in jspwiki-main/src/main/java/org/apache/wiki/tags/PermissionTag.java [105:145]
private boolean checkPermission( final String permission ) {
final Session session = m_wikiContext.getWikiSession();
final Page page = m_wikiContext.getPage();
final AuthorizationManager mgr = m_wikiContext.getEngine().getManager( AuthorizationManager.class );
boolean gotPermission = false;
if ( CREATE_GROUPS.equals( permission ) || CREATE_PAGES.equals( permission ) || EDIT_PREFERENCES.equals( permission ) || EDIT_PROFILE.equals( permission ) || LOGIN.equals( permission ) ) {
gotPermission = mgr.checkPermission( session, new WikiPermission( page.getWiki(), permission ) );
} else if ( VIEW_GROUP.equals( permission ) || EDIT_GROUP.equals( permission ) || DELETE_GROUP.equals( permission ) ) {
final Command command = m_wikiContext.getCommand();
gotPermission = false;
if ( command instanceof GroupCommand && command.getTarget() != null ) {
final GroupPrincipal group = (GroupPrincipal)command.getTarget();
final String groupName = group.getName();
String action = "view";
if( EDIT_GROUP.equals( permission ) ) {
action = "edit";
} else if ( DELETE_GROUP.equals( permission ) ) {
action = "delete";
}
gotPermission = mgr.checkPermission( session, new GroupPermission( groupName, action ) );
}
} else if ( ALL_PERMISSION.equals( permission ) ) {
gotPermission = mgr.checkPermission( session, new AllPermission( m_wikiContext.getEngine().getApplicationName() ) );
} else if ( page != null ) {
//
// Edit tag also checks that we're not trying to edit an old version: they cannot be edited.
//
if( EDIT.equals(permission) ) {
final Page latest = m_wikiContext.getEngine().getManager( PageManager.class ).getPage( page.getName() );
if( page.getVersion() != WikiProvider.LATEST_VERSION && latest.getVersion() != page.getVersion() ) {
return false;
}
}
final Permission p = PermissionFactory.getPagePermission( page, permission );
gotPermission = mgr.checkPermission( session, p );
}
return gotPermission;
}