@Override public SerializablePredicate<OClass> getPredicateByOperation(int operation) { OSecurityUser user = OrienteerWebSession.get().getEffectiveUser(); return (input) -> user.checkIfAllowed(ORule.ResourceGeneric.CLASS, input.getName(), operation) != null; }
/** * Check that all required permissions present for specified resource and specific * @param resource specific resource to secure * @param specific specific resource to secure * @param permissions {@link OrientPermission}s to check * @return true of require resource if allowed for current user */ public static boolean isAllowed(ORule.ResourceGeneric resource, String specific, OrientPermission... permissions) { return OrientDbWebSession.get().getEffectiveUser() .checkIfAllowed(resource, specific, OrientPermission.combinedPermission(permissions))!=null; }
/** * Check that current user has access to mentioned resource * @param resource resource check * @param action {@link Action} to check for * @param permissions {@link OrientPermission}s to check * @return true if access is allowed */ public boolean checkResource(String resource, Action action, OrientPermission[] permissions) { String actionName = action.getName(); int actionIndx = resource.indexOf(':'); if(actionIndx>0) { if(!(resource.endsWith(actionName) && resource.length()>actionName.length() && resource.charAt(resource.length()-actionName.length()-1) == ':')) return true; else resource = resource.substring(0, actionIndx);//Should cut off action } else if(!Component.RENDER.equals(action)) return true; //Default suffix is for render: so other should be skipped OSecurityUser user = OrientDbWebSession.get().getUser(); if(user==null) return false; ORule.ResourceGeneric generic = OSecurityHelper.getResourceGeneric(resource); String specific = OSecurityHelper.getResourceSpecific(resource); return user!=null ?user.checkIfAllowed(generic, specific, OrientPermission.combinedPermission(permissions))!=null :false; } /**
/** * Check that all required permissions present for specified resource and specific * @param resource specific resource to secure * @param specific specific resource to secure * @param permissions {@link OrientPermission}s to check * @return true of require resource if allowed for current user */ public static boolean isAllowed(ORule.ResourceGeneric resource, String specific, OrientPermission... permissions) { return OrientDbWebSession.get().getEffectiveUser() .checkIfAllowed(resource, specific, OrientPermission.combinedPermission(permissions))!=null; }
protected boolean checkClusterAccess(final ODatabaseDocument db, final String iClusterName) { return db.getUser() == null || db.getUser().checkIfAllowed(ORule.ResourceGeneric.CLUSTER, iClusterName, getSecurityOperationType()) != null; }
/** * Check that current user has access to mentioned resource * @param resource resource check * @param action {@link Action} to check for * @param permissions {@link OrientPermission}s to check * @return true if access is allowed */ public boolean checkResource(String resource, Action action, OrientPermission[] permissions) { String actionName = action.getName(); int actionIndx = resource.indexOf(':'); if(actionIndx>0) { if(!(resource.endsWith(actionName) && resource.length()>actionName.length() && resource.charAt(resource.length()-actionName.length()-1) == ':')) return true; else resource = resource.substring(0, actionIndx);//Should cut off action } else if(!Component.RENDER.equals(action)) return true; //Default suffix is for render: so other should be skipped OSecurityUser user = OrientDbWebSession.get().getUser(); if(user==null) return false; ORule.ResourceGeneric generic = OSecurityHelper.getResourceGeneric(resource); String specific = OSecurityHelper.getResourceSpecific(resource); return user!=null ?user.checkIfAllowed(generic, specific, OrientPermission.combinedPermission(permissions))!=null :false; } /**
/** * Check that current user has access to mentioned resource * @param resource {@link RequiredOrientResource} to check * @param action {@link Action} to check for * @return true if access is allowed */ public boolean checkResource(RequiredOrientResource resource, Action action) { if(!resource.action().equals(action.getName())) return true; OSecurityUser user = OrientDbWebSession.get().getUser(); if(user==null) return false; int iOperation = OrientPermission.combinedPermission(resource.permissions()); ORule.ResourceGeneric value = OSecurityHelper.getResourceGeneric(resource.value()); String specific = resource.specific(); if(Strings.isEmpty(specific)) specific = null; if(user.checkIfAllowed(value, specific, iOperation)!=null) return true; while(!Strings.isEmpty(specific=Strings.beforeLastPathComponent(specific, '.'))) { if(user.checkIfAllowed(value, specific+"."+ODatabaseSecurityResources.ALL, iOperation)!=null) return true; } return false; }
/** * Check that current user has access to mentioned resource * @param resource {@link RequiredOrientResource} to check * @param action {@link Action} to check for * @return true if access is allowed */ public boolean checkResource(RequiredOrientResource resource, Action action) { if(!resource.action().equals(action.getName())) return true; OSecurityUser user = OrientDbWebSession.get().getEffectiveUser(); if(user==null) return false; int iOperation = OrientPermission.combinedPermission(resource.permissions()); ORule.ResourceGeneric value = OSecurityHelper.getResourceGeneric(resource.value()); String specific = resource.specific(); if(Strings.isEmpty(specific)) specific = null; if(user.checkIfAllowed(value, specific, iOperation)!=null) return true; while(!Strings.isEmpty(specific=Strings.beforeLastPathComponent(specific, '.'))) { if(user.checkIfAllowed(value, specific+"."+ODatabaseSecurityResources.ALL, iOperation)!=null) return true; } return false; }
private boolean isUsingRestrictedClasses() { boolean restrictedClasses = false; final OSecurityUser user = getDatabase().getUser(); if (parsedTarget.getTargetClasses() != null && user != null && user.checkIfAllowed(ORule.ResourceGeneric.BYPASS_RESTRICTED, null, ORole.PERMISSION_READ) == null) { for (String className : parsedTarget.getTargetClasses().keySet()) { final OClass cls = getDatabase().getMetadata().getImmutableSchemaSnapshot().getClass(className); if (cls.isSubClassOf(OSecurityShared.RESTRICTED_CLASSNAME)) { restrictedClasses = true; break; } } } return restrictedClasses; }
if (database.getUser().checkIfAllowed(ORule.ResourceGeneric.BYPASS_RESTRICTED, null, ORole.PERMISSION_READ) != null)