/** * Checks if the current {@link Thread} has non-null {@link Experimenter}, {@link Event}, and * {@linkExperimenterGroup}, required for proper functioning of the security system. */ public boolean isReady() { BasicEventContext c = current(); if (c.getEvent() != null && c.getGroup() != null && c.getOwner() != null) { return true; } return false; }
/** * Creates a {@link Details} object for the current security context. * * <p>The {@link Permissions} on the instance are calculated from the current group as well as the * user's umask. * * @return * @see <a href="https://trac.openmicroscopy.org.uk/trac/omero/ticket:1434">ticket:1434</a> */ public Details createDetails() { BasicEventContext c = current(); Details d = Details.create(); d.setCreationEvent(c.getEvent()); d.setUpdateEvent(c.getEvent()); d.setOwner(c.getOwner()); d.setGroup(c.getGroup()); // ticket:1434 Permissions groupPerms = c.getCurrentGroupPermissions(); Permissions userUmask = c.getCurrentUmask(); Permissions p = new Permissions(groupPerms); p.revokeAll(userUmask); d.setPermissions(p); return d; }
public Event newEvent(Session session, EventType type, TokenHolder tokenHolder) { BasicEventContext c = current(); Event e = new Event(); e.setType(type); e.setTime(new Timestamp(System.currentTimeMillis())); tokenHolder.setToken(e.getGraphHolder()); e.getDetails().setPermissions(Permissions.READ_ONLY); // Proxied if necessary e.setExperimenter(c.getOwner()); e.setExperimenterGroup(c.getGroup()); e.setSession(session); c.setEvent(e); return e; }
/** * delegates to SecurityFilter because that is where the logic is defined for the {@link * #enableReadFilter(Object) read filter} * * <p>Ignores the id for the moment. * * <p>Though we pass in whether or not a share is active for completeness, a different {@link * ACLVoter} implementation will almost certainly be active for share use. */ public boolean allowLoad(Class<? extends IObject> klass, Details d, long id) { Assert.notNull(klass); if (d == null || sysTypes.isSystemType(klass) || sysTypes.isInSystemGroup(d) || sysTypes.isInUserGroup(d)) { return true; } final BasicEventContext c = currentUser.current(); final boolean nonPrivate = c.getCurrentGroupPermissions().isGranted(Role.GROUP, Right.READ) || c.getCurrentGroupPermissions().isGranted(Role.WORLD, Right.READ); final boolean isShare = c.getCurrentShareId() != null; final boolean adminOrPi = c.isCurrentUserAdmin() || c.getLeaderOfGroupsList().contains(c.getCurrentGroupId()); return securityFilter.passesFilter( d, c.getGroup().getId(), c.getOwner().getId(), nonPrivate, adminOrPi, isShare); }