/** * {@inheritDoc} */ public boolean isUserAdmin(String userId) { return securityService.isSuperUser(userId); }
/** * {@inheritDoc} */ @Override public boolean isSuperUser() { return this.securityService.isSuperUser(); }
/** * {@inheritDoc} */ public boolean isSuperUser() { return securityService.isSuperUser(); }
public boolean isCurrentUserAdmin() { return securityService.isSuperUser(); }
private boolean isSuperUser() { return M_secs.isSuperUser(); }
public static boolean isSuperUser() { org.sakaiproject.authz.api.SecurityService service = getInstance(); if (service == null) return false; return service.isSuperUser(); }
public static boolean isSuperUser(java.lang.String param0) { org.sakaiproject.authz.api.SecurityService service = getInstance(); if (service == null) return false; return service.isSuperUser(param0); }
public static boolean isSuperUser(java.lang.String param0) { org.sakaiproject.authz.api.SecurityService service = getInstance(); if (service == null) return false; return service.isSuperUser(param0); }
public void before(Method method, Object[] oa, Object obj) throws Throwable { if(log.isDebugEnabled()) log.debug("Checking authorization for CM Administration actions"); // We can't check the standard site- or group- or resource-based authorization for modifying CM data, // since CM isn't scoped by sakai references. So we allow only the super user. if(!securityService.isSuperUser()) { if(log.isDebugEnabled()) log.debug("Denying access to CM Administration on method " + method); throw new PermissionException("Only Sakai super-users (admins) can modify CM data"); } if(log.isDebugEnabled()) log.debug("This user is permitted to use the CM Admin service"); } }
public static boolean isSuperUser() { org.sakaiproject.authz.api.SecurityService service = getInstance(); if (service == null) return false; return service.isSuperUser(); }
public boolean isUserAdmin(String userReference) { boolean admin = false; String userId = getUserIdFromRef(userReference); if (userId != null) { admin = securityService.isSuperUser(userId); } return admin; }
/** * {@inheritDoc} */ @Override public boolean isUserAllowedInSite(final String userId, final String permission, final String siteId) { if (this.securityService.isSuperUser()) { return true; } String siteRef = siteId; if (siteId != null && !siteId.startsWith(SiteService.REFERENCE_ROOT)) { siteRef = SiteService.REFERENCE_ROOT + Entity.SEPARATOR + siteId; } if (this.securityService.unlock(userId, permission, siteRef)) { return true; } return false; }
@Override public void resetCachers() { if (!getSecurityService().isSuperUser()) { throw new SecurityException("Only super admin can reset cachers, current user not super admin"); } if (this.cacheManager != null) { this.cacheManager.clearAll(); } }
/** * Check if the current user has permission to set this alias. * * @param alias * The alias. * @param target * The resource reference string alias target. * @return true if the current user has permission to set this alias, false if not. */ public boolean allowSetAlias(String alias, String target) { if (!securityService().isSuperUser() && prohibited_aliases.contains(alias.toLowerCase())) return false; return unlockTargetCheck(target); } // allowSetAlias
@Override public void evictExpiredMembers() { if (!getSecurityService().isSuperUser()) { throw new SecurityException("Only super admin can evict caches, current user not super admin"); } if (this.cacheManager != null) { String[] allCacheNames = cacheManager.getCacheNames(); for (String cacheName : allCacheNames) { Ehcache cache = cacheManager.getCache(cacheName); cache.evictExpiredElements(); } } }
@Override public void resetCachers() { if (!getSecurityService().isSuperUser()) { throw new SecurityException("Only super admin can reset cachers, current user not super admin"); } if (this.hcInstance != null) { Collection<DistributedObject> distributedObjects = hcInstance.getDistributedObjects(); for (DistributedObject distributedObject : distributedObjects) { if (distributedObject instanceof IMap) { ((IMap)distributedObject).clear(); } } } }
/** * {@inheritDoc} */ public boolean setLogLevel(String level, String loggerName) throws LogPermissionException { // check that this is a "super" user with the security service if (!securityService().isSuperUser()) { throw new LogPermissionException(); } return doSetLogLevel(level, loggerName); }
public boolean isUserAllowedInEntityReference(String userReference, String permission, String reference) { if (permission == null) { throw new IllegalArgumentException("permission must both be set"); } boolean allowed = false; if (userReference != null) { String userId = getUserIdFromRef(userReference); if (userId != null) { if (reference == null) { // special check for the admin user if ( securityService.isSuperUser(userId) ) { allowed = true; } } else { if ( securityService.unlock(userId, permission, reference) ) { allowed = true; } } } } else { // special anonymous user case - http://jira.sakaiproject.org/jira/browse/SAK-14840 allowed = securityService.unlock(permission, reference); } return allowed; }
/** * who can see the draft assignment * @param assignment * @param context * @return */ private boolean isDraftAssignmentVisible(Assignment assignment, String context) { return securityService.isSuperUser() // super user can always see it || assignment.getCreator().equals(UserDirectoryService.getCurrentUser().getId()) // the creator can see it || (unlockCheck(SECURE_SHARE_DRAFTS, SiteService.siteReference(context))); // any role user with share draft permission }
/** * Does this object satisfy the criteria of the filter? * * @return true if the object is accepted by the filter, false if not. */ public boolean accept(Object o) { // first if o is a announcement message that's a draft from another user, reject it if (o instanceof AnnouncementMessage) { AnnouncementMessage msg = (AnnouncementMessage) o; if ((msg.getAnnouncementHeader()).getDraft() && (!m_securityService.isSuperUser()) && (!msg.getHeader().getFrom().getId().equals(m_sessionManager.getCurrentSessionUserId())) && (!unlockCheck(SECURE_READ_DRAFT, msg.getReference()))) { return false; } } // now, use the real filter, if present if (m_filter != null) return m_filter.accept(o); return true; } // accept