I am looking to adapt a listening script that was designed for hiding user profiles (grants XWiki-Admin group ‘View’ and ‘Edit’ access to User Profile upon page creation, to implicitly deny view access to other users).
I would like to update the script so that ‘View’ and ‘Edit’ access is also granted only to the XWiki-Admin group, when a group is created, but when I added this updated script to XWiki it did not make any updates to the group page’s access rights.
I was wondering if anyone has suggestions on what I am missing? I am concerned that the error message handling at the end in particular is not correctly adapted.
Snippet to be adapted:
https://snippets.xwiki.org/xwiki/bin/view/Extension/Initialize%20rights%20of%20user%20profiles/
Original java script:
https://github.com/DISIC/observatoire/blob/master/extensions/tools-api/src/main/java/com/xwiki/projects/dinsic/wikidemarches/extensions/tools/UserAndGroupEventListener.java
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.slf4j.Logger;
import org.xwiki.bridge.event.DocumentCreatingEvent;
import org.xwiki.component.annotation.Component;
import org.xwiki.model.EntityType;
import org.xwiki.model.reference.DocumentReferenceResolver;
import org.xwiki.model.reference.EntityReference;
import org.xwiki.model.reference.EntityReferenceSerializer;
import org.xwiki.observation.AbstractEventListener;
import org.xwiki.observation.event.Event;
import com.xpn.xwiki.XWikiContext;
import com.xpn.xwiki.XWikiException;
import com.xpn.xwiki.doc.XWikiDocument;
import com.xpn.xwiki.objects.BaseObject;
import com.xpn.xwiki.objects.BaseProperty;
import com.xpn.xwiki.objects.classes.PropertyClass;
/**
* Listener handling: allow some extra rights to the user pages when they're created. <br>
* Note: failure to add these rights does not block the creation of the user profile page, it will be created but
* without the extra rights.
*
* @version $Id$
*/
@Component
@Named(UserAndGroupEventListener.LISTENER_NAME)
@Singleton
public class UserAndGroupEventListener extends AbstractEventListener
{
static final Map<String, List<String>> extraAllowRightsMap = new HashMap<>();
static {
extraAllowRightsMap.put("XWiki.XWikiAdminGroup", Arrays.asList("view", "edit"));
}
static final EntityReference RIGHT_CLASS_REFERENCE =
new EntityReference("XWikiRights", EntityType.DOCUMENT, new EntityReference("XWiki", EntityType.SPACE));
static final EntityReference RIGHT_CLASS_REFERENCE =
new EntityReference("XWikiUsers", EntityType.DOCUMENT, new EntityReference("XWiki", EntityType.SPACE));
static final EntityReference USER_CLASS_REFERENCE =
new EntityReference("XWikiGroups", EntityType.DOCUMENT, new EntityReference("XWiki", EntityType.SPACE));
static final String LISTENER_NAME = "usersandgroupsrightslistener";
@Inject
protected Logger logger;
@Inject
@Named("compactwiki")
protected EntityReferenceSerializer<String> compactWikiSerializer;
@Inject
@Named("currentmixed")
protected DocumentReferenceResolver<String> referenceResolver;
public UserAndGroupEventListener()
{
super(LISTENER_NAME, new DocumentCreatingEvent());
}
@Override
public void onEvent(Event event, Object source, Object data)
{
logger.debug("Event: [{}] - Source: [{}] - Data: [{}]", LISTENER_NAME, event, source, data);
XWikiContext context = (XWikiContext) data;
XWikiDocument page = (XWikiDocument) source;
if (page != null) {
BaseObject userOrGroup = page.getXObject(USER_CLASS_REFERENCE);
if (userOrGroup == null) {
userOrGroup = page.getXObject(GROUP_CLASS_REFERENCE);
}
if (userOrGroup != null) {
try {
updateAccessRights(page, context);
} catch (XWikiException e) {
logger.error("Error while updating access rights for: [{}].",
page.getDocumentReference(), e);
}
}
}
}
/**
* Allow the rights from the extraAllowRightsMap.
*
* @param userOrGroup
* @param context
* @throws XWikiException
*/
public void updateAccessRights(XWikiDocument page, XWikiContext context) throws XWikiException
{
if (userOrGroup != null) {
for (Map.Entry<String, List<String>> extraAllowRight : extraAllowRightsMap.entrySet()) {
BaseObject rightObj = page.newXObject(RIGHT_CLASS_REFERENCE, context);
rightObj.setLargeStringValue("groups", extraAllowRight.getKey());
BaseProperty levelsProp = ((PropertyClass) rightObj.getXClass(context).get("levels"))
.fromStringArray(extraAllowRight.getValue().toArray(new String[0]));
rightObj.set("levels", levelsProp.getValue(), context);
// always set only allow rights
rightObj.setIntValue("allow", 1);
}
}
}
}