@Override public String getCurrentSudoerName() { final Experimenter sudoer = session.getSudoer(); return sudoer == null ? null : sudoer.getOmeName(); }
public void setOwner(Experimenter owner) { this.owner = owner; this.cuId = owner.getId(); if (owner.isLoaded()) { this.cuName = owner.getOmeName(); } }
public void setSudoer(Experimenter sudoer) { this.sudoer = sudoer; if (sudoer == null) { this.csuId = null; this.csuName = null; } else { this.csuId = sudoer.getId(); if (sudoer.isLoaded()) { this.csuName = sudoer.getOmeName(); } } }
public String getCurrentUserName() { return session.getDetails().getOwner().getOmeName(); }
@RolesAllowed("user") public Set<String> getAllUsers(long shareId) throws ValidationException { ShareData data = getShareIfAccessible(shareId); List<Experimenter> members = loadMembers(data); Set<String> names = new HashSet<String>(); for (Experimenter e : members) { names.add(e.getOmeName()); } for (String string : data.guests) { if (names.contains(string)) { throw new ValidationException(string + " is both a guest name and a member name"); } else { names.add(string); } } return names; }
@RolesAllowed("user") @Transactional(readOnly = false) public long createExperimenter(final Experimenter experimenter, ExperimenterGroup defaultGroup, ExperimenterGroup... otherGroups) { adminOrPiOfNonUserGroups(defaultGroup, otherGroups); long uid = roleProvider.createExperimenter(experimenter, defaultGroup, otherGroups); // If this method passes, then the Experimenter is valid. changeUserPassword(experimenter.getOmeName(), " "); assertNoPrivilegeElevation(new Experimenter(uid, false), Collections.<AdminPrivilege>emptySet()); getBeanHelper().getLogger().info( "Created user with blank password: " + experimenter.getOmeName()); return uid; }
@RolesAllowed("user") @Transactional(readOnly = false) public long createExperimenterWithPassword(final Experimenter experimenter, final String password, final ExperimenterGroup defaultGroup, final ExperimenterGroup... otherGroups) { adminOrPiOfNonUserGroups(defaultGroup, otherGroups); long uid = roleProvider.createExperimenter(experimenter, defaultGroup, otherGroups); // If this method passes, then the Experimenter is valid. changeUserPassword(experimenter.getOmeName(), password); assertNoPrivilegeElevation(new Experimenter(uid, false), Collections.<AdminPrivilege>emptySet()); getBeanHelper().getLogger().info( "Created user with password: " + experimenter.getOmeName()); return uid; }
@RolesAllowed("system") @Transactional(readOnly = false) public void synchronizeLoginCache() { final Logger log = getBeanHelper().getLogger(); final List<Map<String, Object>> dnIds = ldapUtil.lookupLdapAuthExperimenters(); if (dnIds.size() > 0) { log.info("Synchronizing " + dnIds.size() + " ldap user(s)"); } for (Map<String, Object> dnId: dnIds) { String dn = (String) dnId.get("dn"); Long id = (Long) dnId.get("experimenter_id"); try { Experimenter e = userProxy(id); ldapUtil.synchronizeLdapUser(e.getOmeName()); } catch (ApiUsageException aue) { // User likely doesn't exist log.debug("User not found: " + dn); } catch (Exception e) { log.error("synchronizeLdapUser:" + dnId, e); } } context.publishEvent(new UserGroupUpdateEvent(this)); }
/** * Queries the LDAP server and returns the DN for the specified OMERO user * ID. The LDAP server is queried and the DN returned only for IDs that have * the <code>ldap</code> flag enabled. * * @param id * The user ID. * @return The DN as a String. Null if user isn't from LDAP. */ public String lookupLdapAuthExperimenter(Long id) { // First, check that the supplied user ID is an LDAP user String dn = null; Experimenter experimenter = iQuery.get(Experimenter.class, id); if (experimenter.getLdap()) { dn = findDN(experimenter.getOmeName()); } return dn; }
@Transactional(readOnly = true) public Object doWork(Session session, ServiceFactory sf) { final Long sessionId = sessionProvider.findSessionIdByUuid(userId, sf); final ome.model.meta.Session s = sessionId == null ? null : sessionProvider.findSessionById(sessionId, sf); IQuery q = sf.getQueryService(); Experimenter e = null; if (s != null) { e = s.getOwner(); if (!e.isLoaded()) { e = q.get(Experimenter.class, e.getId()); } data.add(String.format("user=%s", e.getOmeName())); } else { e = q.findByString(Experimenter.class, "omeName", userId); if (e != null) { data.add(String.format("id=%s", e.getId())); } } if (s != null) { data.add(String.format("created=%s", s.getStarted())); data.add(String.format("closed=%s", s.getClosed())); } return null; } });
@RolesAllowed("user") @Transactional(readOnly = false) public void updateExperimenterWithPassword(@NotNull final Experimenter experimenter, final String password) { adminOrPiOfUser(experimenter); copyAndSaveExperimenter(experimenter); final Experimenter orig = userProxy(experimenter.getId()); String name = orig.getOmeName(); changeUserPassword(name, password); getBeanHelper().getLogger().info( "Updated user info and password for " + name); }
@RolesAllowed("user") @Transactional(readOnly = false) public void deleteExperimenter(Experimenter user) { adminOrPiOfUser(user); final Experimenter e = userProxy(user.getId()); int count = sql.removePassword(e.getId()); if (count == 0) { getBeanHelper().getLogger().info( "No password found for user " + e.getOmeName() + ". Cannot delete."); } getSecuritySystem().runAsAdmin(new AdminAction() { public void runAsAdmin() { iUpdate.deleteObject(e); } }); getBeanHelper().getLogger().info("Deleted user: " + e.getOmeName()); }
@RolesAllowed("user") @Transactional(readOnly = false) public void addGroups(final Experimenter user, final ExperimenterGroup... groups) { if (groups == null || groups.length == 0) { throw new ValidationException("Nothing to do."); } assertManaged(user); for (ExperimenterGroup group : groups) { assertManaged(group); } final Set<AdminPrivilege> targetUserPrivilegesBefore = ImmutableSet.copyOf(getAdminPrivileges(user)); adminOrPiOfGroups(adminPrivileges.getPrivilege(AdminPrivilege.VALUE_MODIFY_GROUP_MEMBERSHIP), groups); roleProvider.addGroups(user, groups); assertNoPrivilegeElevation(user, targetUserPrivilegesBefore); getBeanHelper().getLogger().info( String.format("Added user %s to groups %s", userProxy( user.getId()).getOmeName(), Arrays.asList(groups))); }
@RolesAllowed("system") public List<Experimenter> discover() { List<Experimenter> discoveredExperimenters = Lists.newArrayList(); Roles r = getSecuritySystem().getSecurityRoles(); List<Experimenter> localExperimenters = iQuery.findAllByQuery( "select distinct e from Experimenter e " + "where id not in (:ids) and ldap = :ldap", new Parameters() .addIds(Lists.newArrayList(r.getRootId(), r.getGuestId())) .addBoolean("ldap", false)); for (Experimenter e : localExperimenters) { try { findExperimenter(e.getOmeName()); } catch (ApiUsageException aue) { // This user doesn't have an LDAP account continue; } discoveredExperimenters.add(e); } return discoveredExperimenters; }
@RolesAllowed("user") @Transactional(readOnly = false) public void updateExperimenter(@NotNull final Experimenter experimenter) { try { adminOrPiOfUser(experimenter); String name = experimenter.getOmeName(); copyAndSaveExperimenter(experimenter); getBeanHelper().getLogger().info("Updated user info for " + name); } catch (SecurityViolation sv) { final Long currentID = getEventContext().getCurrentUserId(); final Long experimenterID = experimenter.getId(); // If we're not an admin, allow for the possibility // of delegating to updateSelf. if (currentID.equals(experimenterID)) { updateSelf(experimenter); } else { // But throw if that's not the case. throw sv; } } }
@Transactional(readOnly = true) public Object doWork(org.hibernate.Session session, ServiceFactory sf) { /* user and group names may change while the session is open */ final LocalAdmin admin = (LocalAdmin) sf.getAdminService(); final Experimenter exp = admin.userProxy(ctx.getCurrentUserId()); final ExperimenterGroup grp = admin.groupProxy(ctx.getCurrentGroupId()); final Principal p = new Principal(exp.getOmeName(), grp.getName(), ctx.getCurrentEventType()); return executeSessionContextLookup(sf, p, exp, grp, ctx.getSession()); } });
/** * @param experimenter */ private void copyAndSaveExperimenter(final Experimenter experimenter) { final Experimenter orig = userProxy(experimenter.getId()); final String origOmeName = orig.getOmeName(); final String newOmeName = experimenter.getOmeName(); if (!origOmeName.equals(newOmeName)) { final Roles roles = getSecurityRoles(); final Set<String> fixedExperimenterNames = ImmutableSet.of(roles.getRootName(), roles.getGuestName()); if (fixedExperimenterNames.contains(origOmeName)) { throw new ValidationException("cannot change name of special experimenter '" + origOmeName + "'"); } else if (fixedExperimenterNames.contains(newOmeName)) { throw new ValidationException("cannot change name to special experimenter '" + newOmeName + "'"); } } orig.setOmeName(newOmeName); orig.setEmail(experimenter.getEmail()); orig.setFirstName(experimenter.getFirstName()); orig.setMiddleName(experimenter.getMiddleName()); orig.setLastName(experimenter.getLastName()); orig.setInstitution(experimenter.getInstitution()); reallySafeSave(orig); }
public long createExperimenter(Experimenter experimenter, ExperimenterGroup defaultGroup, ExperimenterGroup... otherGroups) { Session session = sf.getSession(); SecureAction action = new SecureMerge(session); Experimenter e = copyUser(experimenter); if (isIgnoreCaseLookup()) { e.setOmeName(e.getOmeName().toLowerCase()); } e.getDetails().copy(sec.newTransientDetails(e)); e = sec.doAction(action, e); session.flush(); linkGroupAndUser(defaultGroup, e, false); if (null != otherGroups) { for (ExperimenterGroup group : otherGroups) { linkGroupAndUser(group, e, false); } } return e.getId(); }
@RolesAllowed("user") @Transactional(readOnly = false) public void updateSelf(@NotNull Experimenter e) { EventContext ec = getSecuritySystem().getEventContext(); final Experimenter self = getExperimenter(ec.getCurrentUserId()); self.setFirstName(e.getFirstName()); self.setMiddleName(e.getMiddleName()); self.setLastName(e.getLastName()); self.setEmail(e.getEmail()); self.setInstitution(e.getInstitution()); getSecuritySystem().runAsAdmin(new AdminAction() { public void runAsAdmin() { iUpdate.flush(); } }); getBeanHelper().getLogger().info( "Updated own user info: " + self.getOmeName()); }
protected Experimenter copyUser(Experimenter e) { if (e.getOmeName() == null) { throw new ValidationException("OmeName may not be null."); } Experimenter copy = new Experimenter(); copy.setOmeName(e.getOmeName()); copy.setFirstName(e.getFirstName()); copy.setMiddleName(e.getMiddleName()); copy.setLastName(e.getLastName()); copy.setEmail(e.getEmail()); copy.setInstitution(e.getInstitution()); copy.setLdap(e.getLdap()); copy.setConfig(e.getConfig()); if (e.getDetails() != null && e.getDetails().getPermissions() != null) { copy.getDetails().setPermissions(e.getDetails().getPermissions()); } // TODO make ShallowCopy-like which ignores collections and details. // if possible, values should be validated. i.e. iTypes should say what // is non-null return copy; }