@Override public Object callback(GrouperSession grouperSession) throws GrouperSessionException { return ancestorStem.canHavePrivilege(loggedInSubject, NamingPrivilege.STEM_ADMIN.getName(), false); } });
@Override public Object callback(GrouperSession grouperSession) throws GrouperSessionException { return StemContainer.this.getGuiStem().getStem().canHavePrivilege(loggedInSubject, NamingPrivilege.CREATE.getName(), false); } });
@Override public Object callback(GrouperSession grouperSession) throws GrouperSessionException { return StemContainer.this.getGuiStem().getStem().canHavePrivilege(loggedInSubject, NamingPrivilege.CREATE.getName(), false); } });
@Override public Object callback(GrouperSession grouperSession) throws GrouperSessionException { return StemContainer.this.getGuiStem().getStem().canHavePrivilege(loggedInSubject, NamingPrivilege.STEM_ADMIN.getName(), false); } });
@Override public Object callback(GrouperSession grouperSession) throws GrouperSessionException { return StemContainer.this.getGuiStem().getStem().canHavePrivilege(loggedInSubject, NamingPrivilege.STEM_ATTR_UPDATE.getName(), false); } });
@Override public Object callback(GrouperSession grouperSession) throws GrouperSessionException { return StemContainer.this.getGuiStem().getStem().canHavePrivilege(loggedInSubject, NamingPrivilege.STEM_ATTR_READ.getName(), false); } });
/** * if an owner has a privilege by the authenticated user * @param owner * @param privilegeOrListName * @return true if has privilege, false if not */ public static boolean canHavePrivilege(GrouperObject owner, String privilegeOrListName) { Subject subject = GrouperSession.staticGrouperSession().getSubject(); //dont check security, this is on behalf of the UI, assume its allowed to check if (owner instanceof Group) { return ((Group)owner).canHavePrivilege(subject, privilegeOrListName, false); } if (owner instanceof Stem) { return ((Stem)owner).canHavePrivilege(subject, privilegeOrListName, false); } if (owner instanceof AttributeDef) { return ((AttributeDef)owner).getPrivilegeDelegate().canHavePrivilege(subject, privilegeOrListName, false); } if (owner instanceof AttributeDefName) { return ((AttributeDefName)owner).getAttributeDef().getPrivilegeDelegate().canHavePrivilege(subject, privilegeOrListName, false); } throw new RuntimeException("Cant find owner for '" + (owner == null ? null : owner.getClass()) + "'"); }
if (parentStem != null && parentStem.canHavePrivilege(loggedInSubject, NamingPrivilege.STEM_ADMIN.getName(), false)) { parentStems.add(parentStem);
if (parentStem == null || !parentStem.canHavePrivilege(loggedInSubject, NamingPrivilege.STEM_ADMIN.getName(), false)) { guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.success, TextContainer.retrieveFromRequest().getText().get("groupNotAllowedToAdminAnotherStem")));
if (parentStem != null && parentStem.canHavePrivilege(loggedInSubject, NamingPrivilege.STEM_ADMIN.getName(), false)) { parentStems.add(parentStem);
if (parentStem == null || !parentStem.canHavePrivilege(loggedInSubject, NamingPrivilege.STEM_ADMIN.getName(), false)) { guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.success, TextContainer.retrieveFromRequest().getText().get("groupNotAllowedToAdminAnotherStem")));