Example 1 with AccountPermissionsChecker
use of org.eclipse.che.multiuser.api.permission.server.account.AccountPermissionsChecker in project che-server by eclipse-che.
the class ResourceServicePermissionsFilter method filter.
@Override
protected void filter(GenericResourceMethod genericMethodResource, Object[] arguments) throws ApiException {
String accountId;
switch(genericMethodResource.getMethod().getName()) {
case GET_TOTAL_RESOURCES_METHOD:
case GET_AVAILABLE_RESOURCES_METHOD:
case GET_USED_RESOURCES_METHOD:
case GET_RESOURCES_DETAILS_METHOD:
Subject currentSubject = EnvironmentContext.getCurrent().getSubject();
if (currentSubject.hasPermission(SystemDomain.DOMAIN_ID, null, SystemDomain.MANAGE_SYSTEM_ACTION)) {
// user is admin and he is able to see resources of all accounts
return;
}
accountId = ((String) arguments[0]);
break;
default:
throw new ForbiddenException("The user does not have permission to perform this operation");
}
final Account account = accountManager.getById(accountId);
final AccountPermissionsChecker resourcesPermissionsChecker = permissionsCheckers.get(account.getType());
if (resourcesPermissionsChecker != null) {
resourcesPermissionsChecker.checkPermissions(accountId, AccountOperation.SEE_RESOURCE_INFORMATION);
} else {
throw new ForbiddenException("User is not authorized to perform given operation");
}
}
Also used :
Account(org.eclipse.che.account.shared.model.Account)
ForbiddenException(org.eclipse.che.api.core.ForbiddenException)
AccountPermissionsChecker(org.eclipse.che.multiuser.api.permission.server.account.AccountPermissionsChecker)
Subject(org.eclipse.che.commons.subject.Subject)
Example 2 with AccountPermissionsChecker
use of org.eclipse.che.multiuser.api.permission.server.account.AccountPermissionsChecker in project che-server by eclipse-che.
the class WorkspacePermissionsFilter method checkAccountPermissions.
void checkAccountPermissions(String accountName, AccountOperation operation) throws ForbiddenException, NotFoundException, ServerException {
if (accountName == null) {
// default namespace will be used
return;
}
final Account account = accountManager.getByName(accountName);
AccountPermissionsChecker accountPermissionsChecker = accountTypeToPermissionsChecker.get(account.getType());
if (accountPermissionsChecker == null) {
throw new ForbiddenException("User is not authorized to use specified namespace");
}
accountPermissionsChecker.checkPermissions(account.getId(), operation);
}
Also used :
Account(org.eclipse.che.account.shared.model.Account)
ForbiddenException(org.eclipse.che.api.core.ForbiddenException)
AccountPermissionsChecker(org.eclipse.che.multiuser.api.permission.server.account.AccountPermissionsChecker)
Example 3 with AccountPermissionsChecker
use of org.eclipse.che.multiuser.api.permission.server.account.AccountPermissionsChecker in project devspaces-images by redhat-developer.
the class WorkspacePermissionsFilter method checkAccountPermissions.
void checkAccountPermissions(String accountName, AccountOperation operation) throws ForbiddenException, NotFoundException, ServerException {
if (accountName == null) {
// default namespace will be used
return;
}
final Account account = accountManager.getByName(accountName);
AccountPermissionsChecker accountPermissionsChecker = accountTypeToPermissionsChecker.get(account.getType());
if (accountPermissionsChecker == null) {
throw new ForbiddenException("User is not authorized to use specified namespace");
}
accountPermissionsChecker.checkPermissions(account.getId(), operation);
}
Also used :
Account(org.eclipse.che.account.shared.model.Account)
ForbiddenException(org.eclipse.che.api.core.ForbiddenException)
AccountPermissionsChecker(org.eclipse.che.multiuser.api.permission.server.account.AccountPermissionsChecker)
Example 4 with AccountPermissionsChecker
use of org.eclipse.che.multiuser.api.permission.server.account.AccountPermissionsChecker in project devspaces-images by redhat-developer.
the class ResourceServicePermissionsFilter method filter.
@Override
protected void filter(GenericResourceMethod genericMethodResource, Object[] arguments) throws ApiException {
String accountId;
switch(genericMethodResource.getMethod().getName()) {
case GET_TOTAL_RESOURCES_METHOD:
case GET_AVAILABLE_RESOURCES_METHOD:
case GET_USED_RESOURCES_METHOD:
case GET_RESOURCES_DETAILS_METHOD:
Subject currentSubject = EnvironmentContext.getCurrent().getSubject();
if (currentSubject.hasPermission(SystemDomain.DOMAIN_ID, null, SystemDomain.MANAGE_SYSTEM_ACTION)) {
// user is admin and he is able to see resources of all accounts
return;
}
accountId = ((String) arguments[0]);
break;
default:
throw new ForbiddenException("The user does not have permission to perform this operation");
}
final Account account = accountManager.getById(accountId);
final AccountPermissionsChecker resourcesPermissionsChecker = permissionsCheckers.get(account.getType());
if (resourcesPermissionsChecker != null) {
resourcesPermissionsChecker.checkPermissions(accountId, AccountOperation.SEE_RESOURCE_INFORMATION);
} else {
throw new ForbiddenException("User is not authorized to perform given operation");
}
}
Also used :
Account(org.eclipse.che.account.shared.model.Account)
ForbiddenException(org.eclipse.che.api.core.ForbiddenException)
AccountPermissionsChecker(org.eclipse.che.multiuser.api.permission.server.account.AccountPermissionsChecker)
Subject(org.eclipse.che.commons.subject.Subject)
Aggregations
Account (org.eclipse.che.account.shared.model.Account)4
ForbiddenException (org.eclipse.che.api.core.ForbiddenException)4
AccountPermissionsChecker (org.eclipse.che.multiuser.api.permission.server.account.AccountPermissionsChecker)4
Subject (org.eclipse.che.commons.subject.Subject)2
