REST API: check if user has right 'view' on specific page

Hi.

We want to index our XWiki in an external search engine provided by our company. Scraping the pages is solved. Now user rights are an issue. Only pages the user has access to should be displayed.

Inside the wiki I can script something like:

$article.hasAccessLevel('view', $user)

Is there any way to achieve this with the rest api? Or would you recommend a different approach?

Regards, Simpel

Hi, have you found anything on the subject?

No. They now curl a wiki page with following velocity code:

{{velocity}}
#if ($request.xpage != "plain")

Diese Seite zeigt alle Rechte-Objekte in einem JSON-Dokument an. Das reine JSON kann hier abgerufen werden: [[JSON-Ausgabe>>doc:Anwendungen.Wiki.Admin.Artikel mit Skript.Rechte JSON.WebHome||queryString="xpage=plain&outputSyntax=plain"]]

Diese Seite wird von der unternehmensweiten Suche beim Indiziereren des Wikis verwendet um die Rechte der Seiten auszulesen.

#end

{{/velocity}}
{{velocity}}
##
#if ($request.xpage == "plain")
  $response.setContentType('application/json')
#end
##
#set ($onlyView = true)
##
#set ($rightsMap = {"rights": {}, "groups": {}})
#set ($errors = [])
##
## * Diese Queries scheinen implizit auf das aktuelle Wiki beschränkt zu sein.
##   Seiten aus dem globalen Wiki werden nicht angezeigt.
## * Es gibt XWikiGlobalRights und XWiki Rights. Die Objekte beziehen sich auf
##   Wiki-lokale und Globale Rechte.
##
#macro(fillRights $rightDoc $right)
    #set ($spaceName = $rightDoc.fullName)
    #if ($rightDoc.name == "WebPreferences")
      #set ($spaceName = $spaceName.replace(".WebPreferences", ""))
      #set ($scope = "children")
    #elseif ($rightDoc.name == "WebHome")
      #set ($spaceName = $spaceName.replace(".WebHome", ""))
      #set ($scope = "page")
    #else
      #set ($scope = "page")## non-space page
    #end
    #if ($spaceName == "XWiki")
      #set ($spaceName = "")
    #end
    #if (!$rightsMap["rights"][$spaceName])
      #set ($rightsMap["rights"][$spaceName] = {
        "url": $rightDoc.getExternalURL(),
        "rights": []
      })
    #end
    #set ($rightsJson = $rightsMap["rights"][$spaceName]["rights"])
    ##
    #set ($rightObjs = $rightDoc.getObjects("XWiki.$rightsClass"))
    #foreach ($rightObj in $rightObjs)
      #set($levels = $rightObj.getValue("levels").split(","))
      #set($hasView = $levels.contains("view"))
      #set($class = $rightObj.xWikiClass)
      #set ($propJson = {
         "rightsClass": $rightsClass,
         "scope": $scope,
         "levels": $levels,
         "allow": $rightObj.getValue("allow"),
         "users": $rightObj.getValue("users"),
         "groups": $rightObj.getValue("groups")
      })
      #if ( $hasView || !$onlyView)
        #set ($d = $rightsJson.add($propJson))
      #end
    #end
#end
##
#macro(loadRights $rightsClass)
  #set ($query = "from doc.object(XWiki.$rightsClass) as pref order by doc.fullName")
  #set ($rights = $services.query.xwql($query).addFilter("unique").execute())
  #foreach ($right in $rights)
    #set ($rightDoc = $xwiki.getDocument($right))
    #if (!$rightDoc)
       #set ($d = $errors.add($right))
    #else
      #fillRights($rightDoc, $right)
    #end
  #end
#end
##
#macro (loadGroups $wiki)
  #set ($query = "from doc.object(XWiki.XWikiGroups) as g order by doc.fullName")
  #set ($groups = $services.query.xwql($query).setWiki($wiki).addFilter("unique").execute())
  #foreach ($group in $groups)
    #set ($groupDoc = $xwiki.getDocument($group))
    #set ($groupsJson = [])
    #set ($rightsMap["groups"][$groupDoc.fullName] = $groupsJson)
    #set ($groupObjs = $groupDoc.getObjects("XWiki.XWikiGroups"))
    #foreach ($groupObj in $groupObjs)
      #if ($groupObj.member != "")
        #set ($memberDoc = $xwiki.getDocument($groupObj.member))
        #set ($memberJson = {})
        #set ($d = $groupsJson.add($memberJson))
        ##
        #set ($memberUserObjs = $memberDoc.getObjects("XWiki.XWikiUsers"))
        #foreach ($muo in $memberUserObjs)
          #set ($memberJson["email"] = $muo.getValue('email'))
        #end
        #set ($memberOIDCObjs = $memberDoc.getObjects("XWiki.OIDC.UserClass"))
        #foreach ($moo in $memberOIDCObjs)
          #set ($memberJson["issuer"] = $moo.issuer)
          #set ($memberJson["subject"] = $moo.subject)
        #end
        #set ($memberGroupsObj = $memberDoc.getObjects("XWiki.XWikiGroups"))
        #foreach ($mgo in $memberGroupsObj)
          #set ($memberJson["group"] = $mgo.name)
        #end
      #end
    #end
  #end
#end
#loadRights ("XWikiGlobalRights")
#loadRights ("XWikiRights")
#loadGroups ("company")
#set ($rightsMap["groups"]["xwiki:XWiki.MinimalReadGroup"] = [{"group": "GG_A_Suche_User"}])
#set ($rightsMap["groups"]["xwiki:XWiki.ReadWriteGroup"] = [{"group": "GG_A_Suche_User"}])
## #loadGroups ("XWiki")
##
#set ($jsonObj = $jsontool.serialize(${rightsMap}))
##
#if ($request.xpage != "plain" && $errors.size() > 0)
  Bei diesen Seiten konnte das Rechte-Dokument nicht geladen werden. Dies liegt i.d.R. daran, dass der aufrufende Benutzer keine Rechte auf diese Dokumente hat.
  #foreach ($err in $errors)
    * [[$err>>$err]]
  #end
{{code language="json"}}
${jsonObj}
{{/code}}
#else
$jsonObj
#end
{{/velocity}}

And then they check the rights hierarchically.

1 Like