Uploaded image for project: 'Rights API'
  1. Rights API
  2. RIGHTSAPI-1

Scaffolding of the rights API

    XMLWordPrintable

Details

    • Task
    • Resolution: Fixed
    • Major
    • 1.0-rc-1
    • None
    • None
    • Unit
    • Unknown

    Description

      The objective is to have a scaffolding of the API, with definitions of interfaces and types and some minimal implementation.

      The objective is to define this API based on a usecase, so the creation of the services will be incremental, it can change a lot until the release of the first version.

      The design of the API is the one in the file (ignore the arrows on the right, they're coming from a bigger schema including usage of this API) :

      Note: this schema assumes that https://forum.xwiki.org/t/update-the-security-api-to-bring-it-closer-to-a-rights-api-implementation/7753 will be accepted as a change (these are the items in the security-api yellow border block on the left side of the schema).
      If the change is not accepted we can always copy-paste the code from the security-bridge to a module of this API in order to have the same functionalities.

      In terms of usage, it should be able to use something like this (from velocity) - the code is not necessarily correct, it just gives an idea of what we should expect:

      Displaying all rights that apply to a page as a table

      #set($docToDisplay = $xwiki.getDocument(<ref>))
      #set($rules = $services.rights.getActualRules($docToDisplay.documentReference))
      ## some sorting of the rules collection can be done here, if needed
      |= User or group |= Rights
      #foreach($rule in $rules)
        #foreach($group in $rule.getGroups())
          |$group|$rule.getRights()
        #end
        #foreach($user in $rule.getUsers())
          |$user|$rule.getRights()
        #end
      #end
      

      Set the rights of a page to set view and edit for Admin and view for All

      #set($docToUpdate = $xwiki.getDocument(<ref>))
      #set($newRules = [])
      #set($discard = $newRules.add($services.rights.createWriteableRule(["XWiki.XWikiAdminGroup"], null, ['view', 'edit'], "ALLOW")))
      #set($discard = $newRules.add($services.rights.createWriteableRule(["XWiki.XWikiAllGroup"], null, ['view'], "ALLOW")))
      ## and save
      #set($discard = $services.rights.saveRules($newRules, $docToUpdate.documentReference))
      Updating the rights on a page to cleanup all the explicit view, edit or comment rights and keep any other right that is set
      #set($docToUpdate = $xwiki.getDocument(<ref>))
      #set($currentRules = $services.rights.getRules($docToUpdate.documentReference))
      #set($newRules = [])
      #foreach($currentRule in $currentRules)
        #set($newRule = $services.rights.createWriteableRule($currentRule))
        ## NOTE: this remove may not work how I want it to, but we can fix it so or add API in WriteableSecurityRule
        ## remove view, edit and comment, if they exist
        #set($discard = $newRule.rights.remove('view'))
        #set($discard = $newRule.rights.remove('edit'))
        #set($discard = $newRule.rights.remove('comment'))
        #set($discard = $newRules.add($newRule))
      #end
      ## and save
      #set($discard = $services.rights.saveRules($newRules, $docToUpdate.documentReference))
      

      Update the rights of a page to add edit right for a group

      #set($groupToAddRef = <ref group>)
      #set($rightToAdd = "edit")
      #set($docToUpdate = $xwiki.getDocument(<ref>))
      #set($currentRules = $services.rights.getRules($docToUpdate.documentReference))
      #set($newRules = $services.rights.getWriteableRules($currentRules))
      #set($alreadyIn = false)
      #foreach($nr in $newRules)
        #if ($nr.match($groupToAdd) && $nr.match($rightToAdd))
          #set($alreadyIn = true)
        #end
      #end
      #if (!$alreadyIn)
        #set($discard = $newRules.add($services.rights.createWriteableRule([$groupToAdd], null, [$rightToAdd], "ALLOW")))
        #set($discard = $services.rights.saveRules($newRules, $docToUpdate.documentReference))
      #end
      

      Attachments

        Issue Links

          Activity

            People

              graileanu Gabriel Răileanu
              lucaa Anca Luca
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: