protected boolean checkUnrestricted(CoreSession session) { return session.getPrincipal().isAdministrator(); }
/** * Constructs a {@link UnrestrictedSessionRunner} given an existing session (which may or may not be already * unrestricted). * <p> * Originating user is taken on given session. * * @param session the available session */ protected UnrestrictedSessionRunner(CoreSession session) { this.session = session; sessionIsAlreadyUnrestricted = checkUnrestricted(session); if (sessionIsAlreadyUnrestricted) { repositoryName = null; } else { repositoryName = session.getRepositoryName(); } NuxeoPrincipal pal = session.getPrincipal(); if (pal != null) { originatingUsername = pal.getName(); } }
return this; return new InstanceRef(this, session.getPrincipal());
protected Principal getPrincipal() throws OperationException { Principal principal = coreSession.getPrincipal(); if (!(principal instanceof NuxeoPrincipal)) { throw new OperationException("Principal is not an instance of NuxeoPrincipal"); } return principal; }
private boolean canDeleteComment(String author, DocumentModel document) { boolean canDelete = false; Principal user = session.getPrincipal(); if (user != null) { boolean isUserAuthor = user.getName().equals(author); boolean isUserAdmin = ((NuxeoPrincipal) user).isAdministrator(); boolean userHasAllRights = session.hasPermission(document.getRef(), SecurityConstants.EVERYTHING); canDelete = isUserAuthor || isUserAdmin || userHasAllRights; } return canDelete; }
protected void notifyEvent(String eventId, DocumentModel source, Map<String, Serializable> options, String comment, CoreSession session) { DocumentEventContext docCtx = new DocumentEventContext(session, session.getPrincipal(), source); options.put("category", RelationEvents.CATEGORY); options.put("comment", comment); EventProducer evtProducer = Framework.getService(EventProducer.class); evtProducer.fireEvent(docCtx.newEvent(eventId)); }
@Override public void unsubscribe(CoreSession coreSession, DocumentModel currentDocument) throws ClassNotFoundException { if (getStatus(coreSession, currentDocument) == SubscriptionStatus.can_unsubscribe) { final NotificationService notificationService = NotificationServiceHelper.getNotificationService(); final NuxeoPrincipal principal = (NuxeoPrincipal) coreSession.getPrincipal(); final List<String> listNotifs = notificationService.getSubscriptionsForUserOnDocument(NuxeoPrincipal.PREFIX + coreSession.getPrincipal().getName(), currentDocument); notificationService.removeSubscriptions(NuxeoPrincipal.PREFIX + principal.getName(), listNotifs, currentDocument); } else { throw new NuxeoException("User can not unsubscribe to this document"); } }
@Override public boolean canManagePublishing(PublishedDocument publishedDocument) { DocumentModel proxy = ((SimpleCorePublishedDocument) publishedDocument).getProxy(); NuxeoPrincipal currentUser = coreSession.getPrincipal(); return proxy.isProxy() && hasValidationTask(proxy, currentUser); }
static public void fireEvent(CoreSession coreSession, DocumentRouteElement element, Map<String, Serializable> eventProperties, String eventName) { if (eventProperties == null) { eventProperties = new HashMap<String, Serializable>(); } eventProperties.put(DocumentRoutingConstants.DOCUMENT_ELEMENT_EVENT_CONTEXT_KEY, element); eventProperties.put(DocumentEventContext.CATEGORY_PROPERTY_KEY, DocumentRoutingConstants.ROUTING_CATEGORY); DocumentEventContext envContext = new DocumentEventContext(coreSession, coreSession.getPrincipal(), element.getDocument()); envContext.setProperties(eventProperties); getEventProducer().fireEvent(envContext.newEvent(eventName)); }
protected static void fireEvent(String eventName, Map<String, Serializable> eventProperties, DocumentRoute route, CoreSession session) { eventProperties.put(DocumentRoutingConstants.DOCUMENT_ELEMENT_EVENT_CONTEXT_KEY, route); eventProperties.put(DocumentEventContext.CATEGORY_PROPERTY_KEY, DocumentRoutingConstants.ROUTING_CATEGORY); DocumentEventContext envContext = new DocumentEventContext(session, session.getPrincipal(), route.getDocument()); envContext.setProperties(eventProperties); EventProducer eventProducer = Framework.getService(EventProducer.class); eventProducer.fireEvent(envContext.newEvent(eventName)); }
@Override public void validatorRejectPublication(PublishedDocument publishedDocument, String comment) { DocumentModel proxy = ((SimpleCorePublishedDocument) publishedDocument).getProxy(); NuxeoPrincipal principal = coreSession.getPrincipal(); notifyEvent(PublishingEvent.documentPublicationRejected, proxy, coreSession); endTask(proxy, principal, coreSession, comment, PublishingEvent.documentPublicationRejected); removeProxy(proxy, coreSession); }
protected void sendUnknownEvent(Object input) { CoreSession session = ctx.getCoreSession(); EventContextImpl evctx = new EventContextImpl(session, session.getPrincipal(), input); Event event = evctx.newEvent(name); service.fireEvent(event); }
@Override public void write(JsonGenerator jg, DocumentModel document) throws IOException { TrashService trashService = Framework.getService(TrashService.class); try (SessionWrapper wrapper = ctx.getSession(document)) { DocumentModel above = trashService.getAboveDocument(document, wrapper.getSession().getPrincipal()); if (above != null) { writeEntityField(NAME, above, jg); } } }
protected void fireACEStatusUpdatedEvent(Map<DocumentRef, List<ACE>> refToACEs) { EventContext eventContext = new EventContextImpl(session, session.getPrincipal()); eventContext.setProperty(DOCUMENT_REFS, (Serializable) refToACEs); eventContext.setProperty(REPOSITORY_NAME, session.getRepositoryName()); Framework.getService(EventService.class).fireEvent(ACE_STATUS_UPDATED, eventContext); }
protected void checkCurrentUserCanCreateArtifact(T artifact) { NuxeoPrincipal currentUser = getContext().getCoreSession().getPrincipal(); if (!currentUser.isAdministrator()) { if (!currentUser.isMemberOf("powerusers") || !isAPowerUserEditableArtifact(artifact)) { throw new WebSecurityException("Cannot create artifact"); } } }
void checkEditGuards() { NuxeoPrincipal currentUser = getContext().getCoreSession().getPrincipal(); if (!(currentUser.isAdministrator() || currentUser.isMemberOf("powerusers"))) { throw new WebSecurityException("Not allowed to edit directory"); } UserManager um = Framework.getService(UserManager.class); if (directory.getName().equals(um.getUserDirectoryName()) || directory.getName().equals(um.getGroupDirectoryName())) { throw new NuxeoException("Not allowed to edit user/group directories, please use user/group endpoints", SC_BAD_REQUEST); } }
private void checkPrincipalCanAdministerGroupAndUser(UserManager um) { NuxeoPrincipal currentPrincipal = getContext().getCoreSession().getPrincipal(); if (!currentPrincipal.isAdministrator()) { if (!currentPrincipal.isMemberOf("powerusers") || !UserRootObject.isAPowerUserEditableUser(principal) || !GroupRootObject.isAPowerUserEditableGroup(group)) { throw new WebSecurityException("Cannot edit user"); } } }
protected void trashDescendants(DocumentModel model, Boolean value) { CoreSession session = model.getCoreSession(); BulkService service = Framework.getService(BulkService.class); String nxql = String.format("SELECT * from Document where ecm:ancestorId='%s'", model.getId()); service.submit(new BulkCommand.Builder(ACTION_NAME, nxql).repository(session.getRepositoryName()) .user(session.getPrincipal().getName()) .param(PARAM_NAME, value) .build()); }
protected void notifyEvent(CoreSession session, String eventId, DocumentModel doc, boolean immediate) { DocumentEventContext ctx = new DocumentEventContext(session, session.getPrincipal(), doc); ctx.setProperties(new HashMap<>(doc.getContextData())); ctx.setCategory(DocumentEventCategories.EVENT_DOCUMENT_CATEGORY); ctx.setProperty(CoreEventConstants.REPOSITORY_NAME, session.getRepositoryName()); ctx.setProperty(CoreEventConstants.SESSION_ID, session.getSessionId()); Event event = ctx.newEvent(eventId); event.setInline(false); event.setImmediate(immediate); EventService eventService = Framework.getService(EventService.class); eventService.fireEvent(event); }
protected static void setSeamActionContext(OperationContext context, CoreSession session) { ActionContext seamActionContext = new SeamActionContext(); NavigationContext navigationContext = (NavigationContext) Contexts.getConversationContext() .get("navigationContext"); if (navigationContext != null) { seamActionContext.setCurrentDocument(navigationContext.getCurrentDocument()); } seamActionContext.setDocumentManager(session); seamActionContext.putLocalVariable("SeamContext", new SeamContextHelper()); seamActionContext.setCurrentPrincipal(session.getPrincipal()); context.put(GetActions.SEAM_ACTION_CONTEXT, seamActionContext); }