private boolean isCurrentUserAdminOfGroup(String groupName) { return securityService.isUserAdminOfGroup(getCurrentUsername(), groupName); }
public boolean hasAdminPermissionsForPipeline(Username username, CaseInsensitiveString pipelineName) { String groupName = goConfigService.findGroupNameByPipeline(pipelineName); if (groupName == null) { return true; } return isUserAdminOfGroup(username.getUsername(), groupName); }
public List<String> modifiableGroupsForUser(Username userName) { if (isUserAdmin(userName)) { return goConfigService.allGroups(); } List<String> modifiableGroups = new ArrayList<>(); for (String group : goConfigService.allGroups()) { if (isUserAdminOfGroup(userName.getUsername(), group)) { modifiableGroups.add(group); } } return modifiableGroups; }
public void checkPipelineCreationAuthorizationAnd403(Request request, Response response) { if (!securityService.isSecurityEnabled() || securityService.isUserAdmin(currentUsername())) { return; } JsonElement group = new JsonParser().parse(request.body()).getAsJsonObject().get("group"); if (group == null) { throw new UnprocessableEntityException("Pipeline group must be specified for creating a pipeline."); } else { String groupName = group.getAsString(); if (StringUtils.isNotBlank(groupName) && !securityService.isUserAdminOfGroup(currentUsername(), groupName)) { throw renderForbiddenResponse(); } } }
protected boolean isUserAdminOfGroup(String groupName) { if (!securityService.isUserAdminOfGroup(currentUser, groupName)) { result.forbidden(forbiddenToEditGroup(groupName), forbidden()); return false; } return true; }
public void checkPermission(CruiseConfig cruiseConfig, LocalizedOperationResult result) { String groupName = cruiseConfig.getGroups().findGroupNameByPipeline(new CaseInsensitiveString(pipeline)); if (!securityService.isUserAdminOfGroup(username.getUsername(), groupName)) { result.forbidden(LocalizedMessage.forbiddenToEdit(), null); } }
public void checkPipelineGroupAdminUserAnd403(Request request, Response response) { if (!securityService.isSecurityEnabled() || securityService.isUserAdmin(currentUsername())) { return; } String groupName = findPipelineGroupName(request); if (!securityService.isUserAdminOfGroup(currentUsername(), groupName)) { throw renderForbiddenResponse(); } }
private boolean userHasPermissions(Username username, String groupName, HttpLocalizedOperationResult result) { try { if (!securityService.isUserAdminOfGroup(username.getUsername(), groupName)) { result.forbidden(forbiddenToEditGroup(groupName), forbiddenForGroup(groupName)); return false; } } catch (Exception e) { result.notFound(LocalizedMessage.resourceNotFound("Pipeline group", groupName), HealthStateType.general(HealthStateScope.forGroup(groupName))); return false; } return true; }
public boolean hasOperatePermissionForGroup(final CaseInsensitiveString username, String groupName) { CruiseConfig cruiseConfig = goConfigService.getCurrentConfig(); if (!cruiseConfig.isSecurityEnabled()) { return true; } if (isUserAdmin(new Username(username))) { return true; } PipelineConfigs group = cruiseConfig.getGroups().findGroup(groupName); return isUserAdminOfGroup(username, group) || group.hasOperatePermission(username, new UserRoleMatcherImpl(cruiseConfig.server().security())); }
public boolean hasViewPermissionForGroup(String userName, String pipelineGroupName) { CruiseConfig cruiseConfig = goConfigService.getCurrentConfig(); if (!cruiseConfig.isSecurityEnabled()) { return true; } CaseInsensitiveString username = new CaseInsensitiveString(userName); if (isUserAdmin(new Username(username))) { return true; } PipelineConfigs group = cruiseConfig.getGroups().findGroup(pipelineGroupName); return isUserAdminOfGroup(username, group) || group.hasViewPermission(username, new UserRoleMatcherImpl(cruiseConfig.server().security())); }
public boolean hasOperatePermissionForStage(String pipelineName, String stageName, String username) { if (!goConfigService.isSecurityEnabled()) { return true; } if (!goConfigService.hasStageConfigNamed(pipelineName, stageName)) { return false; } StageConfig stage = goConfigService.stageConfigNamed(pipelineName, stageName); CaseInsensitiveString userName = new CaseInsensitiveString(username); //TODO - #2517 - stage not exist if (stage.hasOperatePermissionDefined()) { CruiseConfig cruiseConfig = goConfigService.getCurrentConfig(); String groupName = goConfigService.findGroupNameByPipeline(new CaseInsensitiveString(pipelineName)); PipelineConfigs group = goConfigService.getCurrentConfig().findGroup(groupName); if (isUserAdmin(new Username(userName)) || isUserAdminOfGroup(userName, group)) { return true; } return goConfigService.readAclBy(pipelineName, stageName).isGranted(userName); } return hasOperatePermissionForPipeline(new CaseInsensitiveString(username), pipelineName); }