public boolean isReadAction() { return read.equals( this ); } }
protected boolean isActionAllowedReadOnly( Action action ) { return action.isReadAction(); }
public boolean isViewable( final String objectType, final String objectId ) { return authorizePermission( "nexus:view:" + objectType + ":" + objectId ); }
private void checkAccessToRepository( String repositoryId ) throws NoSuchRepositoryAccessException { if ( !this.nexusItemAuthorizer.isViewable( NexusItemAuthorizer.VIEW_REPOSITORY_KEY, repositoryId ) ) { throw new NoSuchRepositoryAccessException( repositoryId ); } }
@Override public void run() { try { uid.getLock().lock(Action.valueOf(lockType)); log.info("Locked {} for {}", uid, lockType); latch.await(); uid.getLock().unlock(); log.info("Unlocked {}", uid); } catch (InterruptedException e) { // do nothing } }
public void decide( Repository repository, ResourceStoreRequest request, Action action ) throws AccessDeniedException { //only bother checking item authorizer if there is no flag in request stating authorization //has been taken care of if ( !request.getRequestContext().containsKey( AccessManager.REQUEST_AUTHORIZED ) && !nexusItemAuthorizer.authorizePath( repository, request, action ) ) { // deny the access throw new AccessDeniedException( "Access denied on repository ID='" + repository.getId() + "', path='" + request.getRequestPath() + "', action='" + action + "'!" ); } } }
public boolean authorizePath( final TargetSet matched, final Action action ) { // did we hit repositories at all? if ( matched.getMatchedRepositoryIds().size() > 0 ) { // we had reposes affected, check the targets // make perms from TargetSet return isPermitted( getTargetPerms( matched, action ) ); } else { // we hit no repos, it is a virtual path, allow access return true; } }
public boolean authorizePath( final Repository repository, final ResourceStoreRequest request, final Action action ) { TargetSet matched = repository.getTargetsForRequest( request ); if ( matched == null ) { matched = new TargetSet(); } // if this repository is contained in any group, we need to get those targets, and tweak the TargetMatch matched.addTargetSet( this.getGroupsTargetSet( repository, request ) ); return authorizePath( matched, action ); }
public TargetSet getGroupsTargetSet( final Repository repository, final ResourceStoreRequest request ) { final TargetSet targetSet = new TargetSet(); for ( Repository group : getListOfGroups( repository.getId() ) ) { // are the perms transitively inherited from the groups where it is member? // !group.isExposed() if ( true ) { final TargetSet groupMatched = group.getTargetsForRequest( request ); targetSet.addTargetSet( groupMatched ); // now that we have groups of groups, this needs to be a recursive check targetSet.addTargetSet( getGroupsTargetSet( group, request ) ); } } return targetSet; }
public boolean authorizePermission( final String permission ) { return isPermitted( Collections.singletonList( permission ) ); }
@Override public int hashCode() { final int prime = 31; int result = 1; result = prime * result + ( ( accessMethod == null ) ? 0 : accessMethod.hashCode() ); result = prime * result + ( ( accessProtocol == null ) ? 0 : accessProtocol.hashCode() ); result = prime * result + ( ( accessedUri == null ) ? 0 : accessedUri.hashCode() ); result = prime * result + ( ( action == null ) ? 0 : action.hashCode() ); return result; }
private void checkAccessToRepository(String repositoryId) throws NoSuchRepositoryAccessException { if (!this.nexusItemAuthorizer.isViewable(NexusItemAuthorizer.VIEW_REPOSITORY_KEY, repositoryId)) { throw new NoSuchRepositoryAccessException(repositoryId); } }
@Override public void lock( final Action action ) { if ( action.isReadAction() ) { contentLock.lockShared(); } else { contentLock.lockExclusively(); } }
@Override public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException { // let check the mappedValues 1st boolean result = false; if (mappedValue != null) { result = super.isAccessAllowed(request, response, mappedValue); // if we are not allowed at start, forbid it if (!result) { return false; } } String actionVerb = getHttpMethodAction(request); Action action = Action.valueOf(actionVerb); if (null == action) { return false; } return rootRouter.authorizePath(getResourceStoreRequest(request, false), action); } }
private List<Repository> filterRepositoriesList(List<Repository> repositories) { // guard against npe if (repositories == null) { return null; } List<Repository> filteredRepositories = new ArrayList<Repository>(); for (Repository repository : repositories) { if (this.nexusItemAuthorizer.isViewable(NexusItemAuthorizer.VIEW_REPOSITORY_KEY, repository.getId())) { filteredRepositories.add(repository); } } return filteredRepositories; }
protected void enforceWritePolicy( ResourceStoreRequest request, Action action ) throws IllegalRequestException { // check for write once (no redeploy) if ( Action.update.equals( action ) && !RepositoryWritePolicy.ALLOW_WRITE.equals( this.getWritePolicy() ) ) { throw new IllegalRequestException( request, "Repository with ID='" + getId() + "' does not allow updating artifacts." ); } }
private List<Repository> filterAccessToRepositories( Collection<? extends Repository> repositories ) { if ( repositories == null ) { return null; } List<Repository> filteredRepositories = new ArrayList<Repository>(); for ( Repository repository : repositories ) { if ( this.itemAuthorizer.isViewable( NexusItemAuthorizer.VIEW_REPOSITORY_KEY, repository.getId() ) ) { filteredRepositories.add( repository ); } } return filteredRepositories; }
private List<Repository> filterRepositoriesList( List<Repository> repositories ) { // guard against npe if ( repositories == null ) { return null; } List<Repository> filteredRepositories = new ArrayList<Repository>(); for ( Repository repository : repositories ) { if ( this.nexusItemAuthorizer.isViewable( NexusItemAuthorizer.VIEW_REPOSITORY_KEY, repository.getId() ) ) { filteredRepositories.add( repository ); } } return filteredRepositories; }