public void onApplicationEvent(EventLogMessage elm) { if (elm != null) { for (Long id : elm.entityIds) { addLog(elm.action, elm.entityType, id); } } }
public Details newTransientDetails(IObject object) throws ApiUsageException, SecurityViolation { checkReady("transientDetails"); return interceptor.newTransientDetails(object); }
public void updateReadFilter(Session session) { disableReadFilter(session); enableReadFilter(session); }
Object retVal = null; try { secSys.enableReadFilter(session); retVal = arg0.proceed(); saveLogs(readOnly, session); + session); secSys.disableReadFilter(session); session.clear(); secSys.disableReadFilter(session); secSys.invalidateEventContext();
public Object doInHibernate(Session session) throws HibernateException, SQLException { BasicEventContext c = cd.current(); boolean wasAdmin = c.isCurrentUserAdmin(); final Set<AdminPrivilege> oldAdminPrivileges = c.getAdminPrivileges(); ExperimenterGroup oldGroup = c.getGroup(); try { c.setAdmin(true); c.setAdminPrivileges(LightAdminPrivileges.getAllPrivileges()); if (group != null) { c.setGroup(group, group.getDetails().getPermissions()); } disable(MergeEventListener.MERGE_EVENT); enableReadFilter(session); action.runAsAdmin(); } finally { c.setAdmin(wasAdmin); c.setAdminPrivileges(oldAdminPrivileges); if (group != null) { c.setGroup(oldGroup, oldGroup.getDetails().getPermissions()); } enable(MergeEventListener.MERGE_EVENT); enableReadFilter(session); // Now as non-admin } return null; } });
checkReady("enableReadFilter"); final EventContext ec = getEventContext(); final Session sess = (Session) session; for (final SecurityFilter filter : filters) {
public Long getEffectiveUID() { return delegate.getEffectiveUID(); }
/** * Simplified factory method which generates all the security primitives * internally. Primarily useful for generated testing instances. * @param sm the session manager * @param sf the session factory * @param cache the session cache * @return a configured security system */ public static BasicSecuritySystem selfConfigure(SessionManager sm, ServiceFactory sf, SessionCache cache) { CurrentDetails cd = new CurrentDetails(cache); SystemTypes st = new SystemTypes(); TokenHolder th = new TokenHolder(); Roles roles = new Roles(); final SessionProvider sessionProvider = new SessionProviderInMemory(roles, new NodeProviderInMemory(""), null); final OmeroInterceptor oi = new OmeroInterceptor(roles, st, new ExtendedMetadata.Impl(), cd, th, new PerSessionStats(cd), new LightAdminPrivileges(roles), null, new HashSet<String>(), new HashSet<String>()); SecurityFilterHolder holder = new SecurityFilterHolder( cd, new OneGroupSecurityFilter(roles), new AllGroupsSecurityFilter(null, roles), new SharingSecurityFilter(roles, null)); BasicSecuritySystem sec = new BasicSecuritySystem(oi, st, cd, sm, sessionProvider, new EventProviderInMemory(), roles, sf, new TokenHolder(), Collections.<SecurityFilter>singletonList(holder), new DefaultPolicyService(), new BasicACLVoter(cd, st, th, holder, sessionProvider, new ReadOnlyStatus(false, false))); return sec; }
final Principal p = clearAndCheckPrincipal();
public Object doInHibernate(org.hibernate.Session arg0) throws HibernateException, SQLException { BasicSecuritySystem bss = (BasicSecuritySystem) sec; try { bss.disableReadFilter(arg0); return arg0 .createQuery( "select sh from Session sh " + "join fetch sh.owner " + "where sh.id in (:ids) ") .setParameterList("ids", ids).list(); } finally { bss.enableReadFilter(arg0); } } });
public Details checkManagedDetails(IObject object, Details trustedDetails) throws ApiUsageException, SecurityViolation { checkReady("managedDetails"); return interceptor.checkManagedDetails(object, trustedDetails); }
public Object doInHibernate(org.hibernate.Session arg0) throws HibernateException, SQLException { BasicSecuritySystem bss = (BasicSecuritySystem) sec; try { bss.disableReadFilter(arg0); return arg0 .createQuery( "select sh from Share sh " + "join fetch sh.owner " + "where sh.id = :id") .setParameter("id", data.id).uniqueResult(); } finally { bss.enableReadFilter(arg0); } } });
public boolean isGraphCritical(Details details) { checkReady("isGraphCritical"); return cd.isGraphCritical(details); }
final Session session = factory.getSession(); if (msg instanceof ContextMessage.Pop){ secSys.disableReadFilter(session); // Disable old name cd.logout(); secSys.enableReadFilter(session); // With old context } else if (msg instanceof ContextMessage.Push) { secSys.disableReadFilter(session); // Disable old name msg.context); secSys.enableReadFilter(session); // With new context
checkReady("runAsAdmin");