/** * If one can promote a build, he can also attach a release label to a build. */ @Override public boolean canEdit(ProjectEntity entity, SecurityService securityService) { return securityService.isProjectFunctionGranted(entity, PromotionRunCreate.class); }
@Override public boolean isGlobalFunctionGranted(Class<? extends GlobalFunction> fn) { return securityService.isGlobalFunctionGranted(fn); }
@Override public List<ApplicationInfo> getApplicationInfoList() { return securityService.asAdmin(() -> jobScheduler.getJobStatuses().stream() .map(this::getApplicationInfo) .filter(Objects::nonNull) .collect(Collectors.toList()) ); }
protected BranchTemplateSyncResults syncTemplateDefinition(ID branchId, JobRunListener listener) { // Gets the branch Branch branch = structureService.getBranch(branchId); // Gets the rights on the project if (securityService.isProjectFunctionGranted(branch, BranchTemplateMgt.class) || securityService.isProjectFunctionGranted(branch, BranchTemplateSync.class)) { // Now, we have to "run as" admin since the permission to sync was granted // but might not be enough to create branches and such. return securityService.runAsAdmin(() -> doSyncTemplateDefinition(branchId, listener)).get(); } else { throw new AccessDeniedException("Cannot synchronise branches."); } }
private void checkUpdateAuthorisations(ValidationStampFilter filter) { if (filter.getProject() != null) { securityService.checkProjectFunction(filter.getProject(), ProjectConfig.class); } else if (filter.getBranch() != null) { securityService.checkProjectFunction(filter.getBranch(), ProjectConfig.class); } else { securityService.checkGlobalFunction(GlobalSettings.class); } }
@Override public void setProjectFavourite(Project project, boolean favourite) { if (securityService.isProjectFunctionGranted(project, ProjectView.class)) { securityService.getAccount().ifPresent(account -> repository.setProjectFavourite(account.id(), project.id(), favourite) ); } } }
/** * Checks the accesses by checking the {@link net.nemerosa.ontrack.model.security.GlobalSettings} function. */ protected void checkAccess() { securityService.checkGlobalFunction(GlobalSettings.class); }
if (securityService.isProjectFunctionGranted(instance, BranchTemplateMgt.class) || securityService.isProjectFunctionGranted(instance, BranchTemplateSync.class)) { securityService.asAdmin(() -> updateTemplateInstance( instance.getName(),
/** * Deletes a change log file filter */ @RequestMapping(value = "changeLog/fileFilter/{projectId}/{name}/delete", method = RequestMethod.DELETE) public Ack deleteChangeLogFileFilter(@PathVariable ID projectId, @PathVariable String name) { securityService.checkProjectFunction(projectId.get(), ProjectConfig.class); securityService.asAdmin(() -> entityDataService.withData( structureService.getProject(projectId), SCMFileChangeFilters.class.getName(), SCMFileChangeFilters.class, (SCMFileChangeFilters filters) -> filters.remove(name) ) ); return Ack.OK; }
@Override public Optional<ValidationStampFilter> getValidationStampFilterByName(Branch branch, String name) { securityService.checkProjectFunction(branch, ProjectView.class); return repository.getValidationStampFilterByName(branch, name); }
securityService.asAdmin(() -> structureService.newPromotionRun( PromotionRun.of( build, promotionLevel, securityService.getCurrentSignature(), "Auto promotion"
@Override public void post(Event event) { Event e = event; if (e.getSignature() == null) { e = e.withSignature(securityService.getCurrentSignature()); } eventRepository.post(e); // Notification to the listeners eventListenerService.onEvent(event); }
@Override public List<PredefinedValidationStamp> getPredefinedValidationStamps() { securityService.checkGlobalFunction(GlobalSettings.class); return predefinedValidationStampRepository.getPredefinedValidationStamps(); }
@Override public boolean isProjectFavourite(Project project) { return securityService.isProjectFunctionGranted(project, ProjectView.class) && securityService.getAccount().filter(account -> account.getId().isSet()) .map(account -> repository.isProjectFavourite( account.id(), project.id() )).orElse(false); }
@Override public Branch copy(Branch targetBranch, Branch sourceBranch, Function<String, String> replacementFn, SyncPolicy syncPolicy) { // If same branch, rejects if (sourceBranch.id() == targetBranch.id()) { throw new CannotCopyItselfException(); } // Checks the rights on the target branch securityService.checkProjectFunction(targetBranch, BranchEdit.class); // Now, we can work in a secure context securityService.asAdmin(() -> doCopy(sourceBranch, targetBranch, replacementFn, syncPolicy)); // OK return targetBranch; }
@Override public ValidationStampFilter shareValidationStampFilter(ValidationStampFilter filter, Project project) { securityService.checkProjectFunction(project, ProjectConfig.class); return repository.shareValidationStampFilter(filter, project); }
private Build doCreateBuild(Branch branch, TCopyEvent copy, String buildName, SVNRepository repository) { // The build date is assumed to be the creation of the tag SVNRevisionInfo revisionInfo = svnService.getRevisionInfo(repository, copy.getRevision()); LocalDateTime revisionTime = revisionInfo.getDateTime(); // Creation of the build return structureService.newBuild( Build.of( branch, new NameDescription( buildName, String.format("Build created by SVN synchronisation from tag %s", copy.getCopyToPath()) ), securityService.getCurrentSignature().withTime(revisionTime) ) ); }
@Override public boolean isProjectFunctionGranted(int projectId, Class<? extends ProjectFunction> fn) { return securityService.isProjectFunctionGranted(projectId, fn); }
@Override public LinksBuilder link(String name, Object methodInvocation, Class<? extends GlobalFunction> fn) { return link(name, methodInvocation, securityService.isGlobalFunctionGranted(fn)); }
@Override public final T getSettings() { securityService.checkGlobalFunction(GlobalSettings.class); return cachedSettingsService.getCachedSettings(settingsClass); }