/** * Determine the light administrator privileges associated with a session. * If the session originates via <q>sudo</q>, takes that into account. * Does <em>not</em> take account of if the relevant user is a member of <tt>system</tt>: * calculates assuming that the user is an administrator. * Assumes that <tt>root</tt> has all light administrator privileges. * @param session an OMERO session * @return the light administrator privileges associated with the session */ private ImmutableSet<AdminPrivilege> getPrivileges(Session session) { final Set<AdminPrivilege> privileges = new HashSet<>(getAllPrivileges()); removeUserPrivileges(session.getSudoer(), privileges); removeUserPrivileges(session.getOwner(), privileges); return ImmutableSet.copyOf(privileges); }
@Transactional(readOnly = true) public Object doWork(Session session, ServiceFactory sf) { final Long sessionId = sessionProvider.findSessionIdByUuid(userId, sf); final ome.model.meta.Session s = sessionId == null ? null : sessionProvider.findSessionById(sessionId, sf); IQuery q = sf.getQueryService(); Experimenter e = null; if (s != null) { e = s.getOwner(); if (!e.isLoaded()) { e = q.get(Experimenter.class, e.getId()); } data.add(String.format("user=%s", e.getOmeName())); } else { e = q.findByString(Experimenter.class, "omeName", userId); if (e != null) { data.add(String.format("id=%s", e.getId())); } } if (s != null) { data.add(String.format("created=%s", s.getStarted())); data.add(String.format("closed=%s", s.getClosed())); } return null; } });
return getUuid(); } else if (field.equals(OWNER)) { return getOwner(); } else if (field.equals(SUDOER)) { return getSudoer();
final String membershipQuery = "SELECT id FROM GroupExperimenterMap WHERE parent.id = :group AND child.id = :user"; boolean hasAdminPrivileges = CollectionUtils.isNotEmpty(executeProjection(membershipQuery, new Parameters().addLong("group", roles.getSystemGroupId()).addLong("user", session.getOwner().getId()))); if (session.getSudoer() != null) { hasAdminPrivileges = hasAdminPrivileges && CollectionUtils.isNotEmpty(executeProjection(membershipQuery, sessionQuery.append("SELECT id, uuid FROM Session WHERE closed IS NULL"); sessionQuery.append(" AND owner.id = :owner"); params.addLong("owner", session.getOwner().getId()); if (!privileges.contains(adminPrivileges.getPrivilege(AdminPrivilege.VALUE_READ_SESSION))) {
/** * Returns the Id of the currently logged in user. * Returns owner of the share while in share * @return See above. */ public Long getEffectiveUID() { final EventContext ec = getEventContext(); final Long shareId = ec.getCurrentShareId(); if (shareId != null) { if (shareId < 0) { return null; } ome.model.meta.Session s = sf.getQueryService().get( ome.model.meta.Session.class, shareId); return s.getOwner().getId(); } return ec.getCurrentUserId(); }
EventContext ec = current.getCurrentEventContext(); if (!ec.isCurrentUserAdmin()) { Long uid = session.getOwner().getId(); if (!ec.getCurrentUserId().equals(uid)) { return new Session(session.getId(), false);