Index: D:/Development/Projects/JSPWiki-trunk/etc/jspwiki.policy
===================================================================
--- D:/Development/Projects/JSPWiki-trunk/etc/jspwiki.policy (revision 655121)
+++ D:/Development/Projects/JSPWiki-trunk/etc/jspwiki.policy (working copy)
@@ -33,6 +33,7 @@
grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "view";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
+ permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createProfile";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
};
Index: D:/Development/Projects/JSPWiki-trunk/src/com/ecyrd/jspwiki/auth/permissions/WikiPermission.java
===================================================================
--- D:/Development/Projects/JSPWiki-trunk/src/com/ecyrd/jspwiki/auth/permissions/WikiPermission.java (revision 655121)
+++ D:/Development/Projects/JSPWiki-trunk/src/com/ecyrd/jspwiki/auth/permissions/WikiPermission.java (working copy)
@@ -51,6 +51,10 @@
public static final String EDIT_PREFERENCES_ACTION = "editPreferences";
public static final String EDIT_PROFILE_ACTION = "editProfile";
+
+ public static final String CREATE_PROFILE_ACTION = "createProfile";
+
+ public static final String MANAGE_PROFILES_ACTION = "manageProfiles";
public static final String WILDCARD = "*";
@@ -63,6 +67,10 @@
protected static final int EDIT_PROFILE_MASK = 0x8;
protected static final int LOGIN_MASK = 0x10;
+
+ protected static final int CREATE_PROFILE_MASK = 0x20;
+
+ protected static final int MANAGE_PROFILES_MASK = 0x40;
public static final WikiPermission CREATE_GROUPS = new WikiPermission( WILDCARD, CREATE_GROUPS_ACTION );
@@ -73,6 +81,10 @@
public static final WikiPermission EDIT_PREFERENCES = new WikiPermission( WILDCARD, EDIT_PREFERENCES_ACTION );
public static final WikiPermission EDIT_PROFILE = new WikiPermission( WILDCARD, EDIT_PROFILE_ACTION );
+
+ public static final WikiPermission CREATE_PROFILE = new WikiPermission( WILDCARD, CREATE_PROFILE_ACTION );
+
+ public static final WikiPermission MANAGE_PROFILES = new WikiPermission( WILDCARD, CREATE_PROFILE_ACTION + "," + MANAGE_PROFILES_ACTION );
private final String m_actionString;
@@ -252,6 +264,14 @@
{
mask |= EDIT_PROFILE_MASK;
}
+ else if ( action.equalsIgnoreCase( CREATE_PROFILE_ACTION ) )
+ {
+ mask |= CREATE_PROFILE_MASK;
+ }
+ else if ( action.equalsIgnoreCase( MANAGE_PROFILES_ACTION ) )
+ {
+ mask |= MANAGE_PROFILES_MASK;
+ }
else
{
throw new IllegalArgumentException( "Unrecognized action: " + action );
Index: D:/Development/Projects/JSPWiki-trunk/src/com/ecyrd/jspwiki/auth/UserManager.java
===================================================================
--- D:/Development/Projects/JSPWiki-trunk/src/com/ecyrd/jspwiki/auth/UserManager.java (revision 655121)
+++ D:/Development/Projects/JSPWiki-trunk/src/com/ecyrd/jspwiki/auth/UserManager.java (working copy)
@@ -292,6 +292,16 @@
// Check if another user profile already has the fullname or loginname
UserProfile oldProfile = getUserProfile( session );
+
+ // if the incoming profile, and existing profile (e.g. anonymous or asserted)
+ // are both "new" then this is a request to save a "brand new" profile.
+ // check if the user has the permission to do that
+ Permission createProfilePerm = new WikiPermission( m_engine.getApplicationName(), WikiPermission.CREATE_PROFILE_ACTION );
+ if ( !m_engine.getAuthorizationManager().checkPermission( session, createProfilePerm ) )
+ {
+ throw new WikiSecurityException( "You are not allowed to create new profiles." );
+ }
+
boolean nameChanged = ( oldProfile == null || oldProfile.getFullname() == null )
? false
: !( oldProfile.getFullname().equals( profile.getFullname() ) &&
Index: D:/Development/Projects/JSPWiki-trunk/src/com/ecyrd/jspwiki/tags/PermissionTag.java
===================================================================
--- D:/Development/Projects/JSPWiki-trunk/src/com/ecyrd/jspwiki/tags/PermissionTag.java (revision 655121)
+++ D:/Development/Projects/JSPWiki-trunk/src/com/ecyrd/jspwiki/tags/PermissionTag.java (working copy)
@@ -75,6 +75,8 @@
private static final String EDIT_GROUP = "editGroup";
private static final String EDIT_PREFERENCES = "editPreferences";
private static final String EDIT_PROFILE = "editProfile";
+ private static final String CREATE_PROFILE = "createProfile";
+ private static final String MANAGE_PROFILES = "manageProfiles";
private static final String LOGIN = "login";
private static final String VIEW_GROUP = "viewGroup";
@@ -115,9 +117,11 @@
AuthorizationManager mgr = m_wikiContext.getEngine().getAuthorizationManager();
boolean gotPermission = false;
+ // check if it's a WikiPermission first
if ( CREATE_GROUPS.equals( permission ) || CREATE_PAGES.equals( permission )
|| EDIT_PREFERENCES.equals( permission ) || EDIT_PROFILE.equals( permission )
- || LOGIN.equals( permission ) )
+ || LOGIN.equals( permission ) || CREATE_PROFILE.equals( permission )
+ || MANAGE_PROFILES.equals( permission ))
{
gotPermission = mgr.checkPermission( session, new WikiPermission( page.getWiki(), permission ) );
}
Index: D:/Development/Projects/JSPWiki-trunk/src/webdocs/templates/default/LoginContent.jsp
===================================================================
--- D:/Development/Projects/JSPWiki-trunk/src/webdocs/templates/default/LoginContent.jsp (revision 655121)
+++ D:/Development/Projects/JSPWiki-trunk/src/webdocs/templates/default/LoginContent.jsp (working copy)
@@ -85,15 +85,18 @@
-
+
+
+
+
@@ -157,6 +160,7 @@
Index: D:/Development/Projects/JSPWiki-trunk/tests/com/ecyrd/jspwiki/auth/permissions/WikiPermissionTest.java
===================================================================
--- D:/Development/Projects/JSPWiki-trunk/tests/com/ecyrd/jspwiki/auth/permissions/WikiPermissionTest.java (revision 655121)
+++ D:/Development/Projects/JSPWiki-trunk/tests/com/ecyrd/jspwiki/auth/permissions/WikiPermissionTest.java (working copy)
@@ -77,6 +77,7 @@
WikiPermission p3 = new WikiPermission("*", "createGroups");
WikiPermission p5 = new WikiPermission("*", "editPreferences");
WikiPermission p6 = new WikiPermission("*", "editProfile");
+
assertTrue(p1.implies(p2));
assertFalse(p2.implies(p1));
assertTrue(p1.implies(p3));
@@ -83,7 +84,10 @@
assertFalse(p3.implies(p1));
assertTrue(p1.implies(p6));
assertFalse(p6.implies(p1));
-
+
+ // manageProfiles implies createProfile
+ assertTrue(WikiPermission.MANAGE_PROFILES.implies( WikiPermission.CREATE_PROFILE ));
+
// createGroups implies createPages
assertTrue(p3.implies(p2));
assertFalse(p2.implies(p3));
@@ -152,6 +156,9 @@
assertEquals(9, WikiPermission.createMask("createGroups,editProfile"));
assertEquals(16, WikiPermission.createMask("login"));
assertEquals(24, WikiPermission.createMask("login,editProfile"));
+ assertEquals(32, WikiPermission.createMask("createProfile"));
+ assertEquals(64, WikiPermission.createMask("manageProfiles"));
+ assertEquals(96, WikiPermission.createMask("createProfile,manageProfiles"));
}
}
Index: D:/Development/Projects/JSPWiki-trunk/tests/com/ecyrd/jspwiki/auth/ProfileCreationTest.java
===================================================================
--- D:/Development/Projects/JSPWiki-trunk/tests/com/ecyrd/jspwiki/auth/ProfileCreationTest.java (revision 0)
+++ D:/Development/Projects/JSPWiki-trunk/tests/com/ecyrd/jspwiki/auth/ProfileCreationTest.java (revision 0)
@@ -0,0 +1,94 @@
+/*
+ JSPWiki - a JSP-based WikiWiki clone.
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+ */
+package com.ecyrd.jspwiki.auth;
+import java.util.Properties;
+
+import junit.framework.TestCase;
+
+import com.ecyrd.jspwiki.TestEngine;
+import com.ecyrd.jspwiki.WikiSession;
+import com.ecyrd.jspwiki.auth.user.DefaultUserProfile;
+import com.ecyrd.jspwiki.auth.user.UserDatabase;
+import com.ecyrd.jspwiki.auth.user.UserProfile;
+import com.ecyrd.jspwiki.auth.user.XMLUserDatabase;
+
+
+
+/**
+ * Tests that profile creation is subject to authorization policy,
+ * configuration, i.e. createProfile permission
+ * @author Aaron Hamid (aaron.hamid at gmail dot com)
+ */
+public class ProfileCreationTest extends TestCase
+{
+
+ private TestEngine m_engine;
+ private UserManager m_mgr;
+ private UserDatabase m_db;
+
+ /**
+ * @see junit.framework.TestCase#setUp()
+ */
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+ Properties props = new Properties();
+ props.load( TestEngine.findTestProperties() );
+
+ // Make sure user profile save workflow is OFF
+ props.remove( "jspwiki.approver"+UserManager.SAVE_APPROVER );
+
+ // Make sure we are using the XML user database
+ props.put( XMLUserDatabase.PROP_USERDATABASE, "tests/etc/userdatabase.xml" );
+ m_engine = new TestEngine( props );
+ m_mgr = m_engine.getUserManager();
+ m_db = m_mgr.getUserDatabase();
+ }
+
+ public void testSetUserProfile() throws Exception {
+ // need to determine how to set a custom policy before being able to run this test
+ return;
+ // performTest();
+ }
+
+ private void performTest() throws Exception {
+ // First, count the number of users in the db now.
+ int oldUserCount = m_db.getWikiNames().length;
+
+ // Create a new user with random name
+ WikiSession session = m_engine.guestSession();
+ String loginName = "TestUser" + String.valueOf( System.currentTimeMillis() );
+ UserProfile profile = new DefaultUserProfile();
+ profile.setEmail( "testuser@testville.com" );
+ profile.setLoginName( loginName );
+ profile.setFullname( "FullName"+loginName );
+ profile.setPassword( "password");
+
+ try {
+ m_mgr.setUserProfile( session, profile );
+ fail("User profile creation succeeded when it should have been prohibited.");
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ assertEquals( oldUserCount, m_db.getWikiNames().length );
+ }
+}
Index: D:/Development/Projects/JSPWiki-trunk/tests/etc/jspwiki.policy
===================================================================
--- D:/Development/Projects/JSPWiki-trunk/tests/etc/jspwiki.policy (revision 655121)
+++ D:/Development/Projects/JSPWiki-trunk/tests/etc/jspwiki.policy (working copy)
@@ -33,6 +33,7 @@
grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "view";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
+ permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createProfile";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
};