@Role
public interface AuthorizationManager
com.xpn.xwiki.user.api.XWikiRightService
and provides better extensibility and improved performance while
being almost fully compatible with the existing implementation.
See org.xwiki.security.authorization.internal.XWikiCachingRightService
for a bridge to this new authorization
manager for legacy code.
The AuthorisationManager does not provide any help for authentication. Authentication should be provided by
another components, yet to be written.
Neither this authorization manager has any real use of the context (except for some still to be refactored
stuffs, like the read-only mode of XWiki), see ContextualAuthorizationManager for this purpose.Modifier and Type | Field and Description |
---|---|
static String |
SUPERADMIN_USER
The Superadmin username.
|
Modifier and Type | Method and Description |
---|---|
void |
checkAccess(Right right,
DocumentReference userReference,
EntityReference entityReference)
Check if the user identified by
userReference has the access identified by right on the
entity identified by entityReference . |
boolean |
hasAccess(Right right,
DocumentReference userReference,
EntityReference entityReference)
Verifies if the user identified by
userReference has the access identified by right on the
entity identified by entityReference . |
Right |
register(RightDescription rightDescription)
Register a new custom
Right . |
default Right |
register(RightDescription rightDescription,
Set<Right> impliedByRights)
Register a new custom
Right and add it as an implied right to the given set of rights. |
default void |
unregister(Right right)
Unregister the given custom
Right . |
static final String SUPERADMIN_USER
void checkAccess(Right right, DocumentReference userReference, EntityReference entityReference) throws AccessDeniedException
userReference
has the access identified by right
on the
entity identified by entityReference
. Note that some rights may be checked higher in hierarchy of the
provided entity if such right is not enabled at lowest hierarchy level provided.
This function should be used at security checkpoint.right
- the right needed for execution of the actionuserReference
- the user to check the right forentityReference
- the entity on which to check the rightAccessDeniedException
- if the action should be denied, which may also happen when an error occursboolean hasAccess(Right right, DocumentReference userReference, EntityReference entityReference)
userReference
has the access identified by right
on the
entity identified by entityReference
. Note that some rights may be checked higher in hierarchy of the
provided entity if such right is not enabled at lowest hierarchy level provided.
This function should be used for interface matters, use checkAccess(org.xwiki.security.authorization.Right, org.xwiki.model.reference.DocumentReference, org.xwiki.model.reference.EntityReference)
at security checkpoints.right
- the right to check .userReference
- the user to check the right forentityReference
- the entity on which to check the righttrue
if the user has the specified right on the entity, false
otherwiseRight register(RightDescription rightDescription) throws UnableToRegisterRightException
Right
.rightDescription
- the full description of the new Right
Right
UnableToRegisterRightException
- if an error prevent creation of the new right. Registering exactly
the same right does not cause an exception and return the existing right.@Unstable default Right register(RightDescription rightDescription, Set<Right> impliedByRights) throws UnableToRegisterRightException
Right
and add it as an implied right to the given set of rights.rightDescription
- the full description of the new Right
impliedByRights
- the rights that should imply the new right.Right
UnableToRegisterRightException
- if an error prevent creation of the new right. Registering exactly
the same right does not cause an exception and return the existing right.@Unstable default void unregister(Right right) throws AuthorizationException
Right
.right
- the custom right to unregister.AuthorizationException
- if the right is not custom.Copyright © 2004–2021 XWiki. All rights reserved.