/** * classes which cannot be created by regular users. * * @see <a * href="https://trac.openmicroscopy.org/ome/ticket/156">ticket156</a> */ public boolean isSystemType(Class<? extends IObject> klass) { return sysTypes.isSystemType(klass); }
public void throwUpdateViolation(IObject iObject) throws SecurityViolation { Assert.notNull(iObject); boolean sysType = sysTypes.isSystemType(iObject.getClass()); if (!sysType && currentUser.isGraphCritical(iObject.getDetails())) { // ticket:1769 throw new GroupSecurityViolation(iObject +"-modification violates " + "group-security."); } throw new SecurityViolation("Updating " + iObject + " not allowed."); }
/** * */ public boolean allowLoad(Session session, Class<? extends IObject> klass, Details d, long id) { Assert.notNull(klass); // Assert.notNull(d); if (d == null || sysTypes.isSystemType(klass) || sysTypes.isInSystemGroup(d)) { return true; } long sessionID = cd.getCurrentEventContext().getCurrentShareId(); ShareData data = store.get(sessionID); if (data.enabled) { return store.contains(sessionID, klass, id); } return false; }
public void throwCreationViolation(IObject iObject) throws SecurityViolation { Assert.notNull(iObject); boolean sysType = sysTypes.isSystemType(iObject.getClass()); if (sysType) { throw new SecurityViolation(iObject + " is a System-type, and may be created only through privileged APIs."); } else if (iObject instanceof OriginalFile && ((OriginalFile) iObject).getRepo() != null) { /* Cannot yet set OriginalFile.repo except via secret key stored in database. */ throw new SecurityViolation("cannot set repo property of " + iObject + " via ORM"); } else if (currentUser.isGraphCritical(iObject.getDetails())) { // ticket:1769 throw new GroupSecurityViolation(iObject + "-insertion violates " + "group-security."); } else { throw new SecurityViolation("not permitted to create " + iObject); } }
@SuppressWarnings({ "unchecked", "rawtypes" }) public Object[] getChecks(IObject obj, String permissions) { ExperimenterGroup trusted = load(obj); if (!voter.allowChmod(trusted)) { throw new SecurityViolation("chmod not permitted"); } PermDrop drop = new PermDrop(trusted, permissions); if (!drop.found()) { return new Object[0]; // none needed. } List<Object> checks = new ArrayList<Object>(); Collection<String> classeNames = em.getClasses(); for (String className : classeNames) { Class k = em.getHibernateClass(className); if (voter.sysTypes.isSystemType(k)) { continue; // Skip experimenters, etc. } String[][] lockChecks = em.getLockChecks(k); checks.add(new Check(trusted.getId(), permissions, k, lockChecks, drop)); } return checks.toArray(new Object[checks.size()]); }
if (sysTypes.isSystemType(iObject.getClass())) { if (iObject instanceof Experimenter) { return privileges.contains(adminPrivileges.getPrivilege(AdminPrivilege.VALUE_MODIFY_USER));
boolean sysType = sysTypes.isSystemType(cls);
final boolean isSysType = sysTypes.isSystemType(object.getClass()); final Set<AdminPrivilege> privileges = ec.getCurrentAdminPrivileges();
final boolean sysType = sysTypes.isSystemType(iobj.getClass());
if (d == null || sysTypes.isSystemType(klass)) {
final boolean sysType = sysTypes.isSystemType(obj.getClass()); final Set<AdminPrivilege> privileges = bec.getCurrentAdminPrivileges(); } else if (!sysTypes.isSystemType(obj.getClass())) { if (isInUsrGrp) {
final boolean sysType = sysTypes.isSystemType(iObject.getClass()); final boolean sysTypeOrUsrGroup = sysType || sysTypes.isInUserGroup(d);
if (sysTypes.isSystemType(changedObject.getClass()) || sysTypes.isInSystemGroup(changedObject.getDetails())) { return rv; if (sysTypes.isSystemType(linkedObject.getClass()) || sysTypes.isInSystemGroup(linkedObject.getDetails()) || sysTypes.isInUserGroup(linkedObject.getDetails())) {