/** * Gets the name of the currently logged-in principal. * * @return the principal name, or {@code null} if there was no login * @since 8.4 */ protected static String getCurrentPrincipalName() { NuxeoPrincipal p = ClientLoginModule.getCurrentPrincipal(); return p == null ? null : p.getName(); }
@Override public boolean hasCreateFromKeyPermission() { NuxeoPrincipal principal = ClientLoginModule.getCurrentPrincipal(); if (principal == null) { return false; } String createFromKeyUsers = properties.getOrDefault(CREATE_FROM_KEY_USERS, EMPTY); String createFromKeyGroups = properties.getOrDefault(CREATE_FROM_KEY_GROUPS, EMPTY); if ("*".equals(createFromKeyUsers) || "*".equals(createFromKeyGroups)) { return true; } List<String> authorizedUsers = Arrays.asList(createFromKeyUsers.split(",")); List<String> authorizedGroups = Arrays.asList(createFromKeyGroups.split(",")); return principal.isAdministrator() || authorizedUsers.contains(principal.getName()) || authorizedGroups.stream().anyMatch(principal::isMemberOf); }
/** * Constructs a {@link UnrestrictedSessionRunner} given an existing session (which may or may not be already * unrestricted). * <p> * Originating user is taken on given session. * * @param session the available session */ protected UnrestrictedSessionRunner(CoreSession session) { this.session = session; sessionIsAlreadyUnrestricted = checkUnrestricted(session); if (sessionIsAlreadyUnrestricted) { repositoryName = null; } else { repositoryName = session.getRepositoryName(); } NuxeoPrincipal pal = session.getPrincipal(); if (pal != null) { originatingUsername = pal.getName(); } }
protected boolean isValidator(DocumentModel document, NuxeoPrincipal principal) { String[] validators = getValidatorsFor(document); for (String s : validators) { if (principal.getName().equals(s) || principal.isMemberOf(s)) { return true; } } return false; }
@POST public Response doAddUserToGroup() { UserManager um = Framework.getService(UserManager.class); checkPrincipalCanAdministerGroupAndUser(um); addUserToGroup(principal, group); return Response.status(Status.CREATED).entity(um.getPrincipal(principal.getName())).build(); }
private void checkPrincipalDoesNotAlreadyExists(NuxeoPrincipal principal, UserManager um) { NuxeoPrincipal user = um.getPrincipal(principal.getName()); if (user != null) { throw new NuxeoException("User already exists", SC_CONFLICT); } }
protected boolean isAdministrator() { NuxeoPrincipal principal = getPrincipal(); // FIXME: this is inconsistent with NuxeoPrincipal#isAdministrator // method because it allows hardcoded Administrator user if (Framework.isTestModeSet()) { if (SecurityConstants.ADMINISTRATOR.equals(principal.getName())) { return true; } } return principal.isAdministrator(); }
public void updateMetadata(Annotation annotation, NuxeoPrincipal user) { Calendar calendar = Calendar.getInstance(); calendar.toString(); annotation.addMetadata(AnnotationsConstants.D_DATE, getStringUTCDate()); annotation.addMetadata(AnnotationsConstants.D_CREATOR, user.getName()); }
@Override public boolean isLockedByCurrentUser(CoreSession session) { Lock lockInfo = session.getLockInfo(doc.getRef()); if (lockInfo == null) { return false; } String lockOwner = lockInfo.getOwner(); NuxeoPrincipal userName = session.getPrincipal(); return userName.getName().equals(lockOwner); }
@Override public boolean canEndTask(NuxeoPrincipal principal, Task task) { if (task != null && (!task.isCancelled() && !task.hasEnded())) { return principal.isAdministrator() || principal.getName().equals(task.getInitiator()) || isTaskAssignedToUser(task, principal, true); } return false; }
@Override public String addComment() { DocumentModel myComment = documentManager.createDocumentModel(CommentsConstants.COMMENT_DOC_TYPE); myComment.setPropertyValue(CommentsConstants.COMMENT_AUTHOR, principal.getName()); myComment.setPropertyValue(CommentsConstants.COMMENT_TEXT, newContent); myComment.setPropertyValue(CommentsConstants.COMMENT_CREATION_DATE, Calendar.getInstance()); myComment = addComment(myComment); // do not navigate to newly-created comment, they are hidden documents return null; }
protected final void checkPermission(Document doc, String permission) throws DocumentSecurityException { if (isAdministrator()) { return; } if (!hasPermission(doc, permission)) { log.debug("Permission '" + permission + "' is not granted to '" + getPrincipal().getName() + "' on document " + doc.getPath() + " (" + doc.getUUID() + " - " + doc.getType().getName() + ")"); throw new DocumentSecurityException( "Privilege '" + permission + "' is not granted to '" + getPrincipal().getName() + "'"); } }
@Override public String createComment(DocumentModel docToComment) { DocumentModel myComment = documentManager.createDocumentModel(CommentsConstants.COMMENT_DOC_TYPE); myComment.setProperty("comment", "author", principal.getName()); myComment.setProperty("comment", "text", newContent); myComment.setProperty("comment", "creationDate", Calendar.getInstance()); myComment = addComment(myComment, docToComment); // do not navigate to newly-created comment, they are hidden documents return null; }
@Override public void subscribe(CoreSession coreSession, DocumentModel currentDocument) { if (getStatus(coreSession, currentDocument) == SubscriptionStatus.can_subscribe) { final NotificationService notificationService = NotificationServiceHelper.getNotificationService(); final NuxeoPrincipal principal = (NuxeoPrincipal) coreSession.getPrincipal(); notificationService.addSubscriptions(NuxeoPrincipal.PREFIX + principal.getName(), currentDocument, false, principal); } else { throw new NuxeoException("User can not subscribe to this document"); } }
@Override public void unsubscribe(CoreSession coreSession, DocumentModel currentDocument) throws ClassNotFoundException { if (getStatus(coreSession, currentDocument) == SubscriptionStatus.can_unsubscribe) { final NotificationService notificationService = NotificationServiceHelper.getNotificationService(); final NuxeoPrincipal principal = (NuxeoPrincipal) coreSession.getPrincipal(); final List<String> listNotifs = notificationService.getSubscriptionsForUserOnDocument(NuxeoPrincipal.PREFIX + coreSession.getPrincipal().getName(), currentDocument); notificationService.removeSubscriptions(NuxeoPrincipal.PREFIX + principal.getName(), listNotifs, currentDocument); } else { throw new NuxeoException("User can not unsubscribe to this document"); } }
@Override public DocumentModel getParentDocument(DocumentRef docRef) { Document doc = resolveReference(docRef); Document parentDoc = doc.getParent(); if (parentDoc == null) { return null; } if (!hasPermission(parentDoc, READ)) { throw new DocumentSecurityException("Privilege READ is not granted to " + getPrincipal().getName()); } return readModel(parentDoc); }
protected void blockPermissionInheritance(DocumentModel doc) { ACP acp = doc.getACP() != null ? doc.getACP() : new ACPImpl(); String username = session.getPrincipal().getName(); boolean permissionChanged = acp.blockInheritance(aclName, username); if (permissionChanged) { doc.setACP(acp, true); } } }
protected void checkStatus(BulkStatus status) { if (status.getState() == State.UNKNOWN || !getContext().getPrincipal().isAdministrator() && !getContext().getPrincipal().getName().equals(status.getUsername())) { throw new WebResourceNotFoundException("Bulk command with id=" + status.getId() + " doesn't exist"); } } }
@OperationMethod public DocumentModelList run(DocumentModelList docs) { if (OperationHelper.isSeamContextAvailable()) { OperationHelper.getDocumentListManager().addToWorkingList(DEFAULT_WORKING_LIST, docs); } else { DocumentsListsPersistenceManager pm = new DocumentsListsPersistenceManager(); for (DocumentModel doc : docs) { pm.addDocumentToPersistentList(ctx.getPrincipal().getName(), DEFAULT_WORKING_LIST, doc); } } return docs; }
protected void trashDescendants(DocumentModel model, Boolean value) { CoreSession session = model.getCoreSession(); BulkService service = Framework.getService(BulkService.class); String nxql = String.format("SELECT * from Document where ecm:ancestorId='%s'", model.getId()); service.submit(new BulkCommand.Builder(ACTION_NAME, nxql).repository(session.getRepositoryName()) .user(session.getPrincipal().getName()) .param(PARAM_NAME, value) .build()); }