protected WorkspaceAccessLimits intersection(WorkspaceAccessLimits a, WorkspaceAccessLimits b) { CatalogMode mode = intersection(a.getMode(), b.getMode()); return new WorkspaceAccessLimits( mode, a.isReadable() && b.isReadable(), a.isWritable() && b.isWritable(), a.isAdminable() && b.isAdminable()); }
WorkspaceAccessLimits wl = (WorkspaceAccessLimits) limits; if (wl != null) { if (wl.isAdminable()) { canRead = canWrite = true; } else { if (wl == null || !wl.isAdminable()) { canRead = canWrite = false; if (wl != null && !wl.isAdminable()) { canRead = false; WorkspaceAccessLimits wl = accessManager.getAccessLimits(user, ws); if (wl != null) { if (!wl.isAdminable()) { canRead = false;
/** Check if the current user has any admin privilege on at least one workspace. */ boolean isWorkspaceAdmin(Authentication authentication) { Catalog catalog = getSecurityManager().getCatalog(); // the secure catalog builds and owns the ResourceAccessManager SecureCatalogImpl secureCatalog = GeoServerApplication.get().getBeanOfType(SecureCatalogImpl.class); ResourceAccessManager manager = secureCatalog.getResourceAccessManager(); if (manager != null) { for (WorkspaceInfo workspace : catalog.getWorkspaces()) { WorkspaceAccessLimits accessLimits = manager.getAccessLimits(authentication, workspace); if (accessLimits != null && accessLimits.isAdminable()) { return true; } } } return false; } }
private boolean canAccess( ResourceAccessManager manager, Authentication user, WorkspaceInfo catalogInfo, AccessMode mode) { WorkspaceAccessLimits limits = manager.getAccessLimits(user, catalogInfo); if (limits == null) { return true; } else if (mode == AccessMode.READ) { return limits.isReadable(); } else if (mode == AccessMode.WRITE) { return limits.isWritable(); } else if (mode == AccessMode.ADMIN) { return limits.isAdminable(); } else { throw new RuntimeException("Unknown access mode " + mode); } } }