protected void checkPermission(String nxuser) { if (!hasPermission(nxuser)) { throw new WebSecurityException("You do not have permissions to perform this operation."); } }
@Override public Resource initialize(WebContext ctx, ResourceType type, Object... args) { this.ctx = ctx; this.type = (T) type; path = ctx.getUriInfo().getMatchedURIs().get(0); // quote path component to replace special characters (except slash and // @ chars) path = URIUtils.quoteURIPathComponent(path, false, false); // avoid paths ending in / -> this will mess-up URLs in FTL files. if (path.endsWith("/")) { path = path.substring(0, path.length() - 1); } // resteasy doesn't return correct paths - that should be relative as // is JAX-RS specs on resteasy paths begin with a / StringBuilder buf = new StringBuilder(64).append(ctx.getBasePath()); if (!path.startsWith("/")) { buf.append('/'); } path = buf.append(path).toString(); if (!this.type.getGuard().check(this)) { throw new WebSecurityException( "Failed to initialize object: " + path + ". Object is not accessible in the current context"); } initialize(args); return this; }
protected void checkNotAnonymousUser() { NuxeoPrincipal principal = getContext().getCoreSession().getPrincipal(); if (principal.isAnonymous()) { throw new WebSecurityException("You do not have permissions to perform this operation."); } }
protected void checkCancelGuards(DocumentRoute route) { NuxeoPrincipal currentUser = getContext().getCoreSession().getPrincipal(); if (currentUser.isAdministrator() || currentUser.isMemberOf("powerusers")) { return; } if (currentUser.getName().equals(route.getInitiator())) { return; } throw new WebSecurityException("You don't have the permission to cancel this workflow"); }
protected void checkCurrentUserCanCreateArtifact(T artifact) { NuxeoPrincipal currentUser = getContext().getCoreSession().getPrincipal(); if (!currentUser.isAdministrator()) { if (!currentUser.isMemberOf("powerusers") || !isAPowerUserEditableArtifact(artifact)) { throw new WebSecurityException("Cannot create artifact"); } } }
void checkEditGuards() { NuxeoPrincipal currentUser = getContext().getCoreSession().getPrincipal(); if (!(currentUser.isAdministrator() || currentUser.isMemberOf("powerusers"))) { throw new WebSecurityException("Not allowed to edit directory"); } UserManager um = Framework.getService(UserManager.class); if (directory.getName().equals(um.getUserDirectoryName()) || directory.getName().equals(um.getGroupDirectoryName())) { throw new NuxeoException("Not allowed to edit user/group directories, please use user/group endpoints", SC_BAD_REQUEST); } }
protected void checkUpdateGuardPreconditions() { NuxeoPrincipal principal = getContext().getCoreSession().getPrincipal(); if (!principal.isAdministrator()) { if ((!principal.isMemberOf("powerusers")) || !isAPowerUserEditableArtifact()) { throw new WebSecurityException("User is not allowed to edit users"); } } }
private void checkPrincipalCanAdministerGroupAndUser(UserManager um) { NuxeoPrincipal currentPrincipal = getContext().getCoreSession().getPrincipal(); if (!currentPrincipal.isAdministrator()) { if (!currentPrincipal.isMemberOf("powerusers") || !UserRootObject.isAPowerUserEditableUser(principal) || !GroupRootObject.isAPowerUserEditableGroup(group)) { throw new WebSecurityException("Cannot edit user"); } } }