRightsNames()
        Returns:
        all the registered rights names.
        Since:
        13.5RC1