Package ome.logic

Class AdminImpl

  • All Implemented Interfaces:
    ome.api.IAdmin, LocalAdmin, ome.api.ServiceInterface, ome.system.SelfConfigurableService, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware
    @Transactional(readOnly=true)
public class AdminImpl
extends AbstractLevel2Service
implements LocalAdmin, org.springframework.context.ApplicationContextAware
    Provides methods for administering user accounts, passwords, as well as methods which require special privileges. Developer note: As can be expected, to perform these privileged the Admin service has access to several resources that should not be generally used while developing services. Misuse could circumvent security or auditing.
    Since:
    3.0-M3
    See Also:
    SecuritySystem, Permissions

    • Field Detail

      • sql

        protected final ome.util.SqlAction sql

      • mailSender

        protected final org.springframework.mail.MailSender mailSender

      • templateMessage

        protected final org.springframework.mail.SimpleMailMessage templateMessage

      • aclVoter

        protected final ACLVoter aclVoter

      • ldapUtil

        protected final LdapImpl ldapUtil

      • cpf

        protected final ome.util.checksum.ChecksumProviderFactory cpf

      • context

        protected ome.system.OmeroContext context

      • NSEXPERIMENTERPHOTO

        protected static final java.lang.String NSEXPERIMENTERPHOTO
        See Also:
        Constant Field Values

    • Method Detail

      • setApplicationContext

        public void setApplicationContext​(org.springframework.context.ApplicationContext ctx)
                           throws org.springframework.beans.BeansException
        Specified by:
        setApplicationContext in interface org.springframework.context.ApplicationContextAware
        Throws:
        org.springframework.beans.BeansException

      • getServiceInterface

        public java.lang.Class<? extends ome.api.ServiceInterface> getServiceInterface()
        Specified by:
        getServiceInterface in interface ome.system.SelfConfigurableService

      • userProxy

        public ome.model.meta.Experimenter userProxy​(java.lang.Long id)
        Description copied from interface: LocalAdmin
        returns a possibly uninitialized proxy for the given user id. Use of the Experimenter instance will initialize its values.
        Specified by:
        userProxy in interface LocalAdmin
        Parameters:
        id - the ID of a user
        Returns:
        the user (may be uninitialized)

      • userProxy

        public ome.model.meta.Experimenter userProxy​(java.lang.String omeName)
        Description copied from interface: LocalAdmin
        returns a possibly uninitialized proxy for the given user name. Use of the Experimenter instance will initialize its values.
        Specified by:
        userProxy in interface LocalAdmin
        Parameters:
        omeName - the name of a user
        Returns:
        the user (may be uninitialized)

      • groupProxy

        public ome.model.meta.ExperimenterGroup groupProxy​(java.lang.Long id)
        Description copied from interface: LocalAdmin
        returns a possibly uninitialized proxy for the given group id. Use of the Experimenter instance will initialize its values.
        Specified by:
        groupProxy in interface LocalAdmin
        Parameters:
        id - the ID of a group
        Returns:
        the group (may be uninitialized)

      • groupProxy

        public ome.model.meta.ExperimenterGroup groupProxy​(java.lang.String groupName)
        Description copied from interface: LocalAdmin
        returns a possibly uninitialized proxy for the given group name. Use of the Experimenter instance will initialize its values.
        Specified by:
        groupProxy in interface LocalAdmin
        Parameters:
        groupName - the name of a group
        Returns:
        the group (may be uninitialized)

      • getLeaderOfGroupIds

        public java.util.List<java.lang.Long> getLeaderOfGroupIds​(ome.model.meta.Experimenter e)
        Specified by:
        getLeaderOfGroupIds in interface ome.api.IAdmin

      • getMemberOfGroupIds

        public java.util.List<java.lang.Long> getMemberOfGroupIds​(ome.model.meta.Experimenter e)
        Specified by:
        getMemberOfGroupIds in interface ome.api.IAdmin

      • getUserRoles

        public java.util.List<java.lang.String> getUserRoles​(ome.model.meta.Experimenter e)
        Description copied from interface: LocalAdmin
        Finds the group names for all groups for which the given Experimenter is a member.
        Specified by:
        getUserRoles in interface LocalAdmin
        Parameters:
        e - Non-null, managed (i.e. with id) Experimenter
        Returns:
        the groups of which the user is a member
        See Also:
        ExperimenterGroup.getDetails(), Details.getOwner()

      • canAnnotate

        public boolean canAnnotate​(ome.model.IObject obj)
        Description copied from interface: LocalAdmin
        Companion to IAdmin.canUpdate(IObject) but not yet remotely accessible.
        Specified by:
        canAnnotate in interface LocalAdmin
        Parameters:
        obj - Not null.
        Returns:
        if the object can be annotated

      • canUpdate

        public boolean canUpdate​(ome.model.IObject obj)
        Specified by:
        canUpdate in interface ome.api.IAdmin

      • getExperimenter

        public ome.model.meta.Experimenter getExperimenter​(long id)
        Specified by:
        getExperimenter in interface ome.api.IAdmin

      • lookupExperimenter

        public ome.model.meta.Experimenter lookupExperimenter​(java.lang.String omeName)
        Specified by:
        lookupExperimenter in interface ome.api.IAdmin

      • lookupExperimenters

        public java.util.List<ome.model.meta.Experimenter> lookupExperimenters()
        Specified by:
        lookupExperimenters in interface ome.api.IAdmin

      • lookupLdapAuthExperimenters

        public java.util.List<java.util.Map<java.lang.String,​java.lang.Object>> lookupLdapAuthExperimenters()
        Specified by:
        lookupLdapAuthExperimenters in interface ome.api.IAdmin

      • lookupLdapAuthExperimenter

        public java.lang.String lookupLdapAuthExperimenter​(long id)
        Specified by:
        lookupLdapAuthExperimenter in interface ome.api.IAdmin

      • getGroup

        public ome.model.meta.ExperimenterGroup getGroup​(long id)
        Specified by:
        getGroup in interface ome.api.IAdmin

      • lookupGroup

        public ome.model.meta.ExperimenterGroup lookupGroup​(java.lang.String groupName)
        Specified by:
        lookupGroup in interface ome.api.IAdmin

      • lookupGroups

        public java.util.List<ome.model.meta.ExperimenterGroup> lookupGroups()
        Specified by:
        lookupGroups in interface ome.api.IAdmin

      • containedExperimenters

        public ome.model.meta.Experimenter[] containedExperimenters​(long groupId)
        Specified by:
        containedExperimenters in interface ome.api.IAdmin

      • containedGroups

        public ome.model.meta.ExperimenterGroup[] containedGroups​(long experimenterId)
        Specified by:
        containedGroups in interface ome.api.IAdmin

      • synchronizeLoginCache

        @Transactional(readOnly=false)
public void synchronizeLoginCache()
        Specified by:
        synchronizeLoginCache in interface ome.api.IAdmin

      • updateSelf

        @Transactional(readOnly=false)
public void updateSelf​(ome.model.meta.Experimenter e)
        Specified by:
        updateSelf in interface ome.api.IAdmin

      • getMyUserPhotos

        public java.util.List<ome.model.core.OriginalFile> getMyUserPhotos()
        Specified by:
        getMyUserPhotos in interface ome.api.IAdmin

      • uploadMyUserPhoto

        @Transactional(readOnly=false)
public long uploadMyUserPhoto​(java.lang.String filename,
                              java.lang.String mimetype,
                              byte[] data)
        Specified by:
        uploadMyUserPhoto in interface ome.api.IAdmin

      • updateExperimenter

        @Transactional(readOnly=false)
public void updateExperimenter​(ome.model.meta.Experimenter experimenter)
        Specified by:
        updateExperimenter in interface ome.api.IAdmin

      • updateExperimenterWithPassword

        @Transactional(readOnly=false)
public void updateExperimenterWithPassword​(ome.model.meta.Experimenter experimenter,
                                           java.lang.String password)
        Specified by:
        updateExperimenterWithPassword in interface ome.api.IAdmin

      • updateGroup

        @Transactional(readOnly=false)
public void updateGroup​(ome.model.meta.ExperimenterGroup group)
        Specified by:
        updateGroup in interface ome.api.IAdmin

      • createUser

        @Transactional(readOnly=false)
public long createUser​(ome.model.meta.Experimenter newUser,
                       java.lang.String defaultGroup)
        Specified by:
        createUser in interface ome.api.IAdmin

      • createSystemUser

        @Transactional(readOnly=false)
public long createSystemUser​(ome.model.meta.Experimenter newSystemUser)
        Specified by:
        createSystemUser in interface ome.api.IAdmin

      • createRestrictedSystemUser

        @Transactional(readOnly=false)
public long createRestrictedSystemUser​(ome.model.meta.Experimenter newSystemUser,
                                       java.util.List<ome.model.enums.AdminPrivilege> privileges)
        Specified by:
        createRestrictedSystemUser in interface ome.api.IAdmin

      • createRestrictedSystemUserWithPassword

        @Transactional(readOnly=false)
public long createRestrictedSystemUserWithPassword​(ome.model.meta.Experimenter newSystemUser,
                                                   java.util.List<ome.model.enums.AdminPrivilege> privileges,
                                                   java.lang.String password)
        Specified by:
        createRestrictedSystemUserWithPassword in interface ome.api.IAdmin

      • createExperimenter

        @Transactional(readOnly=false)
public long createExperimenter​(ome.model.meta.Experimenter experimenter,
                               ome.model.meta.ExperimenterGroup defaultGroup,
                               ome.model.meta.ExperimenterGroup... otherGroups)
        Specified by:
        createExperimenter in interface ome.api.IAdmin

      • createExperimenterWithPassword

        @Transactional(readOnly=false)
public long createExperimenterWithPassword​(ome.model.meta.Experimenter experimenter,
                                           java.lang.String password,
                                           ome.model.meta.ExperimenterGroup defaultGroup,
                                           ome.model.meta.ExperimenterGroup... otherGroups)
        Specified by:
        createExperimenterWithPassword in interface ome.api.IAdmin

      • createGroup

        @Transactional(readOnly=false)
public long createGroup​(ome.model.meta.ExperimenterGroup group)
        Specified by:
        createGroup in interface ome.api.IAdmin

      • addGroups

        @Transactional(readOnly=false)
public void addGroups​(ome.model.meta.Experimenter user,
                      ome.model.meta.ExperimenterGroup... groups)
        Specified by:
        addGroups in interface ome.api.IAdmin

      • removeGroups

        @Transactional(readOnly=false)
public void removeGroups​(ome.model.meta.Experimenter user,
                         ome.model.meta.ExperimenterGroup... groups)
        Specified by:
        removeGroups in interface ome.api.IAdmin

      • setDefaultGroup

        @Transactional(readOnly=false)
public void setDefaultGroup​(ome.model.meta.Experimenter user,
                            ome.model.meta.ExperimenterGroup group)
        Specified by:
        setDefaultGroup in interface ome.api.IAdmin

      • setGroupOwner

        @Transactional(readOnly=false)
public void setGroupOwner​(ome.model.meta.ExperimenterGroup group,
                          ome.model.meta.Experimenter owner)
        Specified by:
        setGroupOwner in interface ome.api.IAdmin

      • unsetGroupOwner

        @Transactional(readOnly=false)
public void unsetGroupOwner​(ome.model.meta.ExperimenterGroup group,
                            ome.model.meta.Experimenter owner)
        Specified by:
        unsetGroupOwner in interface ome.api.IAdmin

      • addGroupOwners

        @Transactional(readOnly=false)
public void addGroupOwners​(ome.model.meta.ExperimenterGroup group,
                           ome.model.meta.Experimenter... owner)
        Specified by:
        addGroupOwners in interface ome.api.IAdmin

      • removeGroupOwners

        @Transactional(readOnly=false)
public void removeGroupOwners​(ome.model.meta.ExperimenterGroup group,
                              ome.model.meta.Experimenter... owner)
        Specified by:
        removeGroupOwners in interface ome.api.IAdmin

      • getDefaultGroup

        public ome.model.meta.ExperimenterGroup getDefaultGroup​(long experimenterId)
        Specified by:
        getDefaultGroup in interface ome.api.IAdmin

      • deleteExperimenter

        @Transactional(readOnly=false)
public void deleteExperimenter​(ome.model.meta.Experimenter user)
        Specified by:
        deleteExperimenter in interface ome.api.IAdmin

      • deleteGroup

        @Transactional(readOnly=false)
public void deleteGroup​(ome.model.meta.ExperimenterGroup group)
        Specified by:
        deleteGroup in interface ome.api.IAdmin

      • changeOwner

        @Transactional(readOnly=false)
public void changeOwner​(ome.model.IObject iObject,
                        java.lang.String omeName)
        Specified by:
        changeOwner in interface ome.api.IAdmin

      • changeGroup

        @Transactional(readOnly=false)
public void changeGroup​(ome.model.IObject iObject,
                        java.lang.String groupName)
        Specified by:
        changeGroup in interface ome.api.IAdmin

      • changePermissions

        @Transactional(readOnly=false)
public void changePermissions​(ome.model.IObject iObject,
                              ome.model.internal.Permissions perms)
        the implementation of this method is somewhat tricky in that Permissions changes must be allowed even when other updates are not. Therefore, we must manually check if the object belongs to this user or is admin (before the call to SecuritySystem.runAsAdmin(AdminAction) This logic is duplicated in BasicSecuritySystem.checkManagedDetails(IObject, ome.model.internal.Details). As of OMERO 4.2 (ticket:1434), this method has special handling for an instance of ExperimenterGroup and limited capabilities for changing any other object type (ticket:1776). For groups, the permission changes will be propagated to all the contained objects. For other objects, changes may not override group settings.
        Specified by:
        changePermissions in interface ome.api.IAdmin
        See Also:
        IAdmin.changePermissions(IObject, Permissions), ticket:293, ticket:1434

      • moveToCommonSpace

        @Transactional(readOnly=false)
public void moveToCommonSpace​(ome.model.IObject... iObjects)
        Specified by:
        moveToCommonSpace in interface ome.api.IAdmin

      • internalMoveToCommonSpace

        public void internalMoveToCommonSpace​(ome.model.IObject obj)
        Helpers which unconditionally moves the object to the common space. This can be used by other methods like uploadMyUserPhoto(String, String, byte[])
        Specified by:
        internalMoveToCommonSpace in interface LocalAdmin
        Parameters:
        obj - a model object, linked to the current session; never null

      • getLockingIds

        public java.util.Map<java.lang.String,​java.lang.Long> getLockingIds​(ome.model.IObject object)

      • getLockingIds

        public java.util.Map<java.lang.String,​java.lang.Long> getLockingIds​(java.lang.Class<ome.model.IObject> type,
                                                                          long id,
                                                                          java.lang.Long groupId)
        Description copied from interface: LocalAdmin
        Returns a map from Class (as string) to a count for all entities which point to the given IObject. The String "*" is mapped to the sum of all the locks.
        Specified by:
        getLockingIds in interface LocalAdmin
        Parameters:
        type - the name of a model class
        id - the ID of an instance of klass
        groupId - the ID of a group to omit from the results, may be null
        Returns:
        the classes and counts of the objects that point to the given object

      • reportForgottenPassword

        @Transactional(readOnly=false)
public void reportForgottenPassword​(java.lang.String name,
                                    java.lang.String email)
                             throws ome.conditions.AuthenticationException
        Specified by:
        reportForgottenPassword in interface ome.api.IAdmin
        Throws:
        ome.conditions.AuthenticationException

      • changeExpiredCredentials

        @Transactional(readOnly=false)
public void changeExpiredCredentials​(java.lang.String name,
                                     java.lang.String oldCred,
                                     java.lang.String newCred)
                              throws ome.conditions.AuthenticationException
        Specified by:
        changeExpiredCredentials in interface ome.api.IAdmin
        Throws:
        ome.conditions.AuthenticationException

      • changePassword

        @Transactional(readOnly=false)
public void changePassword​(java.lang.String newPassword)
        Specified by:
        changePassword in interface ome.api.IAdmin

      • changePasswordWithOldPassword

        @Transactional(readOnly=false)
public void changePasswordWithOldPassword​(java.lang.String oldPassword,
                                          java.lang.String newPassword)
        Specified by:
        changePasswordWithOldPassword in interface ome.api.IAdmin

      • changeUserPassword

        @Transactional(readOnly=false)
public void changeUserPassword​(java.lang.String user,
                               java.lang.String newPassword)
        Specified by:
        changeUserPassword in interface ome.api.IAdmin

      • checkPassword

        public boolean checkPassword​(java.lang.String name,
                             java.lang.String password,
                             boolean readOnly)
        If ldap plugin turned, creates Ldap accounts and authentication by LDAP available.
        Specified by:
        checkPassword in interface LocalAdmin
        Parameters:
        name - the name of a user
        password - the user's password
        readOnly - if the password check should be transactionally read-only
        Returns:
        if the user's password is correct
        See Also:
        Trac ticket #4626

      • getAdminsWithPrivileges

        public java.util.List<ome.model.meta.Experimenter> getAdminsWithPrivileges​(java.util.List<ome.model.enums.AdminPrivilege> privileges)
        Specified by:
        getAdminsWithPrivileges in interface ome.api.IAdmin

      • getCurrentAdminPrivileges

        public java.util.List<ome.model.enums.AdminPrivilege> getCurrentAdminPrivileges()
        Specified by:
        getCurrentAdminPrivileges in interface ome.api.IAdmin

      • getAdminPrivileges

        public java.util.List<ome.model.enums.AdminPrivilege> getAdminPrivileges​(ome.model.meta.Experimenter user)
        Specified by:
        getAdminPrivileges in interface ome.api.IAdmin

      • setAdminPrivileges

        @Transactional(readOnly=false)
public void setAdminPrivileges​(ome.model.meta.Experimenter user,
                               java.util.List<ome.model.enums.AdminPrivilege> privileges)
        Specified by:
        setAdminPrivileges in interface ome.api.IAdmin

      • getSecurityRoles

        public ome.system.Roles getSecurityRoles()
        Specified by:
        getSecurityRoles in interface ome.api.IAdmin

      • getEventContext

        public ome.system.EventContext getEventContext()
        Specified by:
        getEventContext in interface ome.api.IAdmin

      • getEventContextQuiet

        public ome.system.EventContext getEventContextQuiet()
        Description copied from interface: LocalAdmin
        Like IAdmin.getEventContext() but will not reload the context. This also has the result that values from the current call context will be applied as simply the session context.
        Specified by:
        getEventContextQuiet in interface LocalAdmin
        Returns:
        the current event context

      • assertManaged

        protected void assertManaged​(ome.model.IObject o)