Package org.apache.wiki.auth.permissions

Class GroupPermission

  • All Implemented Interfaces:
    java.io.Serializable, java.security.Guard
    public final class GroupPermission
extends java.security.Permission
implements java.io.Serializable

    Permission to perform an operation on a group in a given wiki. Permission actions include: view, edit, delete.

    The target of a permission is a single group or collection in a given wiki. The syntax for the target is the wiki name, followed by a colon (:) and the name of the group. “All wikis” can be specified using a wildcard (*). Group collections may also be specified using a wildcard. For groups, the wildcard may be a prefix, suffix, or all by itself. Examples of targets include:

    *:*
    *:TestPlanners
    *:*Planners
    *:Test*
    mywiki:TestPlanners
    mywiki:*Planners
    mywiki:Test*

    For a given target, certain permissions imply others:

    • edit implies view
    • delete implies edit and view

    Targets that do not include a wiki prefix never imply others.

    GroupPermission accepts a special target called <groupmember> that means “all groups that a user is a member of.” When included in a policy file grant block, it functions like a wildcard. Thus, this block: 

      grant signedBy "jspwiki",
    principal org.apache.wiki.auth.authorize.Role "Authenticated" {
      permission org.apache.wiki.auth.permissions.GroupPermission "*:<groupmember>", "edit";
    means, “allow Authenticated users to edit any groups they are members of.” The wildcard target (*) does not imply <groupmember>; it must be granted explicitly.
    Since:
    2.4.17
    See Also:
    Serialized Form

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static GroupPermission DELETE
      Convenience constant that denotes GroupPermission( "*:*, "delete" ).
      static java.lang.String DELETE_ACTION
      Action for deleting a group or collection of groups.
      static GroupPermission EDIT
      Convenience constant that denotes GroupPermission( "*:*, "edit" ).
      static java.lang.String EDIT_ACTION
      Action for editing a group or collection of groups.
      static java.lang.String MEMBER_TOKEN
      Special target token that denotes all groups that a Subject's Principals are members of.
      static GroupPermission VIEW
      Convenience constant that denotes GroupPermission( "*:*, "view" ).
      static java.lang.String VIEW_ACTION
      Action for viewing a group or collection of groups.

    • Constructor Summary

      Constructors 
      Constructor Description
      GroupPermission​(java.lang.String group, java.lang.String actions)
      Creates a new GroupPermission for a specified group and set of actions.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean equals​(java.lang.Object obj)
      Two PagePermission objects are considered equal if their actions (after normalization), wiki and target are equal.
      java.lang.String getActions()
      Returns the actions for this permission: “view”, “edit”, or “delete”.
      java.lang.String getGroup()
      Returns the name of the wiki group represented by this permission.
      java.lang.String getWiki()
      Returns the name of the wiki containing the group represented by this permission; may return the wildcard string.
      int hashCode()
      Returns the hash code for this GroupPermission.
      boolean implies​(java.security.Permission permission)
      GroupPermissions can only imply other GroupPermissions; no other permission types are implied.
      java.lang.String toString()
      Prints a human-readable representation of this permission.

      • Methods inherited from class java.security.Permission

        checkGuard, getName, newPermissionCollection

      • Methods inherited from class java.lang.Object

        clone, finalize, getClass, notify, notifyAll, wait, wait, wait

    • Field Detail

      • MEMBER_TOKEN

        public static final java.lang.String MEMBER_TOKEN
        Special target token that denotes all groups that a Subject's Principals are members of.
        See Also:
        Constant Field Values

      • DELETE

        public static final GroupPermission DELETE
        Convenience constant that denotes GroupPermission( "*:*, "delete" ).

      • EDIT

        public static final GroupPermission EDIT
        Convenience constant that denotes GroupPermission( "*:*, "edit" ).

      • VIEW

        public static final GroupPermission VIEW
        Convenience constant that denotes GroupPermission( "*:*, "view" ).

    • Constructor Detail

      • GroupPermission

        public GroupPermission​(java.lang.String group,
                       java.lang.String actions)
        Creates a new GroupPermission for a specified group and set of actions. Group should include a prepended wiki name followed by a colon (:). If the wiki name is not supplied or starts with a colon, the group refers to all wikis.
        Parameters:
        group - the wiki group
        actions - the allowed actions for this group

    • Method Detail

      • equals

        public boolean equals​(java.lang.Object obj)
        Two PagePermission objects are considered equal if their actions (after normalization), wiki and target are equal.
        Specified by:
        equals in class java.security.Permission
        Parameters:
        obj - the object to compare
        Returns:
        the result of the comparison
        See Also:
        Object.equals(java.lang.Object)

      • getActions

        public java.lang.String getActions()
        Returns the actions for this permission: “view”, “edit”, or “delete”. The actions will always be sorted in alphabetic order, and will always appear in lower case.
        Specified by:
        getActions in class java.security.Permission
        Returns:
        the actions
        See Also:
        Permission.getActions()

      • getGroup

        public java.lang.String getGroup()
        Returns the name of the wiki group represented by this permission.
        Returns:
        the page name

      • getWiki

        public java.lang.String getWiki()
        Returns the name of the wiki containing the group represented by this permission; may return the wildcard string.
        Returns:
        the wiki

      • hashCode

        public int hashCode()
        Returns the hash code for this GroupPermission.
        Specified by:
        hashCode in class java.security.Permission
        Returns:
        the hash code
        See Also:
        Object.hashCode()

      • implies

        public boolean implies​(java.security.Permission permission)

        GroupPermissions can only imply other GroupPermissions; no other permission types are implied. One GroupPermission implies another if its actions if three conditions are met:

        1. The other GroupPermission’s wiki is equal to, or a subset of, that of this permission. This permission’s wiki is considered a superset of the other if it contains a matching prefix plus a wildcard, or a wildcard followed by a matching suffix.
        2. The other GroupPermission’s target is equal to, or a subset of, the target specified by this permission. This permission’s target is considered a superset of the other if it contains a matching prefix plus a wildcard, or a wildcard followed by a matching suffix.
        3. All of other GroupPermission’s actions are equal to, or a subset of, those of this permission
        Specified by:
        implies in class java.security.Permission
        Parameters:
        permission - the Permission to examine
        Returns:
        true if the GroupPermission implies the supplied Permission; false otherwise
        See Also:
        Permission.implies(java.security.Permission)

      • toString

        public java.lang.String toString()
        Prints a human-readable representation of this permission.
        Overrides:
        toString in class java.security.Permission
        Returns:
        the string
        See Also:
        Object.toString()