/** * Gets the name of the currently logged-in principal. * * @return the principal name, or {@code null} if there was no login * @since 8.4 */ protected static String getCurrentPrincipalName() { NuxeoPrincipal p = ClientLoginModule.getCurrentPrincipal(); return p == null ? null : p.getName(); }
@Override public boolean hasCreateFromKeyPermission() { NuxeoPrincipal principal = ClientLoginModule.getCurrentPrincipal(); if (principal == null) { return false; } String createFromKeyUsers = properties.getOrDefault(CREATE_FROM_KEY_USERS, EMPTY); String createFromKeyGroups = properties.getOrDefault(CREATE_FROM_KEY_GROUPS, EMPTY); if ("*".equals(createFromKeyUsers) || "*".equals(createFromKeyGroups)) { return true; } List<String> authorizedUsers = Arrays.asList(createFromKeyUsers.split(",")); List<String> authorizedGroups = Arrays.asList(createFromKeyGroups.split(",")); return principal.isAdministrator() || authorizedUsers.contains(principal.getName()) || authorizedGroups.stream().anyMatch(principal::isMemberOf); }
public static String[] getPrincipalsToCheck(NuxeoPrincipal principal) { List<String> userGroups = principal.getAllGroups(); if (userGroups == null) { return new String[] { principal.getName(), SecurityConstants.EVERYONE }; } else { int size = userGroups.size(); String[] groups = new String[size + 2]; userGroups.toArray(groups); groups[size] = principal.getName(); groups[size + 1] = SecurityConstants.EVERYONE; return groups; } }
DataTransferObject(NuxeoPrincipal principal) { username = principal.getName(); originatingUser = principal.getOriginatingUser(); }
/** * @param originatingPrincipal * @param groupName * @return * @since 10.2 */ protected boolean acceptGroup(NuxeoPrincipal originatingPrincipal, String groupName) { return originatingPrincipal.isAdministrator() || originatingPrincipal.getAllGroups().contains(groupName); } }
protected boolean checkUnrestricted(CoreSession session) { return session.getPrincipal().isAdministrator(); }
return false; if (user.isAdministrator()) { return true; if (user.isAdministrator()) { return true; if (user.isMemberOf(POWER_USERS_GROUP)) { return true; List<String> groups = new ArrayList<>(user.getAllGroups()); groups.add(SecurityConstants.EVERYONE); String username = user.getName(); boolean allowed = hasPermission(permission, username, groups); if (!allowed) {
protected void checkCancelGuards(DocumentRoute route) { NuxeoPrincipal currentUser = getContext().getCoreSession().getPrincipal(); if (currentUser.isAdministrator() || currentUser.isMemberOf("powerusers")) { return; } if (currentUser.getName().equals(route.getInitiator())) { return; } throw new WebSecurityException("You don't have the permission to cancel this workflow"); }
/** * Checks if the current user can still read and write access rights. If he can't, then the security data are * rebuilt. */ private boolean checkPermissions() { if (currentUser.isAdministrator()) { return true; } else { List<String> principals = new ArrayList<String>(); principals.add(currentUser.getName()); principals.addAll(currentUser.getAllGroups()); ACP acp = currentDocument.getACP(); new SecurityDataConverter(); List<UserEntry> modifiableEntries = SecurityDataConverter.convertToUserEntries(securityData); if (null == acp) { acp = new ACPImpl(); } acp.setRules(modifiableEntries.toArray(new UserEntry[0])); final boolean access = acp.getAccess(principals.toArray(new String[0]), getPermissionsToCheck()) .toBoolean(); if (!access) { rebuildSecurityData(); } return access; } }
protected void checkCurrentUserCanCreateArtifact(T artifact) { NuxeoPrincipal currentUser = getContext().getCoreSession().getPrincipal(); if (!currentUser.isAdministrator()) { if (!currentUser.isMemberOf("powerusers") || !isAPowerUserEditableArtifact(artifact)) { throw new WebSecurityException("Cannot create artifact"); } } }
protected boolean isValidator(DocumentModel document, NuxeoPrincipal principal) { String[] validators = getValidatorsFor(document); for (String s : validators) { if (principal.getName().equals(s) || principal.isMemberOf(s)) { return true; } } return false; }
task.setProcessName(processName); task.setCreated(new Date()); task.setInitiator(principal.getActingUser()); task.setActors(prefixedActorIds); task.setDueDate(dueDate); task.addComment(principal.getName(), comment); ACL acl = acp.getOrCreateACL(ACL.LOCAL_ACL); if (principal != null) { acl.add(new ACE(principal.getName(), SecurityConstants.EVERYTHING, true));
public String getActingUser() { return principal.getActingUser(); }
public List<String> getAllGroups() { return principal.getAllGroups(); }
/** * Gets the base username to use to determine a user's workspace. This is not used directly as a path segment, but * forms the sole basis for it. * * @since 9.2 */ protected String getUserName(NuxeoPrincipal principal, String username) { if (principal != null) { username = principal.getActingUser(); } if (NuxeoPrincipal.isTransientUsername(username)) { // no personal workspace for transient users username = null; } if (StringUtils.isEmpty(username)) { username = null; } return username; }
public boolean check(Adaptable context) { Principal p = context.getAdapter(Principal.class); if (p instanceof NuxeoPrincipal) { return ((NuxeoPrincipal) p).isMemberOf(group); } return false; }
/** * Is the current logged user an administrator? */ public boolean getAdministrator() { return currentUser.isAdministrator(); }
protected void checkUpdateGuardPreconditions() { NuxeoPrincipal principal = getContext().getCoreSession().getPrincipal(); if (!principal.isAdministrator()) { if ((!principal.isMemberOf("powerusers")) || !isAPowerUserEditableArtifact()) { throw new WebSecurityException("User is not allowed to edit users"); } } }