public boolean allowAnnotate(IObject iObject, Details trustedDetails) { BasicEventContext c = currentUser.current(); return 1 == allowUpdateOrDelete(c, iObject, trustedDetails, Scope.ANNOTATE); }
@Override public void setPermittedClasses(Map<Integer, Set<Class<? extends IObject>>> objectClassesPermitted) { basic.setPermittedClasses(objectClassesPermitted); }
if (scopes[i].equals(Scope.LINK) || scopes[i].equals(Scope.ANNOTATE)) { if (belongs == null) { belongs = objectBelongsToUser(iObject, uid); final boolean owner = owner(d, c); final boolean leader = leader(d, c); final boolean member = member(d, c);
public void postProcess(IObject object) { if (object.isLoaded()) { if (object instanceof PermDetails) { object = ((PermDetails) object).getInternalContext(); if (!object.isLoaded()) { return; // EARLY EXIT } } Details details = object.getDetails(); // Sets context values. this.currentUser.applyContext(details, !(object instanceof ExperimenterGroup)); final BasicEventContext c = currentUser.current(); final Permissions p = details.getPermissions(); int allow = allowUpdateOrDelete(c, object, details, // This order must match the ordered of restrictions[] // expected by p.copyRestrictions Scope.LINK, Scope.EDIT, Scope.DELETE, Scope.ANNOTATE); allow = addChgrpChownRestrictionBits(object.getClass(), details, allow); // #9635 - This is not the most efficient solution // But since it's unclear why Permission objects // are currently being shared, the safest solution // is to always produce a copy. Permissions copy = new Permissions(p); copy.copyRestrictions(allow, restrictions(object)); details.setPermissions(copy); // #9635 } }
boolean member(Details d, EventContext c) { Long g = d.getGroup() == null ? null : d.getGroup().getId(); return member(g, c); }
boolean leader(Details d, EventContext c) { Long g = d.getGroup() == null ? null : d.getGroup().getId(); return leader(g, c); }
@SuppressWarnings({ "unchecked", "rawtypes" }) public Object[] getChecks(IObject obj, String permissions) { ExperimenterGroup trusted = load(obj); if (!voter.allowChmod(trusted)) { throw new SecurityViolation("chmod not permitted"); } PermDrop drop = new PermDrop(trusted, permissions); if (!drop.found()) { return new Object[0]; // none needed. } List<Object> checks = new ArrayList<Object>(); Collection<String> classeNames = em.getClasses(); for (String className : classeNames) { Class k = em.getHibernateClass(className); if (voter.sysTypes.isSystemType(k)) { continue; // Skip experimenters, etc. } String[][] lockChecks = em.getLockChecks(k); checks.add(new Check(trusted.getId(), permissions, k, lockChecks, drop)); } return checks.toArray(new Object[checks.size()]); }
/** * Simplified factory method which generates all the security primitives * internally. Primarily useful for generated testing instances. * @param sm the session manager * @param sf the session factory * @param cache the session cache * @return a configured security system */ public static BasicSecuritySystem selfConfigure(SessionManager sm, ServiceFactory sf, SessionCache cache) { CurrentDetails cd = new CurrentDetails(cache); SystemTypes st = new SystemTypes(); TokenHolder th = new TokenHolder(); Roles roles = new Roles(); final SessionProvider sessionProvider = new SessionProviderInMemory(roles, new NodeProviderInMemory(""), null); final OmeroInterceptor oi = new OmeroInterceptor(roles, st, new ExtendedMetadata.Impl(), cd, th, new PerSessionStats(cd), new LightAdminPrivileges(roles), null, new HashSet<String>(), new HashSet<String>()); SecurityFilterHolder holder = new SecurityFilterHolder( cd, new OneGroupSecurityFilter(roles), new AllGroupsSecurityFilter(null, roles), new SharingSecurityFilter(roles, null)); BasicSecuritySystem sec = new BasicSecuritySystem(oi, st, cd, sm, sessionProvider, new EventProviderInMemory(), roles, sf, new TokenHolder(), Collections.<SecurityFilter>singletonList(holder), new DefaultPolicyService(), new BasicACLVoter(cd, st, th, holder, sessionProvider, new ReadOnlyStatus(false, false))); return sec; }
public boolean allowDelete(IObject iObject, Details trustedDetails) { BasicEventContext c = currentUser.current(); return 1 == allowUpdateOrDelete(c, iObject, trustedDetails, Scope.DELETE); }
public boolean allowUpdate(IObject iObject, Details trustedDetails) { BasicEventContext c = currentUser.current(); return 1 == allowUpdateOrDelete(c, iObject, trustedDetails, Scope.EDIT); }