@Transactional(readOnly = true) public Object doWork(Session session, ServiceFactory sf) { try { ome.model.IObject iobj = (ome.model.IObject) new IceMapper().reverse(obj); return sf.getAdminService().canUpdate(iobj); } catch (Exception e) { return false; } } });
@Transactional(readOnly = true) public Object doWork(org.hibernate.Session session, ServiceFactory sf) { // ticket:2088 - pre-emptive check try { sf.getAdminService().getEventContext(); } catch (RuntimeException re) { s.getDetails().setGroup(group[0]); throw re; } return null; }
@Transactional(readOnly = true) public Object doWork(Session session, ServiceFactory sf) { final IAdmin admin = sf.getAdminService(); final IShare share = sf.getShareService(); final List<ome.model.IObject> objs = new ArrayList<ome.model.IObject>(); // Groups final Set<Long> added = new HashSet<Long>(); for (Long id : ec.getMemberOfGroupsList()) { objs.add(admin.getGroup(id)); added.add(id); } for (Long id : ec.getLeaderOfGroupsList()) { if (!added.contains(id)) { objs.add(admin.getGroup(id)); } } // Shares objs.addAll(share.getMemberShares(true)); objs.addAll(share.getOwnShares(true)); return objs; } });
final ome.system.EventContext currentEventContext = adminService.getEventContext(); final long rootId = adminService.getSecurityRoles().getRootId(); if (currentEventContext.getCurrentUserId() == rootId) { pathsForRoot = ImmutableList.copyOf(paths);
public Helper(Request request, Status status, SqlAction sql, Session session, ServiceFactory sf) { synchronized (status) { if (status.flags == null) { status.flags = new ArrayList<State>(); } } this.request = request; this.status = status; this.sql = sql; this.session = session; this.sf = sf; if (sf != null) { long userId = getEventContext().getCurrentUserId(); Roles roles = sf.getAdminService().getSecurityRoles(); isGuest = (userId == roles.getGuestId()); } this.log = LoggerFactory.getLogger( this.request.toString().replaceAll("@", ".@")); }
sf.getAdminService().moveToCommonSpace(r);
final IAdmin iAdmin = helper.getServiceFactory().getAdminService(); acceptableGroupsFrom = ImmutableSet.copyOf(eventContext.getLeaderOfGroupsList()); acceptableGroupsTo = ImmutableSet.copyOf(iAdmin.getMemberOfGroupIds(new Experimenter(userId, false))); if (acceptableGroupsFrom.isEmpty()) { throw new RuntimeException(new GraphException("not an owner of any group")); final Set<Long> groupsForTargetUserData = new HashSet<Long>(acceptableGroupsFrom); final Experimenter targetUser = new Experimenter(targetUserId, false); groupsForTargetUserData.retainAll(iAdmin.getMemberOfGroupIds(targetUser)); if (groupsForTargetUserData.isEmpty()) { final String message = "not an owner of any group of " +
long gid = sf.getAdminService().lookupGroup(group).getId(); if (!req.groupsLed.contains(gid)) { throw new SecurityViolation(String.format(
try { e = helper.getServiceFactory().getAdminService() .lookupExperimenter(omename); } catch (ApiUsageException ex) { throw helper.cancel(new ERR(), null, "unknown-user",
final Long userId = eventContext.getCurrentUserId(); final IAdmin iAdmin = helper.getServiceFactory().getAdminService(); acceptableGroups = ImmutableSet.copyOf(iAdmin.getLeaderOfGroupIds(new Experimenter(userId, false)));
sql.append(" and g.id = :active "); p.addLong("active", helper.getServiceFactory().getAdminService() .getSecurityRoles().getUserGroupId());
if (admin.canUpdate(file)) { mode = "rw";
@Transactional(readOnly = true) public Object doWork(org.hibernate.Session session, ServiceFactory sf) { if (ec.getCurrentShareId() != null) { sf.getShareService().deactivate(); } SessionContext sc = cache.getSessionContext(principal.getName()); Session s = sc.getSession(); // Store old value for rollback if (!sc.isCurrentUserAdmin() && id >= 0 && !sc.getMemberOfGroupsList().contains(id)) { StringBuilder sb = new StringBuilder(); sb.append("User "); sb.append(sc.getCurrentUserId()); sb.append(" is not a member of group "); sb.append(id); throw new SecurityViolation(sb.toString()); } group[0] = s.getDetails().getGroup(); s.getDetails().setGroup(sf.getAdminService().getGroup(id)); return s; } });
@Transactional(readOnly = true) public Boolean doWork(Session session, ServiceFactory sf) { final OriginalFile file = new OriginalFile(); if (isIntoUserGroup) { final long userGroupId = sf.getAdminService().getSecurityRoles().getUserGroupId(); file.getDetails().setGroup((ome.model.meta.ExperimenterGroup) session.get(ome.model.meta.ExperimenterGroup.class, userGroupId)); } file.setRepo(scripts.getUuid()); /* check with interceptor */ try { interceptor.newTransientDetails(file); } catch (ome.conditions.SecurityViolation sv) { return false; } /* check with ACL voter */ file.setRepo(null); // can never create with repo set return aclVoter.allowCreation(file); } });