Package org.xwiki.security.authorization
Interface AuthorizationManager
-
- All Known Implementing Classes:
DefaultAuthorizationManager
@Role public interface AuthorizationManager
This API is for checking the access rights of any users on any XWiki entities. It replacescom.xpn.xwiki.user.api.XWikiRightService
and provides better extensibility and improved performance while being almost fully compatible with the existing implementation. Seeorg.xwiki.security.authorization.internal.XWikiCachingRightService
for a bridge to this new authorization manager for legacy code. The AuthorisationManager does not provide any help for authentication. Authentication should be provided by another components, yet to be written. Neither this authorization manager has any real use of the context (except for some still to be refactored stuffs, like the read-only mode of XWiki), see ContextualAuthorizationManager for this purpose.- Since:
- 4.0M2
- Version:
- $Id: 52b93bafca1c8835e44c778109ec75d0ab0f8e12 $
-
-
Field Summary
Fields Modifier and Type Field Description static String
SUPERADMIN_USER
The Superadmin username.
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description void
checkAccess(Right right, DocumentReference userReference, EntityReference entityReference)
Check if the user identified byuserReference
has the access identified byright
on the entity identified byentityReference
.boolean
hasAccess(Right right, DocumentReference userReference, EntityReference entityReference)
Verifies if the user identified byuserReference
has the access identified byright
on the entity identified byentityReference
.Right
register(RightDescription rightDescription)
Register a new customRight
.default Right
register(RightDescription rightDescription, Set<Right> impliedByRights)
Register a new customRight
and add it as an implied right to the given set of rights.default void
unregister(Right right)
Unregister the given customRight
.
-
-
-
Field Detail
-
SUPERADMIN_USER
static final String SUPERADMIN_USER
The Superadmin username.- See Also:
- Constant Field Values
-
-
Method Detail
-
checkAccess
void checkAccess(Right right, DocumentReference userReference, EntityReference entityReference) throws AccessDeniedException
Check if the user identified byuserReference
has the access identified byright
on the entity identified byentityReference
. Note that some rights may be checked higher in hierarchy of the provided entity if such right is not enabled at lowest hierarchy level provided. This function should be used at security checkpoint.- Parameters:
right
- the right needed for execution of the actionuserReference
- the user to check the right forentityReference
- the entity on which to check the right- Throws:
AccessDeniedException
- if the action should be denied, which may also happen when an error occurs
-
hasAccess
boolean hasAccess(Right right, DocumentReference userReference, EntityReference entityReference)
Verifies if the user identified byuserReference
has the access identified byright
on the entity identified byentityReference
. Note that some rights may be checked higher in hierarchy of the provided entity if such right is not enabled at lowest hierarchy level provided. This function should be used for interface matters, usecheckAccess(org.xwiki.security.authorization.Right, org.xwiki.model.reference.DocumentReference, org.xwiki.model.reference.EntityReference)
at security checkpoints.- Parameters:
right
- the right to check .userReference
- the user to check the right forentityReference
- the entity on which to check the right- Returns:
true
if the user has the specified right on the entity,false
otherwise
-
register
Right register(RightDescription rightDescription) throws UnableToRegisterRightException
Register a new customRight
.- Parameters:
rightDescription
- the full description of the newRight
- Returns:
- the created
Right
- Throws:
UnableToRegisterRightException
- if an error prevent creation of the new right. Registering exactly the same right does not cause an exception and return the existing right.
-
register
default Right register(RightDescription rightDescription, Set<Right> impliedByRights) throws UnableToRegisterRightException
Register a new customRight
and add it as an implied right to the given set of rights.- Parameters:
rightDescription
- the full description of the newRight
impliedByRights
- the rights that should imply the new right.- Returns:
- the created
Right
- Throws:
UnableToRegisterRightException
- if an error prevent creation of the new right. Registering exactly the same right does not cause an exception and return the existing right.- Since:
- 12.6
-
unregister
@Unstable default void unregister(Right right) throws AuthorizationException
Unregister the given customRight
.- Parameters:
right
- the custom right to unregister.- Throws:
AuthorizationException
- if the right is not custom.- Since:
- 13.5RC1
-
-