public EventContext getEventContext() { return choose().getEventContext(); }
public EventContext getEventContext(boolean refresh) { return choose().getEventContext(refresh); }
private ExtendedGraphCriticalCheck(long pixelsId) { super(applicationContext, queryService, securitySystem.getEventContext().getCurrentGroupId()); if (securitySystem.getEventContext().getCurrentShareId() == null) { actOnByGroup(Collections.singleton(pixelsId)); } else { /* in a share */ isCritical = true; } }
/** * Returns the Id of the currently logged in user. Opposed to ThumbnailBean, * here we do not support share contexts since this service requires a viable * write context which doesn't exist in shares. * * @return See above. */ private Long getCurrentUserId() { return getSecuritySystem().getEventContext().getCurrentUserId(); }
@RolesAllowed("user") public final EventContext getCurrentEventContext() { return new SimpleEventContext(sec.getEventContext()); }
/** * Implemented as specified by the {@link RenderingEngine} interface. * * @see RenderingEngine#getCurrentEventContext() */ @RolesAllowed("user") public EventContext getCurrentEventContext() { return new SimpleEventContext(secSys.getEventContext()); }
public EventContext getCurrentEventContext() { return new SimpleEventContext(getSecuritySystem().getEventContext()); }
public EventContext getEventContextQuiet() { return new SimpleEventContext(getSecuritySystem().getEventContext(false)); }
long getCurrentUserId() { return getSecuritySystem().getEventContext().getCurrentUserId(); }
@PermitAll public EventContext getEventContext() { return new SimpleEventContext(getSecuritySystem().getEventContext(true)); }
@RolesAllowed({"user", "HasPassword"}) @Transactional(readOnly = false) public void changePassword(String newPassword) { String user = getSecuritySystem().getEventContext().getCurrentUserName(); _changePassword(user, newPassword); }
/** * Loads share and checks it's owner and member data against the current * context (owner/member/admin). This method must be kept in sync with * {@link #applyIfShareAccessible(QueryBuilder)} which does the same check * at the database rather than binary data level. */ protected ShareData getShareIfAccessible(long shareId) { EventContext ec = getSecuritySystem().getEventContext(); boolean isAdmin = ec.isCurrentUserAdmin(); long userId = ec.getCurrentUserId(); return store.getShareIfAccessible(shareId, isAdmin, userId); }
@RolesAllowed({"user"}) @Transactional(readOnly = false) public void changePasswordWithOldPassword(String oldPassword, String newPassword) { String user = getSecuritySystem().getEventContext().getCurrentUserName(); if (!checkPassword(user, oldPassword, false)) { throw new SecurityViolation("Old password is invalid"); } _changePassword(user, newPassword); }
private void throwSecurityViolationIfNotAllowed(final IObject i) { final String type = i.getClass().getName(); final Details d = i.getDetails(); final long user = d.getOwner().getId(); final long group = d.getGroup().getId(); final EventContext ec = getSecuritySystem().getEventContext(); final boolean root = ec.isCurrentUserAdmin(); final List<Long> leaderof = ec.getLeaderOfGroupsList(); final boolean pi = leaderof.contains(group); final boolean own = ec.getCurrentUserId().equals(user); if (!own && !root && !pi) { if (log.isWarnEnabled()) { log.warn(String.format("User %d attempted to delete " + type + " %d belonging to User %d", ec.getCurrentUserId(), i .getId(), user)); } throw new SecurityViolation(String.format( "User %s cannot delete %s %d ", ec.getCurrentUserName(), type, i.getId())); } }
@RolesAllowed("user") @Transactional(readOnly = false) public void notifyMembersOfShare(long shareId, String subject, String message, boolean html) { EventContext ec = getSecuritySystem().getEventContext(); Set<Experimenter> exps = getAllMembers(shareId); exps.add(getShare(shareId).getOwner()); Map<Experimenter, String> errors = new HashMap<Experimenter, String>(); for (final Experimenter e : exps) { if (e.getId() != ec.getCurrentUserId() && e.getEmail() != null && mailUtil.validateEmail(e.getEmail())) { try { mailUtil.sendEmail(e.getEmail(), subject, message, html, null, null); } catch (MailException me) { errors.put(e, me.getMessage()); } } } if (!errors.isEmpty()) { log.error(ServiceHandler.getResultsString(errors, null)); } }
/** * Set the share id on the current session context. * * Previously this method was used throughout the code base in order to * "open up" a session. This however, has issues since it can lead to data * leakage (8037). Using the omero.group functionality (3529), this method * no longer needs to be public. * * @see <a href="https://trac.openmicroscopy.org/ome/ticket/2219">ticket:2219</a> * @see <a href="https://trac.openmicroscopy.org/ome/ticket/3529">ticket:3529</a> * @see <a href="https://trac.openmicroscopy.org/ome/ticket/8037">ticket:8037</a> */ private Long setShareId(Long shareId) { String sessId = getSecuritySystem().getEventContext().getCurrentSessionUuid(); SessionContext sc = (SessionContext) sessionManager .getEventContext(new Principal(sessId)); Long old = sc.getCurrentShareId(); sc.setShareId(shareId); return old; }
@RolesAllowed("user") @Transactional(readOnly = false) public void setDefaultGroup(Experimenter user, ExperimenterGroup group) { if (user == null) { return; } if (group == null) { return; } if (group.getId() == null) { throw new ApiUsageException("Group argument to setDefaultGroup " + "must be managed (i.e. have an id)"); } EventContext ec = getSecuritySystem().getEventContext(); if (!(isAdmin() && getCurrentAdminPrivilegesForSession().contains( adminPrivileges.getPrivilege(AdminPrivilege.VALUE_MODIFY_USER)) || ec.getCurrentUserId().equals(user.getId()))) { throw new SecurityViolation("User " + user.getId() + " can only set own default group."); } Roles roles = getSecuritySystem().getSecurityRoles(); if (Long.valueOf(roles.getUserGroupId()).equals(group.getId())) { throw new ApiUsageException("Cannot set default group to: " + roles.getUserGroupName()); } roleProvider.setDefaultGroup(user, group); getBeanHelper().getLogger().info( String.format("Changing default group for %s to %s", user, group)); }
/** * If the current user is not an admin, then this methods adds a subclause * to the HQL: * * AND ( share.owner.id = :userId or user.id = :userId ) * * {@link QueryBuilder#where()} should already have been called. */ protected void applyIfShareAccessible(QueryBuilder qb) { EventContext ec = getSecuritySystem().getEventContext(); if ( ! ec.isCurrentUserAdmin()) { qb.param("userId", ec.getCurrentUserId()); qb.and("("); qb.append("share.owner.id = :userId" ); qb.append(" OR "); qb.append("user.id = :userId" ); qb.append(" ) "); } }
@RolesAllowed("user") @Transactional(readOnly = false) public void updateSelf(@NotNull Experimenter e) { EventContext ec = getSecuritySystem().getEventContext(); final Experimenter self = getExperimenter(ec.getCurrentUserId()); self.setFirstName(e.getFirstName()); self.setMiddleName(e.getMiddleName()); self.setLastName(e.getLastName()); self.setEmail(e.getEmail()); self.setInstitution(e.getInstitution()); getSecuritySystem().runAsAdmin(new AdminAction() { public void runAsAdmin() { iUpdate.flush(); } }); getBeanHelper().getLogger().info( "Updated own user info: " + self.getOmeName()); }
@Override @RolesAllowed("user") public RenderingDef retrieveRndSettings(long pixId) { Long userId = sec.getEffectiveUID(); RenderingDef rd = retrieveRndSettingsFor(pixId, userId); if (rd == null) { final EventContext ec = this.sec.getEventContext(false); final Pixels pixelsObj = this.iQuery.get(Pixels.class, pixId); final boolean isGraphCritical = this.sec.isGraphCritical(pixelsObj.getDetails()); long pixOwner = pixelsObj.getDetails().getOwner().getId(); long currentUser = ec.getCurrentUserId(); if (currentUser != pixOwner) { rd = retrieveRndSettingsFor(pixId, pixOwner); } } return rd; }