private boolean hasEditOrCommentPrivilege(Set<String> privileges, String propertyName) { return hasPrivilege(privileges, Privilege.EDIT) || (isComment(propertyName) && hasPrivilege(privileges, Privilege.COMMENT)); }
public boolean hasPrivilege(User user, String privilege) { Set<String> privileges = getPrivileges(user); return PrivilegeRepository.hasPrivilege(privileges, privilege); }
private boolean internalCanDeleteElement(ClientApiElement clientApiElement, OntologyElement ontologyElement, Ontology ontology, Set<String> privileges, User user, String workspaceId) { return hasPrivilege(privileges, Privilege.EDIT) && canDeleteElement(clientApiElement, ontologyElement, ontology, user, workspaceId); }
private boolean internalCanUpdateElement(ClientApiElement clientApiElement, OntologyElement ontologyElement, Ontology ontology, Set<String> privileges, User user, String workspaceId) { return hasPrivilege(privileges, Privilege.EDIT) && canUpdateElement(clientApiElement, ontologyElement, ontology, user, workspaceId); }
public String getWorkspaceIdOrNullIfPublish( String workspaceId, boolean shouldPublish, User user ) { if (shouldPublish) { if (privilegeRepository.hasPrivilege(user, Privilege.PUBLISH)) { workspaceId = null; } else { throw new VisalloAccessDeniedException( "The publish parameter was sent in the request, but the user does not have publish privilege.", user, "publish" ); } } else if (workspaceId == null) { throw new VisalloException("workspaceId parameter required"); } return workspaceId; }
private boolean internalCanAddProperty( ClientApiElement clientApiElement, OntologyElement ontologyElement, String propertyKey, String propertyName, Ontology ontology, Set<String> privileges, User user, String workspaceId ) { boolean canAdd = hasEditOrCommentPrivilege(privileges, propertyName) && canAddProperty(clientApiElement, ontologyElement, propertyKey, propertyName, ontology, user, workspaceId); if (canAdd && isComment(propertyName)) { canAdd = hasPrivilege(privileges, Privilege.COMMENT); } return canAdd; }
protected void checkDeletePrivileges(User user, String workspaceId) { if (user != null && user.getUserType() == UserType.SYSTEM) { return; } if (user == null) { throw new VisalloAccessDeniedException("You must provide a valid user to perform this action", null, null); } if (workspaceId == null) { throw new VisalloAccessDeniedException("User does not have access to delete published ontology items", user, null); } else if (!getPrivilegeRepository().hasPrivilege(user, Privilege.ADMIN)) { throw new VisalloAccessDeniedException("User does not have admin privilege", user, null); } }
@Override public void deleteSearch(final String id, User user) { checkNotNull(user, "User is required"); Authorizations authorizations = authorizationRepository.getGraphAuthorizations( user, VISIBILITY_STRING, UserRepository.VISIBILITY_STRING ); Vertex searchVertex = graph.getVertex(id, authorizations); checkNotNull(searchVertex, "Could not find search with id " + id); if (isSearchGlobal(id, authorizations)) { if (!privilegeRepository.hasPrivilege(user, Privilege.SEARCH_SAVE_GLOBAL)) { throw new VisalloAccessDeniedException( "User does not have the privilege to delete a global search", user, id); } } else if (!isSearchPrivateToUser(id, user, authorizations)) { throw new VisalloAccessDeniedException("User does not own this this search", user, id); } graph.deleteVertex(searchVertex, authorizations); graph.flush(); }
protected void checkPrivileges(User user, String workspaceId) { if (user != null && user.getUserType() == UserType.SYSTEM) { return; } if (user == null) { throw new VisalloAccessDeniedException("You must provide a valid user to perform this action", null, null); } if (isPublic(workspaceId)) { if (!getPrivilegeRepository().hasPrivilege(user, Privilege.ONTOLOGY_PUBLISH)) { throw new VisalloAccessDeniedException("User does not have ONTOLOGY_PUBLISH privilege", user, null); } } else { List<WorkspaceUser> users = getWorkspaceRepository().findUsersWithAccess(workspaceId, user); boolean access = users.stream() .anyMatch(workspaceUser -> workspaceUser.getUserId().equals(user.getUserId()) && workspaceUser.getWorkspaceAccess().equals(WorkspaceAccess.WRITE)); if (!access) { throw new VisalloAccessDeniedException("User does not have access to workspace", user, null); } if (!getPrivilegeRepository().hasPrivilege(user, Privilege.ONTOLOGY_ADD)) { throw new VisalloAccessDeniedException("User does not have ONTOLOGY_ADD privilege", user, null); } } }
@Before public void before() throws Exception { super.before(); authorizations = getGraph().createAuthorizations(); user = getUserRepository().findOrAddUser("junit", "Junit", "junit@visallo.com", "password"); Workspace workspace = getWorkspaceRepository().add(workspaceId, "Junit Workspace", user); if (getPrivilegeRepository().hasPrivilege(user, Privilege.ADMIN)) { fail("User shouldn't have admin"); } adminUser = getUserRepository().findOrAddUser("junit-admin", "Junit Admin", "junit-admin@visallo.com", "password"); Set<String> privileges = Privilege.ALL_BUILT_IN.stream().map(Privilege::getName).collect(Collectors.toSet()); setPrivileges(adminUser, privileges); getWorkspaceRepository().updateUserOnWorkspace(workspace, adminUser.getUserId(), WorkspaceAccess.WRITE, systemUser); }
&& canDeleteProperty(element, ontologyElement, propertyKey, propertyName, ontology, user, workspaceId); if (canDelete && isComment(propertyName)) { canDelete = hasPrivilege(privileges, Privilege.COMMENT_DELETE_ANY) || (hasPrivilege(privileges, Privilege.COMMENT) && isAuthor(element, propertyKey, propertyName, user, workspaceId)); && canDeleteProperty(clientApiElement, ontologyElement, propertyKey, propertyName, ontology, user, workspaceId); if (canDelete && isComment(propertyName)) { canDelete = hasPrivilege(privileges, Privilege.COMMENT_DELETE_ANY) || (hasPrivilege(privileges, Privilege.COMMENT) && isAuthor(clientApiElement, propertyKey, propertyName, user, workspaceId)); && canUpdateProperty(element, ontologyElement, propertyKey, propertyName, ontology, user, workspaceId); if (canUpdate && isComment(propertyName)) { canUpdate = hasPrivilege(privileges, Privilege.COMMENT_EDIT_ANY) || (hasPrivilege(privileges, Privilege.COMMENT) && isAuthor(element, propertyKey, propertyName, user, workspaceId)); && canUpdateProperty(clientApiElement, ontologyElement, propertyKey, propertyName, ontology, user, workspaceId); if (canUpdate && isComment(propertyName)) { canUpdate = hasPrivilege(privileges, Privilege.COMMENT_EDIT_ANY) || (hasPrivilege(privileges, Privilege.COMMENT) && isAuthor(clientApiElement, propertyKey, propertyName, user, workspaceId)); && canAddProperty(element, ontologyElement, propertyKey, propertyName, ontology, user, workspaceId); if (canAdd && isComment(propertyName)) { canAdd = hasPrivilege(privileges, Privilege.COMMENT);
User user ) { if (!(user instanceof SystemUser) && !privilegeRepository.hasPrivilege(user, Privilege.SEARCH_SAVE_GLOBAL)) { throw new VisalloAccessDeniedException( "User does not have the privilege to save a global search", user, id);
if (privilegeRepository.hasPrivilege(user, Privilege.SEARCH_SAVE_GLOBAL)) { deleteSearch(id, user); } else {
when(privilegeRepository.hasPrivilege(any(User.class), eq(Privilege.PUBLISH))).thenReturn(true);