/** * see if a group has a subject as member * * @param group * @param field * to check with membership * @return true|false * @throws SchemaException */ @Override @SuppressWarnings("unchecked") protected boolean hasMemberHelper(Group group, Subject subject, Field field) throws SchemaException { return field == null ? group.hasMember(subject) : group.hasMember(subject, field); }
/** * see if a group has a subject as member * * @param group * @param field to check with membership * @return true|false * @throws SchemaException */ @Override @SuppressWarnings("unchecked") protected boolean hasMemberHelper(Group group, Subject subject, Field field) throws SchemaException { return field == null ? group.hasMember(subject) : group.hasMember(subject, field); }
protected boolean hasMember(Subject subj) { Iterator it=groups.iterator(); Group g; while(it.hasNext()) { g=(Group)it.next(); if(g.hasMember(subj)) return true; } return false; } protected String getName() {
public Object callback(GrouperSession grouperSession) throws GrouperSessionException { Group group = GroupFinder.findByName(grouperSession, privilegeInheritanceUpdateRequireGroup, true); if (!group.hasMember(loggedInSubject)) { return false; } return true; } })) {
public Object callback(GrouperSession grouperSession) throws GrouperSessionException { Group group = GroupFinder.findByName(grouperSession, privilegeInheritanceReadRequireGroup, true); if (!group.hasMember(loggedInSubject)) { return false; } return true; } })) {
/** * */ @Override public Object callback(GrouperSession theGrouperSession) throws GrouperSessionException { Group requireGroup = GroupFinder.findByName(theGrouperSession, requireGroupName, true); return requireGroup.hasMember(currentUser); } });
@Override public Object callback(GrouperSession grouperSession1) throws GrouperSessionException { Group groupOfUsersWhoCanCheckAllPrivileges = GroupFinder.findByName(grouperSession1, groupNameOfUsersWhoCanCheckAllPrivileges, false); if (groupOfUsersWhoCanCheckAllPrivileges != null) { //if the subject in the grouper session is in the whitelist group, then allow the query without filtering privileges if (groupOfUsersWhoCanCheckAllPrivileges.hasMember(grouperSessionSubject)) { return true; } } else { //it is misconfigured, just keep going, but filter privileges based on calling user LOG.error("Why is ws.groupNameOfUsersWhoCanCheckAllPrivileges: " + groupNameOfUsersWhoCanCheckAllPrivileges + ", not found????"); } return false; } });
@Override public Object callback(GrouperSession grouperSession1) throws GrouperSessionException { Group groupOfUsersWhoCanCheckAllPrivileges = GroupFinder.findByName(grouperSession1, groupNameOfUsersWhoCanCheckAllPrivileges, false); if (groupOfUsersWhoCanCheckAllPrivileges != null) { //if the subject in the grouper session is in the whitelist group, then allow the query without filtering privileges if (groupOfUsersWhoCanCheckAllPrivileges.hasMember(grouperSessionSubject)) { return true; } } else { //it is misconfigured, just keep going, but filter privileges based on calling user LOG.error("Why is ws.groupNameOfUsersWhoCanCheckAllPrivileges: " + groupNameOfUsersWhoCanCheckAllPrivileges + ", not found????"); } return false; } });
public Object callback(GrouperSession rootGrouperSession) throws GrouperSessionException { Group group = GroupFinder.findByName(rootGrouperSession, userGroupName, true); if (!group.hasMember(loggedInSubject)) { //not allowed, cache it subjectAllowedCache().put(cacheKey, false); throw new RuntimeException("User is not authorized: " + loggedInSubject + ", " + group); } subjectAllowedCache().put(cacheKey, true); return null; } });
if(gs==null || (debuggers==null && attemptedDebuggers) || (debuggers !=null &&!debuggers.hasMember(gs.getSubject()))) { session.setAttribute("debugMessage", "debug.error.not-allowed"); return;
if (group.hasMember(member.getSubject(),field)) privs.put("member", Boolean.TRUE);
group = (Group)groups.get(i); if(group.hasAdmin(s.getSubject())) { if(group.hasMember(subject)|| group.hasView(subject)|| group.hasAdmin(subject)||
actAsMustBeInGroupName, true); if (userMustBeInGroup.hasMember(loggedInSubject) && actAsMustBeInGroup.hasMember(actAsSubject)) { if (LOG.isDebugEnabled()) { LOG.debug("grouperActAs allowed since logged in user is in group: " + userMustBeInGroupName + ", and act as user is in group: " + actAsMustBeInGroupName); if (actAsGroup.hasMember(loggedInSubject)) { if (LOG.isDebugEnabled()) { LOG.debug("grouperActAs allowed since logged in user is in group: " + grouperActAsGroup);
if (subjectLoggedIn == null || !group.hasMember(subjectLoggedIn)) {