Package org.apache.wiki.auth.permissions

Class GroupPermission

java.lang.Object
java.security.Permission
org.apache.wiki.auth.permissions.GroupPermission
All Implemented Interfaces:
Serializable, Guard
public final class GroupPermission extends Permission implements Serializable

Permission to perform an operation on a group in a given wiki. Permission actions include: view, edit, delete.

The target of a permission is a single group or collection in a given wiki. The syntax for the target is the wiki name, followed by a colon (:) and the name of the group. “All wikis” can be specified using a wildcard (*). Group collections may also be specified using a wildcard. For groups, the wildcard may be a prefix, suffix, or all by itself. Examples of targets include:

*:*
*:TestPlanners
*:*Planners
*:Test*
mywiki:TestPlanners
mywiki:*Planners
mywiki:Test*

For a given target, certain permissions imply others:

  • edit implies view
  • delete implies edit and view

Targets that do not include a wiki prefix never imply others.

GroupPermission accepts a special target called <groupmember> that means “all groups that a user is a member of.” When included in a policy file grant block, it functions like a wildcard. Thus, this block: 

  grant signedBy "jspwiki",
    principal org.apache.wiki.auth.authorize.Role "Authenticated" {
      permission org.apache.wiki.auth.permissions.GroupPermission "*:<groupmember>", "edit";
means, “allow Authenticated users to edit any groups they are members of.” The wildcard target (*) does not imply <groupmember>; it must be granted explicitly.
Since:
2.4.17
See Also:

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final GroupPermission
    DELETE
    Convenience constant that denotes GroupPermission( "*:*, "delete" ).
    static final String
    DELETE_ACTION
    Action for deleting a group or collection of groups.
    static final GroupPermission
    EDIT
    Convenience constant that denotes GroupPermission( "*:*, "edit" ).
    static final String
    EDIT_ACTION
    Action for editing a group or collection of groups.
    static final String
    MEMBER_TOKEN
    Special target token that denotes all groups that a Subject's Principals are members of.
    static final GroupPermission
    VIEW
    Convenience constant that denotes GroupPermission( "*:*, "view" ).
    static final String
    VIEW_ACTION
    Action for viewing a group or collection of groups.

  • Constructor Summary

    Constructors
    Constructor
    Description
    GroupPermission(String group, String actions)
    Creates a new GroupPermission for a specified group and set of actions.

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    equals(Object obj)
    Two PagePermission objects are considered equal if their actions (after normalization), wiki and target are equal.
    String
    getActions()
    Returns the actions for this permission: “view”, “edit”, or “delete”.
    String
    getGroup()
    Returns the name of the wiki group represented by this permission.
    String
    getWiki()
    Returns the name of the wiki containing the group represented by this permission; may return the wildcard string.
    int
    hashCode()
    Returns the hash code for this GroupPermission.
    boolean
    implies(Permission permission)
    GroupPermissions can only imply other GroupPermissions; no other permission types are implied.
    String
    toString()
    Prints a human-readable representation of this permission.

    Methods inherited from class java.security.Permission

    checkGuard, getName, newPermissionCollection

    Methods inherited from class java.lang.Object

    clone, finalize, getClass, notify, notifyAll, wait, wait, wait

  • Field Details

  • Constructor Details

    • GroupPermission

      public GroupPermission(String group, String actions)
      Creates a new GroupPermission for a specified group and set of actions. Group should include a prepended wiki name followed by a colon (:). If the wiki name is not supplied or starts with a colon, the group refers to all wikis.
      Parameters:
      group - the wiki group
      actions - the allowed actions for this group

  • Method Details

    • equals

      public boolean equals(Object obj)
      Two PagePermission objects are considered equal if their actions (after normalization), wiki and target are equal.
      Specified by:
      equals in class Permission
      Parameters:
      obj - the object to compare
      Returns:
      the result of the comparison
      See Also:

    • getActions

      public String getActions()
      Returns the actions for this permission: “view”, “edit”, or “delete”. The actions will always be sorted in alphabetic order, and will always appear in lower case.
      Specified by:
      getActions in class Permission
      Returns:
      the actions
      See Also:

    • getGroup

      public String getGroup()
      Returns the name of the wiki group represented by this permission.
      Returns:
      the page name

    • getWiki

      public String getWiki()
      Returns the name of the wiki containing the group represented by this permission; may return the wildcard string.
      Returns:
      the wiki

    • hashCode

      public int hashCode()
      Returns the hash code for this GroupPermission.
      Specified by:
      hashCode in class Permission
      Returns:
      the hash code
      See Also:

    • implies

      public boolean implies(Permission permission)

      GroupPermissions can only imply other GroupPermissions; no other permission types are implied. One GroupPermission implies another if its actions if three conditions are met:

      1. The other GroupPermission’s wiki is equal to, or a subset of, that of this permission. This permission’s wiki is considered a superset of the other if it contains a matching prefix plus a wildcard, or a wildcard followed by a matching suffix.
      2. The other GroupPermission’s target is equal to, or a subset of, the target specified by this permission. This permission’s target is considered a superset of the other if it contains a matching prefix plus a wildcard, or a wildcard followed by a matching suffix.
      3. All of other GroupPermission’s actions are equal to, or a subset of, those of this permission
      Specified by:
      implies in class Permission
      Parameters:
      permission - the Permission to examine
      Returns:
      true if the GroupPermission implies the supplied Permission; false otherwise
      See Also:

    • toString

      public String toString()
      Prints a human-readable representation of this permission.
      Overrides:
      toString in class Permission
      Returns:
      the string
      See Also: