Details
-
Task
-
Resolution: Fixed
-
Major
-
None
-
None
-
Unit
-
Unknown
-
Description
The objective is to have a scaffolding of the API, with definitions of interfaces and types and some minimal implementation.
The objective is to define this API based on a usecase, so the creation of the services will be incremental, it can change a lot until the release of the first version.
The design of the API is the one in the file (ignore the arrows on the right, they're coming from a bigger schema including usage of this API) :
Note: this schema assumes that https://forum.xwiki.org/t/update-the-security-api-to-bring-it-closer-to-a-rights-api-implementation/7753 will be accepted as a change (these are the items in the security-api yellow border block on the left side of the schema).
If the change is not accepted we can always copy-paste the code from the security-bridge to a module of this API in order to have the same functionalities.
In terms of usage, it should be able to use something like this (from velocity) - the code is not necessarily correct, it just gives an idea of what we should expect:
Displaying all rights that apply to a page as a table
#set($docToDisplay = $xwiki.getDocument(<ref>)) #set($rules = $services.rights.getActualRules($docToDisplay.documentReference)) ## some sorting of the rules collection can be done here, if needed |= User or group |= Rights #foreach($rule in $rules) #foreach($group in $rule.getGroups()) |$group|$rule.getRights() #end #foreach($user in $rule.getUsers()) |$user|$rule.getRights() #end #end
Set the rights of a page to set view and edit for Admin and view for All
#set($docToUpdate = $xwiki.getDocument(<ref>)) #set($newRules = []) #set($discard = $newRules.add($services.rights.createWriteableRule(["XWiki.XWikiAdminGroup"], null, ['view', 'edit'], "ALLOW"))) #set($discard = $newRules.add($services.rights.createWriteableRule(["XWiki.XWikiAllGroup"], null, ['view'], "ALLOW"))) ## and save #set($discard = $services.rights.saveRules($newRules, $docToUpdate.documentReference)) Updating the rights on a page to cleanup all the explicit view, edit or comment rights and keep any other right that is set #set($docToUpdate = $xwiki.getDocument(<ref>)) #set($currentRules = $services.rights.getRules($docToUpdate.documentReference)) #set($newRules = []) #foreach($currentRule in $currentRules) #set($newRule = $services.rights.createWriteableRule($currentRule)) ## NOTE: this remove may not work how I want it to, but we can fix it so or add API in WriteableSecurityRule ## remove view, edit and comment, if they exist #set($discard = $newRule.rights.remove('view')) #set($discard = $newRule.rights.remove('edit')) #set($discard = $newRule.rights.remove('comment')) #set($discard = $newRules.add($newRule)) #end ## and save #set($discard = $services.rights.saveRules($newRules, $docToUpdate.documentReference))
Update the rights of a page to add edit right for a group
#set($groupToAddRef = <ref group>) #set($rightToAdd = "edit") #set($docToUpdate = $xwiki.getDocument(<ref>)) #set($currentRules = $services.rights.getRules($docToUpdate.documentReference)) #set($newRules = $services.rights.getWriteableRules($currentRules)) #set($alreadyIn = false) #foreach($nr in $newRules) #if ($nr.match($groupToAdd) && $nr.match($rightToAdd)) #set($alreadyIn = true) #end #end #if (!$alreadyIn) #set($discard = $newRules.add($services.rights.createWriteableRule([$groupToAdd], null, [$rightToAdd], "ALLOW"))) #set($discard = $services.rights.saveRules($newRules, $docToUpdate.documentReference)) #end
Attachments
Issue Links
- relates to
-
RIGHTSAPI-3 Use a platform security rules reader instead of duplicating the code
- Open