@Override public boolean isAdminUser(final PFUserDO user) { final JdbcTemplate jdbc = new JdbcTemplate(dataSource); String sql = "select pk from t_group where name=?"; final int adminGroupId = jdbc.queryForObject( sql, new Object[] { ProjectForgeGroup.ADMIN_GROUP.getKey() }, Integer.class); sql = "select count(*) from t_group_user where group_id=? and user_id=?"; final int count = jdbc.queryForObject(sql, new Object[] { adminGroupId, user.getId() }, Integer.class); if (count != 1) { log.info("Admin login for maintenance (data-base update) failed for user '" + user.getUsername() + "' (user not member of admin group)."); return false; } return true; }
/** * Prevents changing the group name for ProjectForge groups. * * @see org.projectforge.framework.persistence.api.BaseDao#onChange(org.projectforge.core.ExtendedBaseDO, * org.projectforge.core.ExtendedBaseDO) */ @Override protected void onChange(final GroupDO obj, final GroupDO dbObj) { for (final ProjectForgeGroup group : ProjectForgeGroup.values()) { if (group.getName().equals(dbObj.getName()) == true) { // A group of ProjectForge will be changed. if (group.getName().equals(obj) == false) { // The group's name must be unmodified! log.warn( "Preventing the change of ProjectForge's group '" + group.getName() + "' in '" + obj.getName() + "'."); obj.setName(group.getName()); } break; } } }
private AccessException getLoggedInUserNotMemberOfException(final ProjectForgeGroup... groups) { final StringBuffer buf = new StringBuffer(); for (int i = 0; i < groups.length; i++) { if (i > 0) { buf.append(", "); } buf.append(groups[i].toString()); } final String str = buf.toString(); log.error(I18N_KEY_VIOLATION_USER_NOT_MEMBER_OF + ": " + str); return new AccessException(I18N_KEY_VIOLATION_USER_NOT_MEMBER_OF, str); }
public boolean doesGroupExists(ProjectForgeGroup group) { return emf.runRoTrans(emgr -> { List<GroupDO> selectedGroups = emgr.select(GroupDO.class, "SELECT g FROM GroupDO g WHERE g.name = :name", "name", group.getName()); return selectedGroups != null && selectedGroups.size() > 0; }); }
public GroupDO getGroup(final ProjectForgeGroup group) { checkRefresh(); for (final GroupDO g : groupMap.values()) { if (group.equals(g.getName()) == true) { return g; } } return null; }
@SuppressWarnings({ "unchecked", "rawtypes" }) @Test public void test3CheckUnmodifiableGroupNames() { GroupDO adminGroup = getGroup(ProjectForgeGroup.ADMIN_GROUP.getName()); final Integer id = adminGroup.getId(); adminGroup.setName("Changed admin group"); groupDao.internalSave(adminGroup); adminGroup = groupDao.internalGetById(id); assertEquals("Group's name shouldn't be allowed to change.", ProjectForgeGroup.ADMIN_GROUP.getName(), adminGroup.getName()); } }
final Set<Integer> groupIdSet = ensureAndGetUserGroupIdMap(ugIdMap, user.getId()); groupIdSet.add(group.getId()); if (ProjectForgeGroup.ADMIN_GROUP.equals(group.getName()) == true) { log.debug("Adding user '" + user.getUsername() + "' as administrator."); nAdminUsers.add(user.getId()); } else if (ProjectForgeGroup.FINANCE_GROUP.equals(group.getName()) == true) { log.debug("Adding user '" + user.getUsername() + "' for finance."); nFinanceUser.add(user.getId()); } else if (ProjectForgeGroup.CONTROLLING_GROUP.equals(group.getName()) == true) { log.debug("Adding user '" + user.getUsername() + "' for controlling."); nControllingUsers.add(user.getId()); } else if (ProjectForgeGroup.PROJECT_MANAGER.equals(group.getName()) == true) { log.debug("Adding user '" + user.getUsername() + "' as project manager."); nProjectManagers.add(user.getId()); } else if (ProjectForgeGroup.PROJECT_ASSISTANT.equals(group.getName()) == true) { log.debug("Adding user '" + user.getUsername() + "' as project assistant."); nProjectAssistants.add(user.getId()); } else if (ProjectForgeGroup.MARKETING_GROUP.equals(group.getName()) == true) { log.debug("Adding user '" + user.getUsername() + "' as marketing user."); nMarketingUsers.add(user.getId()); } else if (ProjectForgeGroup.ORGA_TEAM.equals(group.getName()) == true) { log.debug("Adding user '" + user.getUsername() + "' as orga user."); nOrgaUsers.add(user.getId()); } else if (ProjectForgeGroup.HR_GROUP.equals(group.getName()) == true) { log.debug("Adding user '" + user.getUsername() + "' as hr user."); nhrUsers.add(user.getId());
private void addGroup(final ProjectForgeGroup projectForgeGroup, final String description, final TenantDO tenant, final Set<PFUserDO> users) { final GroupDO group = new GroupDO(); group.setName(projectForgeGroup.toString()); group.setDescription(description); if (users != null) { group.setAssignedUsers(users); } group.setTenant(tenant); // group.setNestedGroupsAllowed(false); group.setLocalGroup(true); // Do not synchronize group with external user management system by default. groupDao.internalSave(group); }
GroupDao groupDao = applicationContext.getBean(GroupDao.class); GroupDO orgaGroup = new GroupDO(); orgaGroup.setName(ProjectForgeGroup.ORGA_TEAM.getName()); groupDao.internalSave(orgaGroup);
private void checkAdminUser() { if (Login.getInstance().isAdminUser(ThreadLocalUserContext.getUser()) == false) { throw new AccessException(AccessCheckerImpl.I18N_KEY_VIOLATION_USER_NOT_MEMBER_OF, ProjectForgeGroup.ADMIN_GROUP.getKey()); } }
user = userService.getById(userService.save(user)); assignToDefaultTenant(user); GroupDO group = getGroup(ProjectForgeGroup.CONTROLLING_GROUP.toString()); group.getAssignedUsers().add(user); groupDao.update(group); group = getGroup(ProjectForgeGroup.FINANCE_GROUP.toString()); group.getAssignedUsers().add(user); groupDao.update(group); right.isConfigurable(userGroupCache, ThreadLocalUserContext.getUser())); logon(TEST_ADMIN_USER); group = getGroup(ProjectForgeGroup.PROJECT_MANAGER.toString()); group.getAssignedUsers().add(user); groupDao.update(group);
/** * Does nothing at default. Override this method for checking the access of the user, e. g. only admin user's should * be able to manipulate the database. * * @param writeaccess */ protected void accessCheck(final boolean writeaccess) { if (ThreadLocalUserContext.getUser() == SYSTEM_ADMIN_PSEUDO_USER) { // No access check for the system admin pseudo user. return; } if (Login.getInstance().isAdminUser(ThreadLocalUserContext.getUser()) == false) { throw new AccessException(AccessCheckerImpl.I18N_KEY_VIOLATION_USER_NOT_MEMBER_OF, ProjectForgeGroup.ADMIN_GROUP.getKey()); } accessChecker.checkRestrictedOrDemoUser(); }
@Test public void testConfigurable() { final UserGroupCache userGroupCache = TenantRegistryMap.getInstance().getTenantRegistry().getUserGroupCache(); final UserRight right = userRights.getRight(UserRightId.PM_HR_PLANNING); logon(TEST_PROJECT_MANAGER_USER); assertFalse( "Right is not configurable, because all available right values are automatically assigned to the current user", right.isConfigurable(userGroupCache, ThreadLocalUserContext.getUser())); logon(TEST_ADMIN_USER); assertFalse("Right is not configurable, because no right values are available.", right.isConfigurable(userGroupCache, ThreadLocalUserContext.getUser())); PFUserDO user = new PFUserDO(); user.setUsername("testConfigurableRight"); user = userService.getById(userService.save(user)); GroupDO group = getGroup(ProjectForgeGroup.FINANCE_GROUP.toString()); group.getAssignedUsers().add(user); groupDao.update(group); logon(user.getUsername()); assertTrue("Right is configurable, because serveral right values are available.", right.isConfigurable(userGroupCache, ThreadLocalUserContext.getUser())); logon(TEST_ADMIN_USER); group = getGroup(ProjectForgeGroup.PROJECT_MANAGER.toString()); group.getAssignedUsers().add(user); groupDao.update(group); logon(user.getUsername()); assertFalse( "Right is not configurable, because all available right values are automatically assigned to the current user", right.isConfigurable(userGroupCache, ThreadLocalUserContext.getUser())); }
userRightDao.save(userRights); final GroupDO group = getGroup(ProjectForgeGroup.CONTROLLING_GROUP.toString()); groupDao.assignGroups(user, Collections.singleton(group), null, false);
accessChecker.hasLoggedInUserRight(UserRightId.FIBU_DATEV_IMPORT, false, UserRightValue.TRUE)); logon(TEST_ADMIN_USER); final GroupDO group = getGroup(ProjectForgeGroup.FINANCE_GROUP.toString()); group.getAssignedUsers().add(user); groupDao.update(group);