protected boolean checkUnrestricted(CoreSession session) { return session.getPrincipal().isAdministrator(); }
@Override public boolean hasCreateFromKeyPermission() { NuxeoPrincipal principal = ClientLoginModule.getCurrentPrincipal(); if (principal == null) { return false; } String createFromKeyUsers = properties.getOrDefault(CREATE_FROM_KEY_USERS, EMPTY); String createFromKeyGroups = properties.getOrDefault(CREATE_FROM_KEY_GROUPS, EMPTY); if ("*".equals(createFromKeyUsers) || "*".equals(createFromKeyGroups)) { return true; } List<String> authorizedUsers = Arrays.asList(createFromKeyUsers.split(",")); List<String> authorizedGroups = Arrays.asList(createFromKeyGroups.split(",")); return principal.isAdministrator() || authorizedUsers.contains(principal.getName()) || authorizedGroups.stream().anyMatch(principal::isMemberOf); }
/** * Is the current logged user an administrator? */ public boolean getAdministrator() { return currentUser.isAdministrator(); }
/** * Returns true if dev mode is set and current user is an administrator. * * @since 5.6 * @return */ public boolean getCanTriggerFlush() { return isDevModeSet() && currentUser != null && currentUser.isAdministrator(); }
public boolean isAdministrator() { NuxeoPrincipal user = getCurrentNuxeoPrincipal(); if (user == null) { return false; } else { return user.isAdministrator(); } }
public boolean check(Adaptable context) { Principal p = context.getAdapter(Principal.class); if (p instanceof NuxeoPrincipal) { return ((NuxeoPrincipal) p).isAdministrator() == isAdministrator; } return false; }
/** * @param originatingPrincipal * @param groupName * @return * @since 10.2 */ protected boolean acceptGroup(NuxeoPrincipal originatingPrincipal, String groupName) { return originatingPrincipal.isAdministrator() || originatingPrincipal.getAllGroups().contains(groupName); } }
@Override @Create public void initialize() { log.debug("Initializing..."); commentMap = new HashMap<>(); showCreateForm = false; principal = userSession.getCurrentNuxeoPrincipal(); principalIsAdmin = principal.isAdministrator(); }
protected void checkAccess() { NuxeoPrincipal principal = ctx.getPrincipal(); if (principal == null || !principal.isAdministrator()) { throw new NuxeoException("Unauthorized access: " + principal); } }
private boolean canDeleteComment(String author, DocumentModel document) { boolean canDelete = false; Principal user = session.getPrincipal(); if (user != null) { boolean isUserAuthor = user.getName().equals(author); boolean isUserAdmin = ((NuxeoPrincipal) user).isAdministrator(); boolean userHasAllRights = session.hasPermission(document.getRef(), SecurityConstants.EVERYTHING); canDelete = isUserAuthor || isUserAdmin || userHasAllRights; } return canDelete; }
@GET @Produces("text/html") @Path(value = "restartView") public Object restartServerView() { if (((NuxeoPrincipal) getContext().getPrincipal()).isAdministrator()) { return getView("serverRestart").arg("nuxeoctl", new NuxeoCtlManager()); } else { return Response.status(Response.Status.UNAUTHORIZED).build(); } }
protected boolean isAdministrator() { NuxeoPrincipal principal = getPrincipal(); // FIXME: this is inconsistent with NuxeoPrincipal#isAdministrator // method because it allows hardcoded Administrator user if (Framework.isTestModeSet()) { if (SecurityConstants.ADMINISTRATOR.equals(principal.getName())) { return true; } } return principal.isAdministrator(); }
@Override public boolean canEndTask(NuxeoPrincipal principal, Task task) { if (task != null && (!task.isCancelled() && !task.hasEnded())) { return principal.isAdministrator() || principal.getName().equals(task.getInitiator()) || isTaskAssignedToUser(task, principal, true); } return false; }
public void init(CoreSession session, String indices, String types, String rawQuery, String payload) { RequestValidator validator = new RequestValidator(); this.indices = validator.getIndices(indices); this.types = validator.getTypes(this.indices, types); this.principal = session.getPrincipal(); this.rawQuery = rawQuery; this.payload = payload; if (payload == null && !principal.isAdministrator()) { // here we turn the UriSearch query_string into a body search extractPayloadFromQuery(); } }
protected void checkCurrentUserCanCreateArtifact(T artifact) { NuxeoPrincipal currentUser = getContext().getCoreSession().getPrincipal(); if (!currentUser.isAdministrator()) { if (!currentUser.isMemberOf("powerusers") || !isAPowerUserEditableArtifact(artifact)) { throw new WebSecurityException("Cannot create artifact"); } } }
void checkEditGuards() { NuxeoPrincipal currentUser = getContext().getCoreSession().getPrincipal(); if (!(currentUser.isAdministrator() || currentUser.isMemberOf("powerusers"))) { throw new WebSecurityException("Not allowed to edit directory"); } UserManager um = Framework.getService(UserManager.class); if (directory.getName().equals(um.getUserDirectoryName()) || directory.getName().equals(um.getGroupDirectoryName())) { throw new NuxeoException("Not allowed to edit user/group directories, please use user/group endpoints", SC_BAD_REQUEST); } }
protected void checkStatus(BulkStatus status) { if (status.getState() == State.UNKNOWN || !getContext().getPrincipal().isAdministrator() && !getContext().getPrincipal().getName().equals(status.getUsername())) { throw new WebResourceNotFoundException("Bulk command with id=" + status.getId() + " doesn't exist"); } } }
private void checkPrincipalCanAdministerGroupAndUser(UserManager um) { NuxeoPrincipal currentPrincipal = getContext().getCoreSession().getPrincipal(); if (!currentPrincipal.isAdministrator()) { if (!currentPrincipal.isMemberOf("powerusers") || !UserRootObject.isAPowerUserEditableUser(principal) || !GroupRootObject.isAPowerUserEditableGroup(group)) { throw new WebSecurityException("Cannot edit user"); } } }
@OperationMethod(collector = BlobCollector.class) public Blob run(Blob blob) throws IOException, OperationException { if (!ctx.getPrincipal().isAdministrator()) { throw new OperationException("Not allowed. You must be administrator to use this operation"); } if (isTargetDirectoryForbidden()) { throw new OperationException( "Not allowed. The target directory is forbidden for this operation (" + directory + ")."); } init(); writeFile(blob); return blob; }
protected QueryBuilder addSecurityFilter(QueryBuilder query) { NuxeoPrincipal principal = session.getPrincipal(); if (principal == null || principal.isAdministrator()) { return query; } String[] principals = SecurityService.getPrincipalsToCheck(principal); // we want an ACL that match principals but we discard // unsupported ACE that contains negative ACE QueryBuilder aclFilter = QueryBuilders.boolQuery() .must(QueryBuilders.termsQuery(ACL_FIELD, principals)) .mustNot(QueryBuilders.termsQuery(ACL_FIELD, UNSUPPORTED_ACL)); return QueryBuilders.boolQuery().must(query).filter(aclFilter); }