@Override public Object callback(GrouperSession grouperSession) throws GrouperSessionException { if (group.canHavePrivilege(loggedInSubject, AccessPrivilege.UPDATE.getName(), false)) { return true; } return false; } });
@Override public Object callback(GrouperSession grouperSession) throws GrouperSessionException { return group.canHavePrivilege(loggedInSubject, AccessPrivilege.UPDATE.getName(), false); } });
@Override public Object callback(GrouperSession grouperSession) throws GrouperSessionException { return group.canHavePrivilege(loggedInSubject, AccessPrivilege.VIEW.getName(), false); } });
/** * if the logged in user can update (or inherit), dont check security * @return true */ public boolean isCanUpdate() { final Subject loggedInSubject = GrouperUiFilter.retrieveSubjectLoggedIn(); return this.group.canHavePrivilege(loggedInSubject, AccessPrivilege.UPDATE.getName(), false); }
@Override public Object callback(GrouperSession grouperSession) throws GrouperSessionException { return GroupContainer.this.getGuiGroup().getGroup().canHavePrivilege(loggedInSubject, AccessPrivilege.OPTOUT.getName(), false); } });
@Override public Object callback(GrouperSession grouperSession) throws GrouperSessionException { return GroupContainer.this.getGuiGroup().getGroup().canHavePrivilege(loggedInSubject, AccessPrivilege.READ.getName(), false); } });
@Override public Object callback(GrouperSession grouperSession) throws GrouperSessionException { return GroupContainer.this.getGuiGroup().getGroup().canHavePrivilege(loggedInSubject, AccessPrivilege.ADMIN.getName(), false); } });
@Override public Object callback(GrouperSession grouperSession) throws GrouperSessionException { return GroupContainer.this.getGuiGroup().getGroup().canHavePrivilege(loggedInSubject, AccessPrivilege.OPTIN.getName(), false); } });
@Override public Object callback(GrouperSession grouperSession) throws GrouperSessionException { return GroupContainer.this.getGuiGroup().getGroup().canHavePrivilege(loggedInSubject, AccessPrivilege.VIEW.getName(), false); } });
@Override public Object callback(GrouperSession grouperSession) throws GrouperSessionException { return GroupContainer.this.getGuiGroup().getGroup().canHavePrivilege(loggedInSubject, AccessPrivilege.GROUP_ATTR_READ.getName(), false); } });
@Override public Object callback(GrouperSession grouperSession) throws GrouperSessionException { return GroupContainer.this.getGuiGroup().getGroup().canHavePrivilege(loggedInSubject, AccessPrivilege.UPDATE.getName(), false); } });
@Override public Object callback(GrouperSession grouperSession) throws GrouperSessionException { return GroupContainer.this.getGuiGroup().getGroup().canHavePrivilege(loggedInSubject, AccessPrivilege.GROUP_ATTR_UPDATE.getName(), false); } });
/** * if shuld show join group * @return true if should show join group */ public boolean isShowJoinGroup() { if (this.showJoinGroup == null) { final Subject loggedInSubject = GrouperUiFilter.retrieveSubjectLoggedIn(); this.showJoinGroup = GroupContainer.this.getGuiGroup().getGroup().canHavePrivilege(loggedInSubject, AccessPrivilege.OPTIN.getName(), false); } return this.showJoinGroup; }
@Override public Object callback(GrouperSession theGrouperSession) throws GrouperSessionException { Group theGroup = null; if (!StringUtils.isBlank(groupString)) { theGroup = new GroupFinder().assignScope(groupString).assignFindByUuidOrName(true) .assignPrivileges(AccessPrivilege.UPDATE_PRIVILEGES).assignSubject(loggedInSubject).findGroup(); if (theGroup != null) { userHasAdmin[0] = theGroup.canHavePrivilege(loggedInSubject, AccessPrivilege.ADMIN.getName(), false); } } return theGroup; } });
public Object callback(GrouperSession grouperSession2) throws GrouperSessionException { for (String membershipId : membershipsIds) { try { Membership membership = new MembershipFinder().addMembershipId(membershipId).findMembership(true); Member member = membership.getMember(); group.deleteMember(member, false); if (count[0]++ < 5 && group.canHavePrivilege(loggedInSubject, AccessPrivilege.VIEW.getName(), false)) { GrouperUserDataApi.recentlyUsedMemberAdd(GrouperUiUserData.grouperUiGroupNameForUserData(), loggedInSubject, member); } successes[0]++; } catch (Exception e) { LOG.warn("Error with membership: " + membershipId + ", user: " + loggedInSubject, e); failures[0]++; } } if (group.canHavePrivilege(loggedInSubject, AccessPrivilege.VIEW.getName(), false)) { GrouperUserDataApi.recentlyUsedGroupAdd(GrouperUiUserData.grouperUiGroupNameForUserData(), loggedInSubject, group); } return null; } });
/** * if an owner has a privilege by the authenticated user * @param owner * @param privilegeOrListName * @return true if has privilege, false if not */ public static boolean canHavePrivilege(GrouperObject owner, String privilegeOrListName) { Subject subject = GrouperSession.staticGrouperSession().getSubject(); //dont check security, this is on behalf of the UI, assume its allowed to check if (owner instanceof Group) { return ((Group)owner).canHavePrivilege(subject, privilegeOrListName, false); } if (owner instanceof Stem) { return ((Stem)owner).canHavePrivilege(subject, privilegeOrListName, false); } if (owner instanceof AttributeDef) { return ((AttributeDef)owner).getPrivilegeDelegate().canHavePrivilege(subject, privilegeOrListName, false); } if (owner instanceof AttributeDefName) { return ((AttributeDefName)owner).getAttributeDef().getPrivilegeDelegate().canHavePrivilege(subject, privilegeOrListName, false); } throw new RuntimeException("Cant find owner for '" + (owner == null ? null : owner.getClass()) + "'"); }
if (!group.canHavePrivilege(loggedInSubject, AccessPrivilege.OPTOUT.getName(), false)) { guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error, TextContainer.retrieveFromRequest().getText().get("myGroupsMembershipsCantFindGroup")));
if (!group.canHavePrivilege(loggedInSubject, AccessPrivilege.OPTIN.getName(), false)) { guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error, TextContainer.retrieveFromRequest().getText().get("myGroupsJoinGroupCantFindGroup")));
allowed = allowed && this.group.canHavePrivilege(subject, AccessPrivilege.READ.getName(), false);
if (!group.canHavePrivilege(loggedInSubject, AccessPrivilege.READ.getName(), false)) { guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error, TextContainer.retrieveFromRequest().getText().get("groupNotAllowedToReadGroup")));