use of ca.corefacility.bioinformatics.irida.model.user.User in project irida by phac-nml.
the class ReadAnalysisPermission method customPermissionAllowed.
/**
* {@inheritDoc}
*/
@Override
protected boolean customPermissionAllowed(final Authentication authentication, final Analysis analysis) {
logger.trace("Testing permission for [" + authentication + "] on analysis [" + analysis + "]");
final User u = userRepository.loadUserByUsername(authentication.getName());
final AnalysisSubmission analysisSubmission = analysisSubmissionRepository.findByAnalysis(analysis);
if (analysisSubmission.getSubmitter().equals(u)) {
logger.trace("Permission GRANTED for [" + authentication + "] on analysis submission [" + analysisSubmission + "]");
return true;
}
logger.trace("Permission DENIED for [" + authentication + "] on analysis submission [" + analysisSubmission + "]");
return false;
}
use of ca.corefacility.bioinformatics.irida.model.user.User in project irida by phac-nml.
the class UpdateAnalysisSubmissionPermission method customPermissionAllowed.
/**
* {@inheritDoc}
*/
@Override
protected boolean customPermissionAllowed(Authentication authentication, AnalysisSubmission analysisSubmission) {
logger.trace("Testing permission for [" + authentication + "] on analysis submission [" + analysisSubmission + "]");
User u = userRepository.loadUserByUsername(authentication.getName());
if (analysisSubmission.getSubmitter().equals(u)) {
logger.trace("Permission GRANTED for [" + authentication + "] on analysis submission [" + analysisSubmission + "]");
return true;
}
logger.trace("Permission DENIED for [" + authentication + "] on analysis submission [" + analysisSubmission + "]");
return false;
}
use of ca.corefacility.bioinformatics.irida.model.user.User in project irida by phac-nml.
the class ModifyProjectPermission method customPermissionAllowed.
/**
* {@inheritDoc}
*/
public boolean customPermissionAllowed(Authentication authentication, Project p) {
logger.trace("Testing permission for [" + authentication + "] can modify project [" + p + "]");
// check if the user is a project owner for this project
User u = userRepository.loadUserByUsername(authentication.getName());
List<Join<Project, User>> projectUsers = pujRepository.getUsersForProjectByRole(p, ProjectRole.PROJECT_OWNER);
for (Join<Project, User> projectUser : projectUsers) {
if (projectUser.getObject().equals(u)) {
logger.trace("Permission GRANTED for [" + authentication + "] on project [" + p + "]");
// this user is an owner for the project.
return true;
}
}
// if we've made it this far, then that means that the user isn't
// directly added to the project, so check if the user is in any groups
// added to the project.
final Collection<UserGroupProjectJoin> groups = ugpjRepository.findGroupsByProject(p);
for (final UserGroupProjectJoin group : groups) {
if (group.getProjectRole().equals(ProjectRole.PROJECT_OWNER)) {
final Collection<UserGroupJoin> groupMembers = ugRepository.findUsersInGroup(group.getObject());
final boolean inGroup = groupMembers.stream().anyMatch(j -> j.getSubject().equals(u));
if (inGroup) {
logger.trace("Permission GRANTED for [" + authentication + "] on project [" + p + "] by group membership in [" + group.getLabel() + "]");
return true;
}
} else {
logger.trace("Group is not PROJECT_OWNER, checking next project.");
}
}
logger.trace("Permission DENIED for [" + authentication + "] on project [" + p + "]");
return false;
}
use of ca.corefacility.bioinformatics.irida.model.user.User in project irida by phac-nml.
the class UpdateUserGroupPermission method customPermissionAllowed.
/**
* {@inheritDoc}
*/
@Override
public boolean customPermissionAllowed(final Authentication authentication, final UserGroup g) {
logger.trace("Checking if [" + authentication + "] can modify [" + g + "]");
final User user = userRepository.loadUserByUsername(authentication.getName());
final Optional<UserGroupJoin> userInGroup = userGroupJoinRepository.findUsersInGroup(g).stream().filter(j -> j.getSubject().equals(user)).findAny();
if (userInGroup.isPresent()) {
final UserGroupJoin j = userInGroup.get();
if (j.getRole().equals(UserGroupRole.GROUP_OWNER)) {
logger.trace("User [" + user + "] is GROUP_OWNER in group [" + g + "], access is GRANTED.");
return true;
} else {
logger.trace("User [" + user + "] is *not* GROUP_OWNER in group [" + g + "], access is DENIED.");
return false;
}
} else {
logger.trace("User [" + user + "] is not in group [" + g + "], access is DENIED.");
return false;
}
}
use of ca.corefacility.bioinformatics.irida.model.user.User in project irida by phac-nml.
the class UpdateUserPermission method modifyingOwnAccount.
/**
* Check to see if the user is modifying their own account.
*
* @param authentication
* the currently logged in user.
* @param u
* the user that is being modified
* @return true if the authentication and user are the same thing.
*/
private boolean modifyingOwnAccount(Authentication authentication, User u) {
boolean isOwnAccount = false;
// business rules specify that the authenticated user must have a
// role of administrator, or the user is trying to modify their own
// account.
logger.trace("User is not admin, checking if user is trying to modify own account.");
User authenticated = userRepository.loadUserByUsername(authentication.getName());
isOwnAccount = authenticated.equals(u);
logger.trace("Allowing modification of user account based on authenticated principle? [" + isOwnAccount + "]");
return isOwnAccount;
}
Aggregations