public void checkForAuthorization(SingularityRequest request, SingularityUser user, SingularityAuthorizationScope scope) { if (!authEnabled) { return; } checkForbidden(user.isAuthenticated(), "Not authenticated!"); final Set<String> readWriteGroups = Sets.union(request.getGroup().asSet(), request.getReadWriteGroups().or(Collections.emptySet())); final Set<String> readOnlyGroups = request.getReadOnlyGroups().or(defaultReadOnlyGroups); checkForAuthorization(user, readWriteGroups, readOnlyGroups, scope, Optional.of(request.getId())); }
public boolean isAuthorizedForRequest(SingularityRequest request, SingularityUser user, SingularityAuthorizationScope scope) { if (!authEnabled) { return true; // no auth == no rules! } if (!user.isAuthenticated()) { return false; } final Set<String> userGroups = user.getGroups(); final Set<String> readWriteGroups = Sets.union(request.getGroup().asSet(), request.getReadWriteGroups().or(Collections.<String>emptySet())); final Set<String> readOnlyGroups = request.getReadOnlyGroups().or(defaultReadOnlyGroups); final boolean userIsAdmin = !adminGroups.isEmpty() && groupsIntersect(userGroups, adminGroups); final boolean userIsJITA = !jitaGroups.isEmpty() && groupsIntersect(userGroups, jitaGroups); final boolean userIsReadWriteUser = readWriteGroups.isEmpty() || groupsIntersect(userGroups, readWriteGroups); final boolean userIsReadOnlyUser = groupsIntersect(userGroups, readOnlyGroups) || (!globalReadOnlyGroups.isEmpty() && groupsIntersect(userGroups, globalReadOnlyGroups)); final boolean userIsPartOfRequiredGroups = requiredGroups.isEmpty() || groupsIntersect(userGroups, requiredGroups); if (userIsAdmin) { return true; // Admins Rule Everything Around Me } else if (scope == SingularityAuthorizationScope.READ) { return (userIsReadOnlyUser || userIsReadWriteUser || userIsJITA) && userIsPartOfRequiredGroups; } else if (scope == SingularityAuthorizationScope.WRITE) { return (userIsReadWriteUser || userIsJITA) && userIsPartOfRequiredGroups; } else { return false; } }
public void checkForAuthorization(SingularityRequest request, SingularityUser user, SingularityAuthorizationScope scope) { if (!authEnabled) { return; } checkForbidden(user.isAuthenticated(), "Not authenticated!"); final Set<String> readWriteGroups = Sets.union(request.getGroup().asSet(), request.getReadWriteGroups().or(Collections.emptySet())); final Set<String> readOnlyGroups = request.getReadOnlyGroups().or(defaultReadOnlyGroups); checkForAuthorization(user, readWriteGroups, readOnlyGroups, scope, Optional.of(request.getId())); }
public boolean isAuthorizedForRequest(SingularityRequest request, SingularityUser user, SingularityAuthorizationScope scope) { if (!authEnabled) { return true; // no auth == no rules! } if (!user.isAuthenticated()) { return false; } final Set<String> userGroups = user.getGroups(); final Set<String> readWriteGroups = Sets.union(request.getGroup().asSet(), request.getReadWriteGroups().or(Collections.<String>emptySet())); final Set<String> readOnlyGroups = request.getReadOnlyGroups().or(defaultReadOnlyGroups); final boolean userIsAdmin = !adminGroups.isEmpty() && groupsIntersect(userGroups, adminGroups); final boolean userIsJITA = !jitaGroups.isEmpty() && groupsIntersect(userGroups, jitaGroups); final boolean userIsReadWriteUser = readWriteGroups.isEmpty() || groupsIntersect(userGroups, readWriteGroups); final boolean userIsReadOnlyUser = groupsIntersect(userGroups, readOnlyGroups) || (!globalReadOnlyGroups.isEmpty() && groupsIntersect(userGroups, globalReadOnlyGroups)); final boolean userIsPartOfRequiredGroups = requiredGroups.isEmpty() || groupsIntersect(userGroups, requiredGroups); if (userIsAdmin) { return true; // Admins Rule Everything Around Me } else if (scope == SingularityAuthorizationScope.READ) { return (userIsReadOnlyUser || userIsReadWriteUser || userIsJITA) && userIsPartOfRequiredGroups; } else if (scope == SingularityAuthorizationScope.WRITE) { return (userIsReadWriteUser || userIsJITA) && userIsPartOfRequiredGroups; } else { return false; } }