/** * Determine whether user and update the site * * @param siteId * The siteId for the site to test * * @return True * True if can update, False otherwise */ public boolean canUpdateSite(String siteId) { return securityService.unlock(UPDATE_PERMISSIONS, "/site/"+ siteId); }
/** * Disabled the security advisor. */ protected void disableAzgSecurityAdvisor() { SecurityAdvisor popped = m_securityService.popAdvisor(ALLOW_ADVISOR); if (!ALLOW_ADVISOR.equals(popped)) { if (popped == null) { log.warn("Someone has removed our advisor."); } else { log.warn("Removed someone elses advisor, adding it back."); m_securityService.pushAdvisor(popped); } } }
/** * {@inheritDoc} */ public boolean isUserAdmin(String userId) { return securityService.isSuperUser(userId); }
/** * {@inheritDoc} */ @Override public boolean isUserAllowedInSite(final String userId, final String permission, final String siteId) { if (this.securityService.isSuperUser()) { return true; } String siteRef = siteId; if (siteId != null && !siteId.startsWith(SiteService.REFERENCE_ROOT)) { siteRef = SiteService.REFERENCE_ROOT + Entity.SEPARATOR + siteId; } if (this.securityService.unlock(userId, permission, siteRef)) { return true; } return false; }
private SecurityAdvisor pushAdvisor() { SecurityAdvisor advisor = (userId, function, reference) -> SecurityAdvisor.SecurityAdvice.ALLOWED; securityService.pushAdvisor(advisor); return advisor; }
/** * Remove security advisor */ private void disableSecurityAdvisor() { securityService.popAdvisor(); }
if (permissions!=null) { for (String permission:permissions) { allowAddSubmissionUsers.removeAll(securityService.unlockUsers(permission, resourceString)); allowAddSubmissionUsers.removeAll(securityService.unlockUsers(SECURE_ADD_ASSIGNMENT, resourceString)); securityService.pushAdvisor(securityAdvisor); securityService.popAdvisor(securityAdvisor);
if (isAttachmentResource(id) && isCollection(id) && !m_securityService.isSuperUser()) log.warn("availability check for attachment collection " + id); for (int i = 0; i < refs.length; i++) roleswap = m_securityService.getUserEffectiveRole("/site/" + refs[i]); if (roleswap!=null) break; available = m_securityService.unlock(lock, entity.getReference());
/** * Get the List of Users who can addSubmission() for this assignment. * * @param assignmentReference - * a reference to an assignment * @return the List (User) of users who can addSubmission() for this assignment. */ public List allowAddSubmissionUsers(String assignmentReference) { return securityService.unlockUsers(SECURE_ADD_ASSIGNMENT_SUBMISSION, assignmentReference); } // allowAddSubmissionUsers
public static String getUserEffectiveRole(java.lang.String param0) { org.sakaiproject.authz.api.SecurityService service = getInstance(); if (service == null) return null; return service.getUserEffectiveRole(param0); }
public SecurityAdvisor pushAdvisor() { SecurityAdvisor advisor = new SecurityAdvisor() { public SecurityAdvisor.SecurityAdvice isAllowed(String userId, String function, String reference) { return SecurityAdvisor.SecurityAdvice.ALLOWED; } }; securityService.pushAdvisor(advisor); return advisor; }
/** * Remove security advisor */ private void disableSecurityAdvisor() { securityService.popAdvisor(); }
public boolean isUserAllowedInEntityReference(String userReference, String permission, String reference) { if (permission == null) { throw new IllegalArgumentException("permission must both be set"); } boolean allowed = false; if (userReference != null) { String userId = getUserIdFromRef(userReference); if (userId != null) { if (reference == null) { // special check for the admin user if ( securityService.isSuperUser(userId) ) { allowed = true; } } else { if ( securityService.unlock(userId, permission, reference) ) { allowed = true; } } } } else { // special anonymous user case - http://jira.sakaiproject.org/jira/browse/SAK-14840 allowed = securityService.unlock(permission, reference); } return allowed; }
public static java.util.List<User> unlockUsers(java.lang.String param0, java.lang.String param1) { org.sakaiproject.authz.api.SecurityService service = getInstance(); if (service == null) return null; return service.unlockUsers(param0, param1); }
public static String getUserEffectiveRole(java.lang.String param0) { org.sakaiproject.authz.api.SecurityService service = getInstance(); if (service == null) return null; return service.getUserEffectiveRole(param0); }
private boolean isAllowed(String userId, String permission, String realmId) { if (securityService.unlock(userId, permission, realmId)) { return true; } return false; }
public boolean isObsolete() { securityService.pushAdvisor(new SecurityAdvisor() { public SecurityAdvice isAllowed(String userId, String function, String reference) { return SecurityAdvice.ALLOWED; } }); try { chs.getProperties(this.resourceId); return false; } catch (PermissionException e1) { return true; } catch (IdUnusedException e1) { return true; } finally { securityService.popAdvisor(); } }
/** * Establish a security advisor to allow the "embedded" azg work to occur with no need for additional security permissions. */ protected void enableAzgSecurityAdvisor() { // put in a security advisor so we can do our azg work without need of further permissions // TODO: could make this more specific to the AuthzGroupService.SECURE_UPDATE_AUTHZ_GROUP permission -ggolden m_securityService.pushAdvisor(ALLOW_ADVISOR); }
/** * remove recent add SecurityAdvisor from stack */ protected void disableSecurityAdvisor() { securityService.popAdvisor(); }
/** * {@inheritDoc} */ @Override public boolean isSuperUser() { return this.securityService.isSuperUser(); }