Examples with User ca.corefacility.bioinformatics.irida.model.user.User used on opensource projects

Example 21 with User

use of ca.corefacility.bioinformatics.irida.model.user.User in project irida by phac-nml.

the class ReadAnalysisPermission method customPermissionAllowed.

/**
 * {@inheritDoc}
 */
@Override
protected boolean customPermissionAllowed(final Authentication authentication, final Analysis analysis) {
    logger.trace("Testing permission for [" + authentication + "] on analysis  [" + analysis + "]");
    final User u = userRepository.loadUserByUsername(authentication.getName());
    final AnalysisSubmission analysisSubmission = analysisSubmissionRepository.findByAnalysis(analysis);
    if (analysisSubmission.getSubmitter().equals(u)) {
        logger.trace("Permission GRANTED for [" + authentication + "] on analysis submission [" + analysisSubmission + "]");
        return true;
    }
    logger.trace("Permission DENIED for [" + authentication + "] on analysis submission [" + analysisSubmission + "]");
    return false;
}

Example 22 with User

use of ca.corefacility.bioinformatics.irida.model.user.User in project irida by phac-nml.

the class UpdateAnalysisSubmissionPermission method customPermissionAllowed.

/**
 * {@inheritDoc}
 */
@Override
protected boolean customPermissionAllowed(Authentication authentication, AnalysisSubmission analysisSubmission) {
    logger.trace("Testing permission for [" + authentication + "] on analysis submission [" + analysisSubmission + "]");
    User u = userRepository.loadUserByUsername(authentication.getName());
    if (analysisSubmission.getSubmitter().equals(u)) {
        logger.trace("Permission GRANTED for [" + authentication + "] on analysis submission [" + analysisSubmission + "]");
        return true;
    }
    logger.trace("Permission DENIED for [" + authentication + "] on analysis submission [" + analysisSubmission + "]");
    return false;
}

Example 23 with User

use of ca.corefacility.bioinformatics.irida.model.user.User in project irida by phac-nml.

the class ModifyProjectPermission method customPermissionAllowed.

/**
 * {@inheritDoc}
 */
public boolean customPermissionAllowed(Authentication authentication, Project p) {
    logger.trace("Testing permission for [" + authentication + "] can modify project [" + p + "]");
    // check if the user is a project owner for this project
    User u = userRepository.loadUserByUsername(authentication.getName());
    List<Join<Project, User>> projectUsers = pujRepository.getUsersForProjectByRole(p, ProjectRole.PROJECT_OWNER);
    for (Join<Project, User> projectUser : projectUsers) {
        if (projectUser.getObject().equals(u)) {
            logger.trace("Permission GRANTED for [" + authentication + "] on project [" + p + "]");
            // this user is an owner for the project.
            return true;
        }
    }
    // if we've made it this far, then that means that the user isn't
    // directly added to the project, so check if the user is in any groups
    // added to the project.
    final Collection<UserGroupProjectJoin> groups = ugpjRepository.findGroupsByProject(p);
    for (final UserGroupProjectJoin group : groups) {
        if (group.getProjectRole().equals(ProjectRole.PROJECT_OWNER)) {
            final Collection<UserGroupJoin> groupMembers = ugRepository.findUsersInGroup(group.getObject());
            final boolean inGroup = groupMembers.stream().anyMatch(j -> j.getSubject().equals(u));
            if (inGroup) {
                logger.trace("Permission GRANTED for [" + authentication + "] on project [" + p + "] by group membership in [" + group.getLabel() + "]");
                return true;
            }
        } else {
            logger.trace("Group is not PROJECT_OWNER, checking next project.");
        }
    }
    logger.trace("Permission DENIED for [" + authentication + "] on project [" + p + "]");
    return false;
}

Example 24 with User

use of ca.corefacility.bioinformatics.irida.model.user.User in project irida by phac-nml.

the class UpdateUserGroupPermission method customPermissionAllowed.

/**
 * {@inheritDoc}
 */
@Override
public boolean customPermissionAllowed(final Authentication authentication, final UserGroup g) {
    logger.trace("Checking if [" + authentication + "] can modify [" + g + "]");
    final User user = userRepository.loadUserByUsername(authentication.getName());
    final Optional<UserGroupJoin> userInGroup = userGroupJoinRepository.findUsersInGroup(g).stream().filter(j -> j.getSubject().equals(user)).findAny();
    if (userInGroup.isPresent()) {
        final UserGroupJoin j = userInGroup.get();
        if (j.getRole().equals(UserGroupRole.GROUP_OWNER)) {
            logger.trace("User [" + user + "] is GROUP_OWNER in group [" + g + "], access is GRANTED.");
            return true;
        } else {
            logger.trace("User [" + user + "] is *not* GROUP_OWNER in group [" + g + "], access is DENIED.");
            return false;
        }
    } else {
        logger.trace("User [" + user + "] is not in group [" + g + "], access is DENIED.");
        return false;
    }
}

Example 25 with User

use of ca.corefacility.bioinformatics.irida.model.user.User in project irida by phac-nml.

the class UpdateUserPermission method modifyingOwnAccount.

/**
 * Check to see if the user is modifying their own account.
 *
 * @param authentication
 *            the currently logged in user.
 * @param u
 *            the user that is being modified
 * @return true if the authentication and user are the same thing.
 */
private boolean modifyingOwnAccount(Authentication authentication, User u) {
    boolean isOwnAccount = false;
    // business rules specify that the authenticated user must have a
    // role of administrator, or the user is trying to modify their own
    // account.
    logger.trace("User is not admin, checking if user is trying to modify own account.");
    User authenticated = userRepository.loadUserByUsername(authentication.getName());
    isOwnAccount = authenticated.equals(u);
    logger.trace("Allowing modification of user account based on authenticated principle? [" + isOwnAccount + "]");
    return isOwnAccount;
}