/** * Check if the current user has access to the capture agent with the given id. * @param agentId * The agent id to check. * @throws UnauthorizedException * If the user doesn't have access. */ public static void checkAgentAccess(final SecurityService securityService, final String agentId) throws UnauthorizedException { if (isBlank(agentId)) { return; } final User user = securityService.getUser(); if (user.hasRole(SecurityConstants.GLOBAL_ADMIN_ROLE) || user.hasRole(user.getOrganization().getAdminRole())) { return; } if (!user.hasRole(SecurityUtil.getCaptureAgentRole(agentId))) { throw new UnauthorizedException(user, "schedule"); } }
if (!originalUser.hasRole(GLOBAL_ADMIN_ROLE)) { logger.warn("An unauthorized request is trying to switch from organization '{}' to '{}'", originalOrganization.getId(), organizationHeader); if (!originalUser.hasRole(GLOBAL_SUDO_ROLE)) { logger.warn("An unauthorized request is trying to switch from user '{}' to '{}'", originalUser.getUsername(), userHeader); if (!originalUser.hasRole(GLOBAL_ADMIN_ROLE)) { if (requestedUser.hasRole(systemRole)) { logger.warn("An unauthorized request is trying to switch to an admin user, from '{}' to '{}'", originalUser.getUsername(), userHeader); if (!originalUser.hasRole(organizationAdminRole) && requestedUser.hasRole(organizationAdminRole)) { logger.warn("An unauthorized request is trying to switch to an admin user, from '{}' to '{}'", originalUser.getUsername(), userHeader); if (!originalUser.hasRole(GLOBAL_SUDO_ROLE)) { logger.warn("An unauthorized request is trying to switch roles from '{}' to '{}'", requestedUser.getRoles(), rolesHeader); if (!originalUser.hasRole(GLOBAL_ADMIN_ROLE)) { if (!originalUser.hasRole(organizationAdminRole) && requestedRoles.contains(organizationAdminRole)) { logger.warn("An unauthorized request by user '{}' is trying to gain admin role '{}'", originalUser.getUsername(), organizationAdminRole);