Interface AuthorizationManager

  • All Known Implementing Classes:
    DefaultAuthorizationManager

    @Role
    public interface AuthorizationManager
    This API is for checking the access rights of any users on any XWiki entities. It replaces com.xpn.xwiki.user.api.XWikiRightService and provides better extensibility and improved performance while being almost fully compatible with the existing implementation. See org.xwiki.security.authorization.internal.XWikiCachingRightService for a bridge to this new authorization manager for legacy code. The AuthorisationManager does not provide any help for authentication. Authentication should be provided by another components, yet to be written. Neither this authorization manager has any real use of the context (except for some still to be refactored stuffs, like the read-only mode of XWiki), see ContextualAuthorizationManager for this purpose.
    Since:
    4.0M2
    Version:
    $Id: 52b93bafca1c8835e44c778109ec75d0ab0f8e12 $
    • Method Detail

      • checkAccess

        void checkAccess​(Right right,
                         DocumentReference userReference,
                         EntityReference entityReference)
                  throws AccessDeniedException
        Check if the user identified by userReference has the access identified by right on the entity identified by entityReference. Note that some rights may be checked higher in hierarchy of the provided entity if such right is not enabled at lowest hierarchy level provided. This function should be used at security checkpoint.
        Parameters:
        right - the right needed for execution of the action
        userReference - the user to check the right for
        entityReference - the entity on which to check the right
        Throws:
        AccessDeniedException - if the action should be denied, which may also happen when an error occurs
      • register

        default Right register​(RightDescription rightDescription,
                               Set<Right> impliedByRights)
                        throws UnableToRegisterRightException
        Register a new custom Right and add it as an implied right to the given set of rights.
        Parameters:
        rightDescription - the full description of the new Right
        impliedByRights - the rights that should imply the new right.
        Returns:
        the created Right
        Throws:
        UnableToRegisterRightException - if an error prevent creation of the new right. Registering exactly the same right does not cause an exception and return the existing right.
        Since:
        12.6