/** * Replaces all the simple-valued fields in the {@link BasicEventContext}. * This method */ void checkAndInitialize(EventContext ec, LocalAdmin admin, ShareStore store) { current().checkAndInitialize(ec, admin, store); }
/** * Copy-constructor to not have to allow the mutator {@link #copy(EventContext)} * or {@code copyContext(EventContext)} out of the {@link EventContext} * hierarchy. */ public BasicEventContext(Principal p, SessionStats stats, EventContext ec) { this(p, stats); copyContext(ec); }
public Object doInHibernate(Session session) throws HibernateException, SQLException { BasicEventContext c = cd.current(); boolean wasAdmin = c.isCurrentUserAdmin(); final Set<AdminPrivilege> oldAdminPrivileges = c.getAdminPrivileges(); ExperimenterGroup oldGroup = c.getGroup(); try { c.setAdmin(true); c.setAdminPrivileges(LightAdminPrivileges.getAllPrivileges()); if (group != null) { c.setGroup(group, group.getDetails().getPermissions()); } disable(MergeEventListener.MERGE_EVENT); enableReadFilter(session); action.runAsAdmin(); } finally { c.setAdmin(wasAdmin); c.setAdminPrivileges(oldAdminPrivileges); if (group != null) { c.setGroup(oldGroup, oldGroup.getDetails().getPermissions()); } enable(MergeEventListener.MERGE_EVENT); enableReadFilter(session); // Now as non-admin } return null; } });
/** * Creates a {@link Details} object for the current security context. * * The {@link Permissions} on the instance are calculated from the current * group as well as the user's umask. * * @return details for the current security context * @see <a href="https://trac.openmicroscopy.org/ome/ticket/1434">ticket:1434</a> */ public Details createDetails() { final BasicEventContext c = current(); final Details d = Details.create(new Object[]{c, c.getCallContext()}); d.setCreationEvent(c.getEvent()); d.setUpdateEvent(c.getEvent()); d.setOwner(c.getOwner()); d.setGroup(c.getGroup()); // ticket:1434 final Permissions groupPerms = c.getCurrentGroupPermissions(); final Permissions p = new Permissions(groupPerms); d.setPermissions(p); return d; }
} else if (!sysTypeOrUsrGroup && currentUser.isGraphCritical(d)) { //ticket:1769 Boolean belongs = null; final Long uid = c.getCurrentUserId(); for (int i = 0; i < scopes.length; i++) { if (scopes[i].equals(Scope.LINK) || scopes[i].equals(Scope.ANNOTATE)) { final Set<AdminPrivilege> privileges = c.getCurrentAdminPrivileges(); if (LightAdminPrivileges.getAllPrivileges().equals(privileges)) { for (int i = 0; i < scopes.length; i++) { grpPermissions = c.getPermissionsForGroup(gid); } else { grpPermissions = new Permissions(Permissions.PRIVATE); grpPermissions = c.getPermissionsForGroup(gid); if (grpPermissions == null && roles.getUserGroupId() != c.getCurrentGroupId()) { grpPermissions = c.getCurrentGroupPermissions(); if (c.getCurrentUserId() == roles.getGuestId()) { return 0; } else if (iObject instanceof OriginalFile) { hasLightAdminPrivilege = true; } else if (c.isCurrentUserAdmin()) { hasLightAdminPrivilege = true;
void checkAndInitialize(EventContext ec, LocalAdmin admin, ShareStore store) { this.copyContext(ec); final Long sid = parseId(callContext, "omero.share"); if (sid != null) { if (!isAdmin) { setShareId(sid); if (toPrint == null) { toPrint = new ArrayList<String>(); final Long uid = parseId(callContext, "omero.user"); if (uid != null) { cuId, uid)); setOwner(admin.userProxy(uid)); if (toPrint == null) { toPrint = new ArrayList<String>(); final Long gid = parseId(callContext, "omero.group"); if (gid != null) { if (gid < 0) { setGroup(new ExperimenterGroup(gid, false), Permissions.DUMMY); } else { ExperimenterGroup g = admin.groupProxy(gid); setGroup(g, g.getDetails().getPermissions());
final ome.model.meta.Session currentSession = sessionProvider.findSessionById(ec.getCurrentSessionId(), session); Experimenter sessionOwnerCurrent = currentSession.getSudoer(); if (sessionOwnerCurrent == null) { return ec.getCurrentAdminPrivileges().contains(adminPrivileges.getPrivilege(AdminPrivilege.VALUE_READ_SESSION)); if (ec.getCurrentGroupId() < 0) { "while loading %s:%s", gid, klass.getName(), id)); } else { ec.setPermissionsForGroup(gid, p);
final Set<AdminPrivilege> privileges = bec.getCurrentAdminPrivileges(); if (!bec.isCurrentUserAdmin()) { isPrivilegedCreator = false; } else if (sysType) { if (bec.getCurrentGroupId().equals(sourceGroupId)) { newDetails.setGroup(source.getGroup()); else if ((bec.getCurrentGroupId() < 0) && (isPrivilegedCreator || bec.getMemberOfGroupsList() .contains(sourceGroupId))) { newDetails.setGroup(source.getGroup()); + " for %s to %s", obj, source.getGroup())); } else if (isPrivilegedCreator || bec.getMemberOfGroupsList().contains(newDetails.getGroup().getId())) { } else if (bec.getCurrentGroupPermissions().isGranted(Role.WORLD, obj instanceof IAnnotationLink ? Right.ANNOTATE : Right.WRITE)) { bec.getCurrentGroupPermissions().isGranted(Role.WORLD, Right.READ)) {
public void applyContext(Details details, boolean changePerms) { final BasicEventContext c = current(); details.setContexts(new Object[]{c, c.getCallContext()}); if (changePerms) { // Make the permissions match (#8277) final Permissions groupPerms = c.getCurrentGroupPermissions(); if (groupPerms != Permissions.DUMMY) { details.setPermissions(new Permissions(groupPerms)); } else { // In the case of the dummy, we will be required to have // the group id already set in the context. ExperimenterGroup group = details.getGroup(); if (group != null) { // Systypes still will have DUMMY values. Long gid = details.getGroup().getId(); Permissions p = c.getPermissionsForGroup(gid); if (p != null) { // Ticket:9505. This must be a new copy of the permissions // in order to prevent the restrictions being modified by // later objects! details.setPermissions(new Permissions(p)); } else if (gid.equals(Long.valueOf(roles.getUserGroupId()))) { details.setPermissions(new Permissions(Permissions.EMPTY)); } else { throw new InternalException("No permissions: " + details); } } } } }
Details newDetails, final BasicEventContext bec) { final Set<AdminPrivilege> privileges = bec.getCurrentAdminPrivileges(); else if (bec.isCurrentUserAdmin() && privileges.contains(adminPrivileges.getPrivilege(AdminPrivilege.VALUE_CHOWN)) || privileged) {
final Set<AdminPrivilege> privileges = bec.getCurrentAdminPrivileges(); bec.getMemberOfGroupsList().contains( || bec.isCurrentUserAdmin() && privileges.contains(adminPrivileges.getPrivilege(AdminPrivilege.VALUE_CHGRP)) || privileged) { newDetails.setGroup(currentDetails.getGroup());
public Set<AdminPrivilege> getAdminPrivileges() { return current().getAdminPrivileges(); }
public Map<String, String> getContext() { return list().getLast().getCallContext(); }
/** * @return if the current user is the system's <q>guest</q> user */ public boolean isCurrentUserGuest() { return current().getCurrentUserId() == roles.getGuestId(); }
public void login(Principal principal) { // Can't use the method in SessionManager since that leads to a // circular reference in Spring. final String uuid = principal.getName(); final SessionContext ctx = cache.getSessionContext(uuid); final SessionStats stats = ctx.stats(); final BasicEventContext c = new BasicEventContext(principal, stats); login(c); }
public void postFlush(Iterator entities) throws CallbackException { debug("Intercepted postFlush."); if (TransactionSynchronizationManager.isCurrentTransactionReadOnly()) { debug("detected read-only transaction"); } else if (sqlAction != null) { /* read-write transactions may trigger checks */ debug("updating current light administrator privileges"); final Set<AdminPrivilege> privileges = currentUser.current().getCurrentAdminPrivileges(); sqlAction.deleteCurrentAdminPrivileges(); if (CollectionUtils.isNotEmpty(privileges)) { sqlAction.insertCurrentAdminPrivileges(privileges); } } }