/** * if app-admin group exists, return true if given userId is app-admin * if app-admin group doesn't exists, return true if user is anonymous */ protected boolean userIsAnonymousOrAppAdmin(String securityToken, String userId) { boolean userIsAnonymousOrAppAdmin = false; if (getAppAdminGroup(securityToken) == null) { if (securityToken == null) { // user is anonymous userIsAnonymousOrAppAdmin = true; } } else { if (isAppAdmin(securityToken, userId)) { // user is appAdmin userIsAnonymousOrAppAdmin = true; } } return userIsAnonymousOrAppAdmin; }
@Override public WikittyEvent clear(String securityToken) { String userId = getUserId(securityToken); if (isAppAdmin(securityToken, userId)) { // seul les AppAdmin on le droit a cette method WikittyEvent result = getDelegate().clear(securityToken); return result; } else { throw new SecurityException(String.format( "user %s can't clear data", userId)); } }
protected void checkStoreExtension(String securityToken, Collection<WikittyExtension> exts) { String userId = getUserId(securityToken); if ( ! isAppAdmin(securityToken, userId)) { for (WikittyExtension extension : exts) { Wikitty extensionAuthorisation = restoreExtensionAuthorisation(securityToken, extension.getName()); if (extensionAuthorisation != null) { // canWrite is true if this user can modify the field for this extension boolean canWrite = canWrite(securityToken, userId, null, extensionAuthorisation); if ( ! canWrite) { throw new SecurityException(String.format( "user %s don't have write right for extension %s", userId, extension)); } } } } }
@Override public void syncSearchEngine(String securityToken) { long start = TimeLog.getTime(); String userId = getUserId(securityToken); if (isAppAdmin(securityToken, userId)) { timeLog.log(start, "syncSearchEngine"); // seul les AppAdmin on le droit a cette method getDelegate().syncSearchEngine(securityToken); } else { throw new SecurityException(String.format( "user %s can't sync search engine", getUserId(securityToken))); } }
|| e.getType().contains( WikittyEvent.WikittyEventType.CLEAR_EXTENSION)) { if (isAppAdmin(securityToken, userId)) {
protected boolean canAdmin(String securityToken, String userId, String extensionName, Wikitty wikitty) { boolean canAdmin = false; // first, check per-extension rights if (wikitty.hasMetaExtension(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION, extensionName)) { // there is a policy on the extension of fqFieldDirtyName canAdmin = isAdmin(securityToken, userId, wikitty, extensionName) || isOwner(securityToken, userId, wikitty, extensionName); } if ( ! canAdmin && wikitty.hasExtension(WikittyAuthorisation.EXT_WIKITTYAUTHORISATION) ) { // there is no policy for this extension // but there is a policy for all extension of wikitty canAdmin = isAdmin(securityToken, userId, wikitty, null) || isOwner(securityToken, userId, wikitty, null); } if ( ! canAdmin ) { // still not admin, check appAdmin canAdmin = isAppAdmin(securityToken, userId); } return canAdmin; }