public void chmod(IObject obj, String permissions) { handleGroupChange(obj, Permissions.parseString(permissions)); }
/** * Here we used the checks returned from {@link ExtendedMetadata} to iterate * through every non-system table and check that it has no FKs which point * to back to its rows and violate the read permissions which are being * reduced. */ public void check(IObject obj, Object check) { if (!(check instanceof Check)) { throw new InternalException("Bad check:" + check); } Check c = ((Check) check); Map<String, Long> counts = performRun(c); long total = counts.get("*"); if (total > 0) { throw new SecurityViolation(String.format( "Cannot change permissions on %s to %s due to locks:\n%s", obj, c.perms, counts)); } }
private void handleGroupChange(IObject obj, Permissions newPerms) { final ExperimenterGroup group = load(obj); if (newPerms == null) { throw new ApiUsageException("PERMS cannot be null"); } final Permissions oldPerms = group.getDetails().getPermissions(); if (oldPerms.sameRights(newPerms)) { log.debug(String.format("Ignoring unchanged permissions: %s", newPerms)); return; } final Long internal = (Long) Utils.internalForm(newPerms); sql.changeGroupPermissions(obj.getId(), internal); log.info(String.format("Changed permissions for %s to %s", obj.getId(), internal)); eventlog(obj.getId(), newPerms.toString()); }
@SuppressWarnings({ "unchecked", "rawtypes" }) public Object[] getChecks(IObject obj, String permissions) { ExperimenterGroup trusted = load(obj); if (!voter.allowChmod(trusted)) { throw new SecurityViolation("chmod not permitted"); } PermDrop drop = new PermDrop(trusted, permissions); if (!drop.found()) { return new Object[0]; // none needed. } List<Object> checks = new ArrayList<Object>(); Collection<String> classeNames = em.getClasses(); for (String className : classeNames) { Class k = em.getHibernateClass(className); if (voter.sysTypes.isSystemType(k)) { continue; // Skip experimenters, etc. } String[][] lockChecks = em.getLockChecks(k); checks.add(new Check(trusted.getId(), permissions, k, lockChecks, drop)); } return checks.toArray(new Object[checks.size()]); }