/** * @param experimenter */ private void copyAndSaveExperimenter(final Experimenter experimenter) { final Experimenter orig = userProxy(experimenter.getId()); final String origOmeName = orig.getOmeName(); final String newOmeName = experimenter.getOmeName(); if (!origOmeName.equals(newOmeName)) { final Roles roles = getSecurityRoles(); final Set<String> fixedExperimenterNames = ImmutableSet.of(roles.getRootName(), roles.getGuestName()); if (fixedExperimenterNames.contains(origOmeName)) { throw new ValidationException("cannot change name of special experimenter '" + origOmeName + "'"); } else if (fixedExperimenterNames.contains(newOmeName)) { throw new ValidationException("cannot change name to special experimenter '" + newOmeName + "'"); } } orig.setOmeName(newOmeName); orig.setEmail(experimenter.getEmail()); orig.setFirstName(experimenter.getFirstName()); orig.setMiddleName(experimenter.getMiddleName()); orig.setLastName(experimenter.getLastName()); orig.setInstitution(experimenter.getInstitution()); reallySafeSave(orig); }
protected Experimenter copyUser(Experimenter e) { if (e.getOmeName() == null) { throw new ValidationException("OmeName may not be null."); } Experimenter copy = new Experimenter(); copy.setOmeName(e.getOmeName()); copy.setFirstName(e.getFirstName()); copy.setMiddleName(e.getMiddleName()); copy.setLastName(e.getLastName()); copy.setEmail(e.getEmail()); copy.setInstitution(e.getInstitution()); copy.setLdap(e.getLdap()); copy.setConfig(e.getConfig()); if (e.getDetails() != null && e.getDetails().getPermissions() != null) { copy.getDetails().setPermissions(e.getDetails().getPermissions()); } // TODO make ShallowCopy-like which ignores collections and details. // if possible, values should be validated. i.e. iTypes should say what // is non-null return copy; }
public void setOwner(Experimenter owner) { this.owner = owner; this.cuId = owner.getId(); if (owner.isLoaded()) { this.cuName = owner.getOmeName(); } }
/** * unlinks all ome.model.meta.ExperimenterGroup instances from this instance. */ public void unlinkExperimenterGroup (ome.model.meta.ExperimenterGroup removal) { if (! _loaded ) errorIfUnloaded(); java.util.Set<ome.model.meta.GroupExperimenterMap> toRemove = findGroupExperimenterMap( removal ); java.util.Iterator<ome.model.meta.GroupExperimenterMap> it = toRemove.iterator(); while ( it.hasNext() ) { removeGroupExperimenterMap( it.next(), true ); } }
return null; } else if (field.equals(ID)) { return getId(); } else if (field.equals(VERSION)) { return getVersion(); } else if (field.equals(GROUPEXPERIMENTERMAP)) { return getGroupExperimenterMap(); } else if (field.equals(OMENAME)) { return getOmeName(); } else if (field.equals(FIRSTNAME)) { return getFirstName(); } else if (field.equals(MIDDLENAME)) { return getMiddleName(); } else if (field.equals(LASTNAME)) { return getLastName(); } else if (field.equals(INSTITUTION)) { return getInstitution(); } else if (field.equals(LDAP)) { return getLdap(); } else if (field.equals(EMAIL)) { return getEmail(); } else if (field.equals(CONFIG)) { return getConfig(); } else if (field.equals(ANNOTATIONLINKSCOUNTPEROWNER)) { return getAnnotationLinksCountPerOwner(); } else if (field.equals(ANNOTATIONLINKS)) { return getAnnotationLinks(); } else if (field.equals(DETAILS)) { return getDetails();
@Override public Object mapFromContext(Object obj) { DirContextAdapter ctx = (DirContextAdapter) obj; Experimenter person = new Experimenter(); person.setOmeName(get("omeName", ctx)); person.setFirstName(get("firstName", ctx)); person.setMiddleName(get("middleName", ctx)); person.setLastName(get("lastName", ctx)); person.setInstitution(get("institution", ctx)); person.setEmail(get("email", ctx)); person.setLdap(true); person.putAt(LDAP_DN, ctx.getNameInNamespace()); if (attribute != null) { person.putAt(LDAP_ATTR, ctx.getAttributeSortedStringSet(attribute)); } person.putAt(LDAP_PROPS, new AttributeSet(ctx)); return person; }
if (e.getEmail() == null) throw helper.cancel(new ERR(), null, "unknown-email", "ApiUsageException", String.format("User has no email address.")); else if (!e.getEmail().equals(email)) throw helper.cancel(new ERR(), null, "not-match", "ApiUsageException", String.format("Email address does not match.")); else if (passwordUtil.getDnById(e.getId())) throw helper.cancel(new ERR(), null, "ldap-user", "ApiUsageException", String else { final long systemGroupId = sec.getSecurityRoles().getSystemGroupId(); for (final ExperimenterGroup group : e.linkedExperimenterGroupList()) { if (group.getId() == systemGroupId) { throw helper.cancel(new ERR(), null, "password-change-failed", passwordProvider.changePassword(e.getOmeName(), newPassword); log.info("Changed password for user: " + e.getOmeName()); } catch (PasswordChangeException pce) { log.error(pce.getMessage()); String body = "Dear " + e.getFirstName() + " " + e.getLastName() + " (" + e.getOmeName() + ")" + " your new password is: " + newPassword; mailUtil.sendEmail(sender, e.getEmail(), subject, body, false, null, null);
@RolesAllowed("user") @Transactional(readOnly = false) public void deleteExperimenter(Experimenter user) { adminOrPiOfUser(user); final Experimenter e = userProxy(user.getId()); int count = sql.removePassword(e.getId()); if (count == 0) { getBeanHelper().getLogger().info( "No password found for user " + e.getOmeName() + ". Cannot delete."); } getSecuritySystem().runAsAdmin(new AdminAction() { public void runAsAdmin() { iUpdate.deleteObject(e); } }); getBeanHelper().getLogger().info("Deleted user: " + e.getOmeName()); }
private void sendEmail(Experimenter e, String newPassword) { // Create a thread safe "copy" of the template message and customize it SimpleMailMessage msg = new SimpleMailMessage(this.templateMessage); msg.setSubject("OMERO - Reset password"); msg.setTo(e.getEmail()); msg.setText("Dear " + e.getFirstName() + " " + e.getLastName() + " (" + e.getOmeName() + ")" + " your new password is: " + newPassword); try { this.mailSender.send(msg); getBeanHelper().getLogger().info("sent new password for {} to {}", e.getOmeName(), e.getEmail()); } catch (Exception ex) { throw new RuntimeException( "Exception: " + ex.getMessage() + ". " + "Password was not changed because email could not be sent " + "to user:" + e.getOmeName() + ". Please turn on the debug " + "mode in omero.properties by the: omero.mail.debug=true"); } }
public void runAsAdmin() { Experimenter e = iQuery.findByString(Experimenter.class, "omeName", name); if (e == null) { throw new AuthenticationException("Unknown user."); } else if (e.getEmail() == null) { throw new AuthenticationException( "User has no email address."); } else if (!e.getEmail().equals(email)) { throw new AuthenticationException( "Email address does not match."); } else if (passwordUtil.getDnById(e.getId())) { throw new AuthenticationException( "User is authenticated by LDAP server you cannot reset this password."); } else { final long systemGroupId = getSecurityRoles().getSystemGroupId(); for (final ExperimenterGroup group : e.linkedExperimenterGroupList()) { if (group.getId() == systemGroupId) { throw new ApiUsageException( "Cannot reset password of administrators. Have another administrator set the new password."); } } String passwd = passwordUtil.generateRandomPasswd(); sendEmail(e, passwd); // changeUserPassword checks adminOrPiOfUser // Skipping that. See #7327 _changePassword(e.getOmeName(), passwd); } } });
public long createExperimenter(Experimenter experimenter, ExperimenterGroup defaultGroup, ExperimenterGroup... otherGroups) { Session session = sf.getSession(); SecureAction action = new SecureMerge(session); Experimenter e = copyUser(experimenter); if (isIgnoreCaseLookup()) { e.setOmeName(e.getOmeName().toLowerCase()); } e.getDetails().copy(sec.newTransientDetails(e)); e = sec.doAction(action, e); session.flush(); linkGroupAndUser(defaultGroup, e, false); if (null != otherGroups) { for (ExperimenterGroup group : otherGroups) { linkGroupAndUser(group, e, false); } } return e.getId(); }
if (details != null) { Experimenter e = details.getOwner(); if (e != null && e.isLoaded()) { String omename = e.getOmeName(); String firstName = e.getFirstName(); String lastName = e.getLastName(); add(document, "details.owner.omeName", omename, stored); add(document, "details.owner.firstName", firstName, opts);
: "Removing", e.getOmeName(), ids)); Set<ExperimenterGroup> grps = new HashSet<ExperimenterGroup>(); for (Long id : ids) { e = iQuery.get(Experimenter.class, e.getId()); log.debug("sizeOfGroupExperimenterMap=" + e.sizeOfGroupExperimenterMap()); if (e.sizeOfGroupExperimenterMap() > 1) { GroupExperimenterMap primary = e.getGroupExperimenterMap(0); GroupExperimenterMap next = e.getGroupExperimenterMap(1); log.debug("primary=" + primary.parent().getId()); log.debug("next=" + next.parent().getId());
public ome.model.meta.Experimenter newInstance() { return new ome.model.meta.Experimenter(); }
@RolesAllowed("user") @Transactional(readOnly = false) public void notifyMembersOfShare(long shareId, String subject, String message, boolean html) { EventContext ec = getSecuritySystem().getEventContext(); Set<Experimenter> exps = getAllMembers(shareId); exps.add(getShare(shareId).getOwner()); Map<Experimenter, String> errors = new HashMap<Experimenter, String>(); for (final Experimenter e : exps) { if (e.getId() != ec.getCurrentUserId() && e.getEmail() != null && mailUtil.validateEmail(e.getEmail())) { try { mailUtil.sendEmail(e.getEmail(), subject, message, html, null, null); } catch (MailException me) { errors.put(e, me.getMessage()); } } } if (!errors.isEmpty()) { log.error(ServiceHandler.getResultsString(errors, null)); } }
privilegesToRemove.removeAll(privileges); if (user.getId() == getSecurityRoles().getRootId() && !privilegesToRemove.isEmpty()) { throw new ApiUsageException("cannot remove light administrator privileges from the root user"); user = userProxy(user.getId()); final List<NamedValue> userConfig; if (user.getConfig() == null) { userConfig = new ArrayList<NamedValue>(); user.setConfig(userConfig); } else { userConfig = user.getConfig(); for (final NamedValue configProperty : userConfig) { final AdminPrivilege currentPrivilege = adminPrivileges.getPrivilegeForConfigName(configProperty.getName());
@RolesAllowed("user") @Transactional(readOnly = false) public long createExperimenter(final Experimenter experimenter, ExperimenterGroup defaultGroup, ExperimenterGroup... otherGroups) { adminOrPiOfNonUserGroups(defaultGroup, otherGroups); long uid = roleProvider.createExperimenter(experimenter, defaultGroup, otherGroups); // If this method passes, then the Experimenter is valid. changeUserPassword(experimenter.getOmeName(), " "); assertNoPrivilegeElevation(new Experimenter(uid, false), Collections.<AdminPrivilege>emptySet()); getBeanHelper().getLogger().info( "Created user with blank password: " + experimenter.getOmeName()); return uid; }
/** * Remove from the given light administrator privileges those not shared by the given user. * Does <em>not</em> take account of if the user is a member of <tt>system</tt>: * calculates assuming that the user is an administrator. * Assumes that <tt>root</tt> has all light administrator privileges. * @param user a user, may be {@code null} * @param privileges a set of light administrator privileges */ private void removeUserPrivileges(Experimenter user, Set<AdminPrivilege> privileges) { if (user == null || user.getId() == rootId) { return; } final List<NamedValue> config = user.getConfig(); if (CollectionUtils.isNotEmpty(config)) { for (final NamedValue configProperty : config) { if (!Boolean.parseBoolean(configProperty.getValue())) { final String configPropertyName = configProperty.getName(); if (configPropertyName.startsWith(USER_CONFIG_NAME_PREFIX)) { final String adminPrivilegeName = configPropertyName.substring(USER_CONFIG_NAME_PREFIX.length()); privileges.remove(ADMIN_PRIVILEGES_BY_VALUE.get(adminPrivilegeName)); } } } } }
public void setDefaultGroup(Experimenter user, ExperimenterGroup group) { Session session = sf.getSession(); Experimenter foundUser = userById(user.getId(), session); ExperimenterGroup foundGroup = groupById(group.getId(), session); Set<GroupExperimenterMap> foundMaps = foundUser .findGroupExperimenterMap(foundGroup); if (foundMaps.size() < 1) { throw new ApiUsageException("Group " + group.getId() + " was not " + "found for user " + user.getId()); } else if (foundMaps.size() > 1) { log.warn(foundMaps.size() + " copies of " + foundGroup + " found for " + foundUser); } else { // May throw an exception GroupExperimenterMap newDef = foundMaps.iterator().next(); log.info(String.format("Changing default group for user %s to %s", foundUser.getId(), group.getId())); foundUser.setPrimaryGroupExperimenterMap(newDef); } // TODO: May want to move this outside the loop // and after the !newDefaultSet check. sec.doAction(new SecureMerge(session), foundUser); }