public boolean isUserAuthorized(String userName, String resourceId, String action) throws UserStoreException { return getAuthorizationManager().isUserAuthorized(userName, resourceId, action); }
public static boolean isUserAuthorizedToConfigureProfile(UserRealm realm, String currentUserName, String targetUser) throws UserStoreException { boolean isAuthrized = false; if (currentUserName == null) { //do nothing } else if (currentUserName.equals(targetUser)) { isAuthrized = true; } else { AuthorizationManager authorizer = realm.getAuthorizationManager(); isAuthrized = authorizer.isUserAuthorized(currentUserName, CarbonConstants.UI_ADMIN_PERMISSION_COLLECTION + "/manage/identity/usermgt/profiles", "ui.execute"); } return isAuthrized; }
private static boolean isUserAuthorizedToConfigureProfile(UserRealm realm, String currentUserName, String targetUser, String permission) throws UserStoreException { boolean isAuthrized = false; if (currentUserName == null) { //do nothing } else if (currentUserName.equals(targetUser)) { isAuthrized = true; } else { AuthorizationManager authorizer = realm.getAuthorizationManager(); isAuthrized = authorizer.isUserAuthorized(currentUserName, CarbonConstants.UI_ADMIN_PERMISSION_COLLECTION + permission, "ui.execute"); } return isAuthrized; }
public static boolean isUserAuthorizedToConfigureProfile(UserRealm realm, String currentUserName, String targetUser) throws UserStoreException { boolean isAuthrized = false; if (currentUserName == null) { //do nothing } else if (currentUserName.equals(targetUser)) { isAuthrized = true; } else { AuthorizationManager authorizer = realm.getAuthorizationManager(); isAuthrized = authorizer.isUserAuthorized(currentUserName, CarbonConstants.UI_ADMIN_PERMISSION_COLLECTION + "/manage/identity/usermgt/profiles", "ui.execute"); } return isAuthrized; }
private static boolean isUserAuthorizedToConfigureProfile(UserRealm realm, String currentUserName, String targetUser, String permission) throws UserStoreException { boolean isAuthrized = false; if (currentUserName == null) { //do nothing } else if (currentUserName.equals(targetUser)) { isAuthrized = true; } else { AuthorizationManager authorizer = realm.getAuthorizationManager(); isAuthrized = authorizer.isUserAuthorized(currentUserName, CarbonConstants.UI_ADMIN_PERMISSION_COLLECTION + permission, "ui.execute"); } return isAuthrized; }
public boolean hasPermission(String s, String s1) throws RepositoryException { //s-absPAth ,s1-action boolean hasPer = false; try { hasPer = userRegistry.getUserRealm().getAuthorizationManager().isUserAuthorized(this.getUserID(), s, s1); } catch (UserStoreException e) { String msg = "failed to resolve the path of the given node " + this; log.debug(msg); throw new RepositoryException(msg, e); } return hasPer; }
public static boolean isPutAllowed( String userName, String resourcePath, UserRegistry userRegistry) throws RegistryException { boolean putAllowed = false; UserRealm userRealm = userRegistry.getUserRealm(); try { if (userRealm.getAuthorizationManager().isUserAuthorized( userName, resourcePath, ActionConstants.PUT)) { putAllowed = true; } } catch (UserStoreException e) { String msg = "Could not the permission details for the user: " + userName + " for the resource: " + resourcePath + ". Caused by: " + e.getMessage(); throw new RegistryException(msg); } return putAllowed; }
public static boolean isGetAllowed( String userName, String resourcePath, UserRegistry userRegistry) throws RegistryException { boolean putAllowed = false; UserRealm userRealm = userRegistry.getUserRealm(); try { if (userRealm.getAuthorizationManager().isUserAuthorized( userName, resourcePath, ActionConstants.GET)) { putAllowed = true; } } catch (UserStoreException e) { String msg = "Could not the permission details for the user: " + userName + " for the resource: " + resourcePath + ". Caused by: " + e.getMessage(); throw new RegistryException(msg); } return putAllowed; } public static boolean isAuthorizeAllowed(
public static boolean isDeleteAllowed( String userName, String resourcePath, UserRegistry userRegistry) throws RegistryException { boolean putAllowed = false; UserRealm userRealm = userRegistry.getUserRealm(); try { if (userRealm.getAuthorizationManager().isUserAuthorized( userName, resourcePath, ActionConstants.DELETE)) { putAllowed = true; } } catch (UserStoreException e) { String msg = "Could not the permission details for the user: " + userName + " for the resource: " + resourcePath + ". Caused by: " + e.getMessage(); throw new RegistryException(msg); } return putAllowed; } public static boolean isGetAllowed(
public static boolean isAuthorizeAllowed( String userName, String resourcePath, UserRegistry userRegistry) throws RegistryException { boolean putAllowed = false; UserRealm userRealm = userRegistry.getUserRealm(); try { if (userRealm.getAuthorizationManager().isUserAuthorized( userName, resourcePath, AccessControlConstants.AUTHORIZE)) { putAllowed = true; } } catch (UserStoreException e) { String msg = "Could not the permission details for the user: " + userName + " for the resource: " + resourcePath + ". Caused by: " + e.getMessage(); throw new RegistryException(msg); } return putAllowed; } }
public EvaluationResult evaluate(List<Evaluatable> inputs, EvaluationCtx context) { AttributeValue[] argValues = new AttributeValue[inputs.size()]; EvaluationResult result = evalArgs(inputs, context, argValues); if (result != null) { return result; } switch (getFunctionId()) { case ID_EVAL_PERMISSION_TREE: String resource = ((StringAttribute) argValues[0]).getValue().trim(); String subject = ((StringAttribute) argValues[1]).getValue().trim(); boolean isAuthorised = false; try { isAuthorised = EntitlementServiceComponent.getRealmservice().getBootstrapRealm(). getAuthorizationManager().isUserAuthorized(subject, resource, "ui.execute"); } catch (UserStoreException e) { log.error("Error while authorising" + subject + " to perform ui.execute on " + resource, e); } result = new EvaluationResult(BooleanAttribute.getInstance(isAuthorised)); break; } return result; } }
public EvaluationResult evaluate(List<Evaluatable> inputs, EvaluationCtx context) { AttributeValue[] argValues = new AttributeValue[inputs.size()]; EvaluationResult result = evalArgs(inputs, context, argValues); if (result != null) { return result; } switch (getFunctionId()) { case ID_EVAL_PERMISSION_TREE: String resource = ((StringAttribute) argValues[0]).getValue().trim(); String subject = ((StringAttribute) argValues[1]).getValue().trim(); boolean isAuthorised = false; try { isAuthorised = EntitlementServiceComponent.getRealmservice().getBootstrapRealm(). getAuthorizationManager().isUserAuthorized(subject, resource, "ui.execute"); } catch (UserStoreException e) { log.error("Error while authorising" + subject + " to perform ui.execute on " + resource, e); } result = new EvaluationResult(BooleanAttribute.getInstance(isAuthorised)); break; } return result; } }
private boolean isAuthorized(UserRegistry registry, String resourcePath, String action) throws RegistryException { UserRealm userRealm = registry.getUserRealm(); String userName = getLoggedInUserName(); try { if (!userRealm.getAuthorizationManager().isUserAuthorized(userName, resourcePath, action)) { return false; } } catch (UserStoreException e) { throw new RegistryException("Error while authorizing " + resourcePath + " with user " + userName + ":" + e.getMessage(), e); } return true; }
private boolean isAuthorized(UserRegistry registry, String resourcePath, String action) throws RegistryException{ UserRealm userRealm = registry.getUserRealm(); String userName = getLoggedInUserName(); try { if (!userRealm.getAuthorizationManager().isUserAuthorized(userName, resourcePath, action)) { return false; } } catch (UserStoreException e) { throw new RegistryException("Error at Authorizing " + resourcePath + " with user " + userName + ":" + e.getMessage(), e); } return true; }
public static boolean isAuthorized(UserRegistry registry, String resourcePath, String action) throws RegistryException{ UserRealm userRealm = registry.getUserRealm(); String userName = registry.getUserName(); try { if (!userRealm.getAuthorizationManager().isUserAuthorized(userName, resourcePath, action)) { return false; } } catch (UserStoreException e) { throw new RegistryException("Error at Authorizing " + resourcePath + " with user " + userName + ":" + e.getMessage(), e); } return true; }
.isUserAuthorized(tenantAwareUserName, serviceGroupId + "/" + serviceId, UserCoreConstants.INVOKE_SERVICE_PERMISSION);
private void buildUIPermissionNode(Collection parent, UIPermissionNode parentNode, Registry registry, Registry tenantRegistry, AuthorizationManager authMan, String roleName, String userName) throws RegistryException, UserStoreException { boolean isSelected = false; if (roleName != null) { isSelected = authMan.isRoleAuthorized(roleName, parentNode.getResourcePath(), UserMgtConstants.EXECUTE_ACTION); } else if (userName != null) { isSelected = authMan.isUserAuthorized(userName, parentNode.getResourcePath(), UserMgtConstants.EXECUTE_ACTION); } if (isSelected) { buildUIPermissionNodeAllSelected(parent, parentNode, registry, tenantRegistry); parentNode.setSelected(true); } else { buildUIPermissionNodeNotAllSelected(parent, parentNode, registry, tenantRegistry, authMan, roleName, userName); } }
private void buildUIPermissionNode(Collection parent, UIPermissionNode parentNode, Registry registry, Registry tenantRegistry, AuthorizationManager authMan, String roleName, String userName) throws RegistryException, UserStoreException { boolean isSelected = false; if (roleName != null) { isSelected = authMan.isRoleAuthorized(roleName, parentNode.getResourcePath(), UserMgtConstants.EXECUTE_ACTION); } else if (userName != null) { isSelected = authMan.isUserAuthorized(userName, parentNode.getResourcePath(), UserMgtConstants.EXECUTE_ACTION); } if (isSelected) { buildUIPermissionNodeAllSelected(parent, parentNode, registry, tenantRegistry); parentNode.setSelected(true); } else { buildUIPermissionNodeNotAllSelected(parent, parentNode, registry, tenantRegistry, authMan, roleName, userName); } }
UserMgtConstants.EXECUTE_ACTION); } else if (userName != null) { isSelected = authMan.isUserAuthorized(userName, child, UserMgtConstants.EXECUTE_ACTION);
try { canDelete[i] = registry.getUserRealm().getAuthorizationManager().isUserAuthorized( registry.getUserName(), RegistryConstants.GOVERNANCE_REGISTRY_BASE_PATH + path[i],