public boolean check(Adaptable context) { Principal p = context.getAdapter(Principal.class); if (p instanceof NuxeoPrincipal) { return ((NuxeoPrincipal) p).isMemberOf(group); } return false; }
protected final boolean checkGroups(ActionContext context, String[] groups) { NuxeoPrincipal principal = context.getCurrentPrincipal(); if (principal == null) { if (log.isDebugEnabled()) { log.debug("#checkGroups: no user => return false"); } return false; } for (String group : groups) { if (principal.isMemberOf(group)) { if (log.isDebugEnabled()) { log.debug(String.format("#checkGroups: return true for group '%s'", group)); } return true; } } if (log.isDebugEnabled()) { log.debug("#checkGroups: return false"); } return false; }
protected boolean isValidator(DocumentModel document, NuxeoPrincipal principal) { String[] validators = getValidatorsFor(document); for (String s : validators) { if (principal.getName().equals(s) || principal.isMemberOf(s)) { return true; } } return false; }
return true; if (user.isMemberOf(POWER_USERS_GROUP)) { return true;
protected void checkCancelGuards(DocumentRoute route) { NuxeoPrincipal currentUser = getContext().getCoreSession().getPrincipal(); if (currentUser.isAdministrator() || currentUser.isMemberOf("powerusers")) { return; } if (currentUser.getName().equals(route.getInitiator())) { return; } throw new WebSecurityException("You don't have the permission to cancel this workflow"); }
protected void checkUpdateGuardPreconditions() { NuxeoPrincipal principal = getContext().getCoreSession().getPrincipal(); if (!principal.isAdministrator()) { if ((!principal.isMemberOf("powerusers")) || !isAPowerUserEditableArtifact()) { throw new WebSecurityException("User is not allowed to edit users"); } } }
protected void checkCurrentUserCanCreateArtifact(T artifact) { NuxeoPrincipal currentUser = getContext().getCoreSession().getPrincipal(); if (!currentUser.isAdministrator()) { if (!currentUser.isMemberOf("powerusers") || !isAPowerUserEditableArtifact(artifact)) { throw new WebSecurityException("Cannot create artifact"); } } }
void checkEditGuards() { NuxeoPrincipal currentUser = getContext().getCoreSession().getPrincipal(); if (!(currentUser.isAdministrator() || currentUser.isMemberOf("powerusers"))) { throw new WebSecurityException("Not allowed to edit directory"); } UserManager um = Framework.getService(UserManager.class); if (directory.getName().equals(um.getUserDirectoryName()) || directory.getName().equals(um.getGroupDirectoryName())) { throw new NuxeoException("Not allowed to edit user/group directories, please use user/group endpoints", SC_BAD_REQUEST); } }
private void checkPrincipalCanAdministerGroupAndUser(UserManager um) { NuxeoPrincipal currentPrincipal = getContext().getCoreSession().getPrincipal(); if (!currentPrincipal.isAdministrator()) { if (!currentPrincipal.isMemberOf("powerusers") || !UserRootObject.isAPowerUserEditableUser(principal) || !GroupRootObject.isAPowerUserEditableGroup(group)) { throw new WebSecurityException("Cannot edit user"); } } }
boolean granted = false; for (String group : memberOf) { if (p.isMemberOf(group)) { granted = true; break;