public Roles getSecurityRoles() { return choose().getSecurityRoles(); }
protected void adminFlush() { getSecuritySystem().runAsAdmin(new AdminAction() { public void runAsAdmin() { iUpdate.flush(); } }); }
public Details checkManagedDetails(IObject object, Details trustedDetails) throws ApiUsageException, SecurityViolation { return choose().checkManagedDetails(object, trustedDetails); }
/** * Saves an object as admin. * * Due to the disabling of the MergeEventListener, it is necessary to * jump through several hoops to get non-admin saving of system types * to work properly. */ private void reallySafeSave(final IObject obj) { final Session session = osf.getSession(); sec.doAction(new SecureMerge(session), obj); sec.runAsAdmin(new AdminAction(){ public void runAsAdmin() { session.flush(); }}); }
@RolesAllowed("user") @Transactional(readOnly = false) public <T extends IEnum> T createEnumeration(T newEnum) { final LocalUpdate up = iUpdate; // TODO should this belong to root? Details d = getSecuritySystem().newTransientDetails(newEnum); newEnum.getDetails().copy(d); worldReadable(newEnum); return getSecuritySystem().doAction(new SecureAction() { public IObject updateObject(IObject... iObjects) { return up.saveAndReturnObject(iObjects[0]); } }, newEnum); }
public EventContext getEventContext() { return choose().getEventContext(); }
@Override @RolesAllowed("user") public RenderingDef retrieveRndSettings(long pixId) { Long userId = sec.getEffectiveUID(); RenderingDef rd = retrieveRndSettingsFor(pixId, userId); if (rd == null) { final EventContext ec = this.sec.getEventContext(false); final Pixels pixelsObj = this.iQuery.get(Pixels.class, pixId); final boolean isGraphCritical = this.sec.isGraphCritical(pixelsObj.getDetails()); long pixOwner = pixelsObj.getDetails().getOwner().getId(); long currentUser = ec.getCurrentUserId(); if (currentUser != pixOwner) { rd = retrieveRndSettingsFor(pixId, pixOwner); } } return rd; }
@RolesAllowed("user") @Transactional(readOnly = false) public void setDefaultGroup(Experimenter user, ExperimenterGroup group) { if (user == null) { return; } if (group == null) { return; } if (group.getId() == null) { throw new ApiUsageException("Group argument to setDefaultGroup " + "must be managed (i.e. have an id)"); } EventContext ec = getSecuritySystem().getEventContext(); if (!(isAdmin() && getCurrentAdminPrivilegesForSession().contains( adminPrivileges.getPrivilege(AdminPrivilege.VALUE_MODIFY_USER)) || ec.getCurrentUserId().equals(user.getId()))) { throw new SecurityViolation("User " + user.getId() + " can only set own default group."); } Roles roles = getSecuritySystem().getSecurityRoles(); if (Long.valueOf(roles.getUserGroupId()).equals(group.getId())) { throw new ApiUsageException("Cannot set default group to: " + roles.getUserGroupName()); } roleProvider.setDefaultGroup(user, group); getBeanHelper().getLogger().info( String.format("Changing default group for %s to %s", user, group)); }
@RolesAllowed("user") @Transactional(readOnly = false) public void updateSelf(@NotNull Experimenter e) { EventContext ec = getSecuritySystem().getEventContext(); final Experimenter self = getExperimenter(ec.getCurrentUserId()); self.setFirstName(e.getFirstName()); self.setMiddleName(e.getMiddleName()); self.setLastName(e.getLastName()); self.setEmail(e.getEmail()); self.setInstitution(e.getInstitution()); getSecuritySystem().runAsAdmin(new AdminAction() { public void runAsAdmin() { iUpdate.flush(); } }); getBeanHelper().getLogger().info( "Updated own user info: " + self.getOmeName()); }
private Job secureSave(Job job) { job = sec.doAction(new SecureAction() { public <T extends IObject> T updateObject(T... objs) { T result = iUpdate.saveAndReturnObject(objs[0]); iUpdate.flush(); // was commit return result; } }, job); return job; }
EventContext ec = securitySystem.getEventContext(); Permissions currentGroupPermissions = ec.getCurrentGroupPermissions(); Permissions readOnly = Permissions.parseString("rwr---"); if (securitySystem.isGraphCritical(null) // May throw || currentGroupPermissions.identical(readOnly))
final EventContext ec = getSecuritySystem().getEventContext(); final String omename = ec.getCurrentUserName(); final Long user = ec.getCurrentUserId(); this.sec.doAction(new SecureShare() { @Override void doUpdate(Share share) {
public Long getEffectiveUID() { return choose().getEffectiveUID(); }
@Override public void checkRestriction(String name, IObject obj) { choose().checkRestriction(name, obj); }
public void disable(String... ids) { choose().disable(ids); }
public void enable(String... ids) { choose().enable(ids); }
public boolean hasPrivilegedToken(IObject obj) { return choose().hasPrivilegedToken(obj); }
public EventContext getEventContext(boolean refresh) { return choose().getEventContext(refresh); }
public long createExperimenter(Experimenter experimenter, ExperimenterGroup defaultGroup, ExperimenterGroup... otherGroups) { Session session = sf.getSession(); SecureAction action = new SecureMerge(session); Experimenter e = copyUser(experimenter); if (isIgnoreCaseLookup()) { e.setOmeName(e.getOmeName().toLowerCase()); } e.getDetails().copy(sec.newTransientDetails(e)); e = sec.doAction(action, e); session.flush(); linkGroupAndUser(defaultGroup, e, false); if (null != otherGroups) { for (ExperimenterGroup group : otherGroups) { linkGroupAndUser(group, e, false); } } return e.getId(); }
private void secureFlush(final IObject copy) { getSecuritySystem().doAction(new SecureAction(){ public <T extends IObject> T updateObject(T... objs) { iUpdate.flush(); return null; }}, copy); }