Example #1
0
  private void throwSecurityViolationIfNotAllowed(final IObject i) {

    final String type = i.getClass().getName();
    final Details d = i.getDetails();
    final long user = d.getOwner().getId();
    final long group = d.getGroup().getId();

    final EventContext ec = getSecuritySystem().getEventContext();
    final boolean root = ec.isCurrentUserAdmin();
    final List<Long> leaderof = ec.getLeaderOfGroupsList();
    final boolean pi = leaderof.contains(group);
    final boolean own = ec.getCurrentUserId().equals(user);

    if (!own && !root && !pi) {
      if (log.isWarnEnabled()) {
        log.warn(
            String.format(
                "User %d attempted to delete " + type + " %d belonging to User %d",
                ec.getCurrentUserId(),
                i.getId(),
                user));
      }
      throw new SecurityViolation(
          String.format("User %s cannot delete %s %d ", ec.getCurrentUserName(), type, i.getId()));
    }
  }
  public boolean isOwnerOrSupervisor(IObject object) {
    if (object == null) {
      throw new ApiUsageException("Object can't be null");
    }
    final Long o = HibernateUtils.nullSafeOwnerId(object);
    final Long g = HibernateUtils.nullSafeGroupId(object);

    final EventContext ec = getCurrentEventContext();
    final boolean isAdmin = ec.isCurrentUserAdmin();
    final boolean isPI = ec.getLeaderOfGroupsList().contains(g);
    final boolean isOwner = ec.getCurrentUserId().equals(o);

    if (isAdmin || isPI || isOwner) {
      return true;
    }
    return false;
  }
  /**
   * @see SecuritySystem#isGraphCritical()
   * @return
   */
  public boolean isGraphCritical() {
    EventContext ec = getCurrentEventContext();
    long gid = ec.getCurrentGroupId();
    Permissions perms = ec.getCurrentGroupPermissions();

    boolean admin = ec.isCurrentUserAdmin();
    boolean pi = ec.getLeaderOfGroupsList().contains(gid);

    if (perms.isGranted(Role.WORLD, Right.READ)) {
      // Public groups (rwrwrw) are always non-critical
      return false;
    } else if (perms.isGranted(Role.GROUP, Right.READ)) {
      // Since the object will be contained in the group,
      // then it will be readable regardless.
      return false;
    } else {
      // This is a private group. Any form of admin modification is
      // critical.
      return admin || pi;
    }
  }