/** * @see org.projectforge.web.MenuItemDef#isVisible(org.projectforge.web.MenuBuilderContext) */ @Override protected boolean isVisible(final MenuBuilderContext context) { final PFUserDO user = context.getLoggedInUser(); return TenantChecker.isSuperAdmin(user); } });
protected void checkPartOfCurrentTenant(final O obj, final OperationType operationType) { tenantChecker.checkPartOfCurrentTenant(obj); }
protected <ENT extends ExtendedBaseDO<Integer>> List<ENT> extractEntriesWithSelectAccess(List<ENT> origList, Class<ENT> entClazz, BaseDao<ENT> baseDao) { final List<ENT> result = new ArrayList<ENT>(); for (final ENT obj : origList) { if ((tenantChecker.isSuperAdmin(ThreadLocalUserContext.getUser()) == true || tenantChecker.isPartOfCurrentTenant(obj) == true) && baseDao.hasLoggedInUserSelectAccess(obj, false) == true) { result.add(obj); baseDao.afterLoad(obj); } } return result; }
/** * Checks only if the current chosen tenant of the logged-in-user fit the tenant of the given object. This means the * user's current tenant is the same tenant the given object is assigned to, or the current tenant is the default * tenant and the given object is not assigned to a tenant.<br/> * If no multi-tenancy is configured, always true is returned. * * @param obj * @return */ public boolean isPartOfCurrentTenant(final BaseDO<?> obj) { if (tenantService.isMultiTenancyAvailable() == false) { return true; } if (obj == null) { return false; } if (obj instanceof TenantDO && isSuperAdmin(ThreadLocalUserContext.getUser()) == true) { return true; } final TenantDO currentTenant = getCurrentTenant(); if (currentTenant == null) { return false; } if (obj.getTenantId() == null) { // The given object isn't assigned to a tenant, so assuming the default tenant. return currentTenant.isDefault(); } return obj.getTenantId().equals(currentTenant.getId()); }
&& TenantChecker.isSuperAdmin(ThreadLocalUserContext.getUser()) == false) { final List<PFUserDO> origList = list; list = new LinkedList<PFUserDO>(); for (final PFUserDO user : origList) { if (tenantChecker.isPartOfTenant(ThreadLocalUserContext.getUserContext().getCurrentTenant(), user) == true) { list.add(user);
tenantChecker.isTenantSet(baseDo, true); PfEmgr emgr = (PfEmgr) event.getEmgr(); if (emgr.isCheckAccess() == false) { tenantChecker.checkPartOfCurrentTenant(baseDo); IUserRightId rightId = genericPersistenceService.getUserRight(baseDo); accessChecker.hasLoggedInUserAccess(rightId, baseDo, null, operationType, true);
public void checkPartOfCurrentTenant(final BaseDO<?> obj) { if (tenantService.isMultiTenancyAvailable() == false) { return; } if (isPartOfCurrentTenant(obj) == false) { final TenantDO currentTenant = getCurrentTenant(); final String currentTenantString = currentTenant != null ? currentTenant.getName() : ThreadLocalUserContext .getLocalizedString("multitenancy.defaultTenant"); final TenantDO objectTenant = obj.getTenant(); final String objectTenantString = objectTenant != null ? objectTenant.getName() : ThreadLocalUserContext .getLocalizedString("multitenancy.defaultTenant"); throw new AccessException(ThreadLocalUserContext.getUser(), "access.exception.usersCurrentTenantDoesNotMatch", currentTenantString, objectTenantString); } }
/** * @param tenant * @param obj * @return true if id of tenant is equals to tenant id of the given object, otherwise false. */ public boolean isPartOfTenant(final TenantDO tenant, final BaseDO<?> obj) { if (tenantService.isMultiTenancyAvailable() == false) { return true; } if (tenant == null) { return false; } return isPartOfTenant(tenant.getId(), obj); }
@Override public void onEvent(EmgrInitForInsertEvent event) { DbRecord<?> rec = event.getRecord(); if ((rec instanceof ExtendedBaseDO) == false) { return; } ExtendedBaseDO extb = (ExtendedBaseDO) rec; extb.setCreated(); extb.setLastUpdate(); tenantChecker.isTenantSet(extb, true); }
public TenantRegistry getTenantRegistry() { if (tenantService.isMultiTenancyAvailable() == false) { return getSingleTenantRegistry(); } final TenantDO tenant = tenantChecker.getCurrentTenant(); return getTenantRegistry(tenant); }
/** * If the user has select access then the object will be returned. If not, the hibernate proxy object will be get via * getSession().load(); * * @param id * @return */ @Transactional(readOnly = true, propagation = Propagation.SUPPORTS) public O getOrLoad(final Integer id) { if (isIdValid(id) == false) { return null; } else { final O obj = internalGetById(id); if (obj == null) { //throw new RuntimeException("Object with id " + id + " not found for class " + clazz); return null; } if (tenantChecker.isPartOfCurrentTenant(obj) == true && hasLoggedInUserSelectAccess(obj, false) == true) { return obj; } } final O result = getSession().load(clazz, id); return result; }
data = getBaseDao().newInstance(); tenantChecker.setCurrentTenant(data);
/** * @return true if user is member of group FINANCE. * @see org.projectforge.business.user.UserRightAccessCheck#hasSelectAccess(java.lang.Object) */ @Override public boolean hasAccess(final PFUserDO user, final TenantDO obj, final TenantDO oldObj, final OperationType operationType) { if (GlobalConfiguration.getInstance().isMultiTenancyConfigured() == false) { return false; } if (user.isSuperAdmin() == true) { return true; } if (accessChecker.isUserMemberOfGroup(user, ProjectForgeGroup.ADMIN_GROUP) == false) { return false; } if (operationType == OperationType.SELECT) { // Administrators (not super users) has the select access for tenants they're assigned to. return tenantChecker.isPartOfTenant(obj, user); } return false; } }
public ModificationStatus internalUpdate(final O obj, final boolean checkAccess) tenantChecker.isTenantSet(obj, true); onSaveOrModify(obj); if (checkAccess == true) {
/** * Sets the current tenant (of the logged-in user) for the given object. If no current tenant found, the default * tenant of the system is used (if exist). If no such tenant exist, null is set as the object's tenant. <br/> * If no multi-tenancy is configured, nothing is done. * * @param obj */ public void setCurrentTenant(final BaseDO<?> obj) { if (tenantService.isMultiTenancyAvailable() == false) { return; } TenantDO currentTenant = getCurrentTenant(); if (currentTenant == null) { currentTenant = tenantService.getDefaultTenant(); } obj.setTenant(currentTenant); }
@Override public void populateItem(final Item<ICellPopulator<PFUserDO>> item, final String componentId, final IModel<PFUserDO> rowModel) { final PFUserDO user = rowModel.getObject(); appendCssClasses(item, user.getId(), user.hasSystemAccess() == false); if (TenantChecker.isSuperAdmin(user) == true) { appendCssClasses(item, RowCssClass.IMPORTANT_ROW); } } };
protected List<O> extractEntriesWithSelectAccess(final List<O> origList) { final List<O> result = new ArrayList<O>(); for (final O obj : origList) { if ((TenantChecker.isSuperAdmin(ThreadLocalUserContext.getUser()) == true || tenantChecker.isPartOfCurrentTenant(obj) == true) && hasLoggedInUserSelectAccess(obj, false) == true) { result.add(obj); afterLoad(obj); } } return result; }
for (final PFUserDO user : users) { if (tenant != null) { if (tenantChecker.isPartOfTenant(tenant, user) == false) { for (final GroupDO group : groups) { if (tenant != null) { if (tenantChecker.isPartOfTenant(tenant.getId(), group) == false) {
public static void checkEntity(JpaPfGenericPersistenceService genericPersistenceService, AccessChecker accessChecker, TenantChecker tenantChecker, BaseDO<?> dbObject, Object newObj, OperationType opType) { accessChecker.checkRestrictedOrDemoUser(); tenantChecker.checkPartOfCurrentTenant(dbObject); AUserRightId aUserRightId = dbObject.getClass().getAnnotation(AUserRightId.class); if (aUserRightId != null && aUserRightId.checkAccess() == false) { return; } IUserRightId rightId = genericPersistenceService.getUserRight(dbObject); accessChecker.hasLoggedInUserAccess(rightId, newObj, dbObject, opType, true); } }
/** * @see org.projectforge.framework.persistence.api.BaseDao#createQueryFilter(org.projectforge.framework.persistence.api.BaseSearchFilter) */ @Override protected QueryFilter createQueryFilter(final BaseSearchFilter filter) { final boolean superAdmin = TenantChecker.isSuperAdmin(ThreadLocalUserContext.getUser()) == true; if (superAdmin == false) { return super.createQueryFilter(filter); } return new QueryFilter(filter, true); }