Details
-
Task
-
Resolution: Fixed
-
Major
-
None
-
None
-
Unit
-
Unknown
-
Description
The objective is to have a scaffolding of the API, with definitions of interfaces and types and some minimal implementation.
The objective is to define this API based on a usecase, so the creation of the services will be incremental, it can change a lot until the release of the first version.
The design of the API is the one in the file (ignore the arrows on the right, they're coming from a bigger schema including usage of this API) :
Note: this schema assumes that https://forum.xwiki.org/t/update-the-security-api-to-bring-it-closer-to-a-rights-api-implementation/7753 will be accepted as a change (these are the items in the security-api yellow border block on the left side of the schema).
If the change is not accepted we can always copy-paste the code from the security-bridge to a module of this API in order to have the same functionalities.
In terms of usage, it should be able to use something like this (from velocity) - the code is not necessarily correct, it just gives an idea of what we should expect:
Displaying all rights that apply to a page as a table
#set($docToDisplay = $xwiki.getDocument(<ref>))
#set($rules = $services.rights.getActualRules($docToDisplay.documentReference))
## some sorting of the rules collection can be done here, if needed
|= User or group |= Rights
#foreach($rule in $rules)
#foreach($group in $rule.getGroups())
|$group|$rule.getRights()
#end
#foreach($user in $rule.getUsers())
|$user|$rule.getRights()
#end
#end
Set the rights of a page to set view and edit for Admin and view for All
#set($docToUpdate = $xwiki.getDocument(<ref>))
#set($newRules = [])
#set($discard = $newRules.add($services.rights.createWriteableRule(["XWiki.XWikiAdminGroup"], null, ['view', 'edit'], "ALLOW")))
#set($discard = $newRules.add($services.rights.createWriteableRule(["XWiki.XWikiAllGroup"], null, ['view'], "ALLOW")))
## and save
#set($discard = $services.rights.saveRules($newRules, $docToUpdate.documentReference))
Updating the rights on a page to cleanup all the explicit view, edit or comment rights and keep any other right that is set
#set($docToUpdate = $xwiki.getDocument(<ref>))
#set($currentRules = $services.rights.getRules($docToUpdate.documentReference))
#set($newRules = [])
#foreach($currentRule in $currentRules)
#set($newRule = $services.rights.createWriteableRule($currentRule))
## NOTE: this remove may not work how I want it to, but we can fix it so or add API in WriteableSecurityRule
## remove view, edit and comment, if they exist
#set($discard = $newRule.rights.remove('view'))
#set($discard = $newRule.rights.remove('edit'))
#set($discard = $newRule.rights.remove('comment'))
#set($discard = $newRules.add($newRule))
#end
## and save
#set($discard = $services.rights.saveRules($newRules, $docToUpdate.documentReference))
Update the rights of a page to add edit right for a group
#set($groupToAddRef = <ref group>)
#set($rightToAdd = "edit")
#set($docToUpdate = $xwiki.getDocument(<ref>))
#set($currentRules = $services.rights.getRules($docToUpdate.documentReference))
#set($newRules = $services.rights.getWriteableRules($currentRules))
#set($alreadyIn = false)
#foreach($nr in $newRules)
#if ($nr.match($groupToAdd) && $nr.match($rightToAdd))
#set($alreadyIn = true)
#end
#end
#if (!$alreadyIn)
#set($discard = $newRules.add($services.rights.createWriteableRule([$groupToAdd], null, [$rightToAdd], "ALLOW")))
#set($discard = $services.rights.saveRules($newRules, $docToUpdate.documentReference))
#end
Attachments
Issue Links
- relates to
-
-
- Open
-