Skip to content

ImpersonationContext -> PermissionsContext rename/repackage #7462

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
labkey-adam merged 2 commits into from
Feb 27, 2026
Merged

ImpersonationContext -> PermissionsContext rename/repackage #7462

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ba411f2
ImpersonationContext -> PermissionsContext rename/repackage
labkey-adam Feb 26, 2026
326dc34
Update comments and funny imports
labkey-adam Feb 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions api/src/org/labkey/api/security/ClonedUser.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
package org.labkey.api.security;

import org.labkey.api.security.impersonation.ImpersonationContext;
import org.labkey.api.security.roles.Role;
import org.labkey.api.security.roles.RoleManager;

Expand All @@ -14,13 +13,13 @@

public abstract class ClonedUser extends User
{
protected ClonedUser(User user, ImpersonationContext ctx)
protected ClonedUser(User user, PermissionsContext ctx)
{
this(user.getEmail(), user.getUserId(), user.getFriendlyName(), user.getFirstName(), user.getLastName(), user.isActive(), user.getLastLogin(), user.getPhone(), user.getLastActivity(), ctx);
}

protected ClonedUser(String email, int userId, String displayName, String firstName, String lastName, boolean active,
Date lastLogin, String phone, Date lastActivity, ImpersonationContext ctx)
Date lastLogin, String phone, Date lastActivity, PermissionsContext ctx)
{
super(email, userId);
setDisplayName(displayName);
Expand Down
8 changes: 3 additions & 5 deletions ...ation/DisallowPrivilegedRolesContext.java → ...urity/DisallowPrivilegedRolesContext.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,19 +13,17 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.labkey.api.security.impersonation;
package org.labkey.api.security;

/*
A "not impersonating" context that filters out privileged site roles (i.e., Site Admin, Platform Developer)
A context that filters out privileged site roles (i.e., Site Admin, Platform Developer)
*/

import org.labkey.api.security.SecurableResource;
import org.labkey.api.security.User;
import org.labkey.api.security.roles.Role;

import java.util.stream.Stream;

public class DisallowPrivilegedRolesContext extends NotImpersonatingContext
public class DisallowPrivilegedRolesContext extends NormalPermissionsContext
{
private static final DisallowPrivilegedRolesContext INSTANCE = new DisallowPrivilegedRolesContext();

Expand Down
8 changes: 3 additions & 5 deletions api/src/org/labkey/api/security/ElevatedUser.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@

import org.labkey.api.audit.permissions.CanSeeAuditLogPermission;
import org.labkey.api.data.Container;
import org.labkey.api.security.impersonation.ImpersonationContext;
import org.labkey.api.security.impersonation.WrappedImpersonationContext;
import org.labkey.api.security.permissions.Permission;
import org.labkey.api.security.roles.CanSeeAuditLogRole;
import org.labkey.api.security.roles.Role;
Expand All @@ -24,10 +22,10 @@ public class ElevatedUser extends ClonedUser
{
private ElevatedUser(User user, Set<Role> rolesToAdd)
{
super(user, new WrappedImpersonationContext(user.getImpersonationContext(), rolesToAdd));
super(user, new WrappedPermissionsContext(user.getPermissionsContext(), rolesToAdd));
}

private ElevatedUser(User user, ImpersonationContext ctx)
private ElevatedUser(User user, PermissionsContext ctx)
{
super(user, ctx);
}
Expand All @@ -52,7 +50,7 @@ public static ElevatedUser getElevatedUser(User user, Collection<Class<? extends
/**
* Used to reconstitute an ElevatedUser from its component parts
*/
public static ElevatedUser getElevatedUser(User user, ImpersonationContext ctx)
public static ElevatedUser getElevatedUser(User user, PermissionsContext ctx)
{
return new ElevatedUser(user, ctx);
}
Expand Down
6 changes: 2 additions & 4 deletions api/src/org/labkey/api/security/LimitedUser.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,6 @@
import org.labkey.api.data.Container;
import org.labkey.api.data.ContainerManager;
import org.labkey.api.pipeline.PipelineJob;
import org.labkey.api.security.impersonation.ImpersonationContext;
import org.labkey.api.security.impersonation.NotImpersonatingContext;
import org.labkey.api.security.permissions.AdminPermission;
import org.labkey.api.security.permissions.InsertPermission;
import org.labkey.api.security.permissions.ReadPermission;
Expand All @@ -54,7 +52,7 @@
public class LimitedUser extends ClonedUser
{
// Must be a named class to allow Jackson deserialization (e.g., Evaluation Content loads folder archives via the pipeline using AdminUser)
private static class LimitedUserImpersonatingContext extends NotImpersonatingContext
private static class LimitedUserImpersonatingContext extends NormalPermissionsContext
{
private final Set<Role> _roles;

Expand Down Expand Up @@ -99,7 +97,7 @@ private LimitedUser(
@JsonProperty("_lastLogin") Date lastLogin,
@JsonProperty("_phone") String phone,
@JsonProperty("_lastActivity") Date lastActivity,
@JsonProperty("_impersonationContext") ImpersonationContext ctx
@JsonProperty("_impersonationContext") PermissionsContext ctx
)
{
super(name, userId, displayName, firstName, lastName, active, lastLogin, phone, lastActivity, ctx);
Expand Down
237 changes: 118 additions & 119 deletions ...mpersonation/NotImpersonatingContext.java → ...pi/security/NormalPermissionsContext.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,119 +1,118 @@
/*
* Copyright (c) 2011-2019 LabKey Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.labkey.api.security.impersonation;

import org.jetbrains.annotations.Nullable;
import org.labkey.api.data.Container;
import org.labkey.api.module.ModuleLoader;
import org.labkey.api.security.GroupManager;
import org.labkey.api.security.LoginUrls;
import org.labkey.api.security.PrincipalArray;
import org.labkey.api.security.User;
import org.labkey.api.security.permissions.AdminPermission;
import org.labkey.api.security.permissions.CanImpersonatePrivilegedSiteRolesPermission;
import org.labkey.api.util.PageFlowUtil;
import org.labkey.api.view.ActionURL;
import org.labkey.api.view.NavTree;

/**
* Used when a user is not impersonating another user, group, or role. That is, they are logged in normally, and
* operating as themselves.
*/
public class NotImpersonatingContext implements ImpersonationContext
{
private static final NotImpersonatingContext INSTANCE = new NotImpersonatingContext();

public static NotImpersonatingContext get()
{
return INSTANCE;
}

protected NotImpersonatingContext()
{
}

@Override
public boolean isImpersonating()
{
return false;
}

@Override
public @Nullable Container getImpersonationProject()
{
return null;
}

@Override
public User getAdminUser()
{
return null;
}

@Override
public String getCacheKey()
{
return "";
}

@Override
public ActionURL getReturnUrl()
{
return null;
}

@Override
public ImpersonationContextFactory getFactory()
{
return null;
}

@Override
public PrincipalArray getGroups(User user)
{
return GroupManager.getAllGroupsForPrincipal(user);
}

@Override
public void addMenu(NavTree menu, Container c, User user, ActionURL currentURL)
{
if (ModuleLoader.getInstance().isStartupComplete())
{
@Nullable Container project = c.getProject();

// Must be site or project admin (folder admins can't impersonate)
if (user.hasRootAdminPermission() || (null != project && project.hasPermission(user, AdminPermission.class)))
{
NavTree impersonateMenu = new NavTree("Impersonate");
UserImpersonationContextFactory.addMenu(impersonateMenu);
GroupImpersonationContextFactory.addMenu(impersonateMenu);
RoleImpersonationContextFactory.addMenu(impersonateMenu);
menu.addChild(impersonateMenu);
}
// Or Impersonating Troubleshooter to impersonate site roles only
else if (null == project && user.hasRootPermission(CanImpersonatePrivilegedSiteRolesPermission.class))
{
NavTree impersonateMenu = new NavTree("Impersonate");
RoleImpersonationContextFactory.addMenu(impersonateMenu);
menu.addChild(impersonateMenu);
}
}

NavTree signOut = new NavTree("Sign Out", PageFlowUtil.urlProvider(LoginUrls.class).getLogoutURL(c));
signOut.usePost();
menu.addChild(signOut);
}
}
/*
* Copyright (c) 2011-2019 LabKey Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.labkey.api.security;

import org.jetbrains.annotations.Nullable;
import org.labkey.api.data.Container;
import org.labkey.api.module.ModuleLoader;
import org.labkey.api.security.impersonation.GroupImpersonationContextFactory;
import org.labkey.api.security.impersonation.ImpersonationContextFactory;
import org.labkey.api.security.impersonation.RoleImpersonationContextFactory;
import org.labkey.api.security.impersonation.UserImpersonationContextFactory;
import org.labkey.api.security.permissions.AdminPermission;
import org.labkey.api.security.permissions.CanImpersonatePrivilegedSiteRolesPermission;
import org.labkey.api.util.PageFlowUtil;
import org.labkey.api.view.ActionURL;
import org.labkey.api.view.NavTree;

/**
* Used when a user is logged in normally and operating as themselves, not impersonating another user, group, or role.
*/
public class NormalPermissionsContext implements PermissionsContext
{
private static final NormalPermissionsContext INSTANCE = new NormalPermissionsContext();

public static NormalPermissionsContext get()
{
return INSTANCE;
}

protected NormalPermissionsContext()
{
}

@Override
public boolean isImpersonating()
{
return false;
}

@Override
public @Nullable Container getImpersonationProject()
{
return null;
}

@Override
public User getAdminUser()
{
return null;
}

@Override
public String getCacheKey()
{
return "";
}

@Override
public ActionURL getReturnUrl()
{
return null;
}

@Override
public ImpersonationContextFactory getFactory()
{
return null;
}

@Override
public PrincipalArray getGroups(User user)
{
return GroupManager.getAllGroupsForPrincipal(user);
}

@Override
public void addMenu(NavTree menu, Container c, User user, ActionURL currentURL)
{
if (ModuleLoader.getInstance().isStartupComplete())
{
@Nullable Container project = c.getProject();

// Must be site or project admin (folder admins can't impersonate)
if (user.hasRootAdminPermission() || (null != project && project.hasPermission(user, AdminPermission.class)))
{
NavTree impersonateMenu = new NavTree("Impersonate");
UserImpersonationContextFactory.addMenu(impersonateMenu);
GroupImpersonationContextFactory.addMenu(impersonateMenu);
RoleImpersonationContextFactory.addMenu(impersonateMenu);
menu.addChild(impersonateMenu);
}
// Or Impersonating Troubleshooter to impersonate site roles only
else if (null == project && user.hasRootPermission(CanImpersonatePrivilegedSiteRolesPermission.class))
{
NavTree impersonateMenu = new NavTree("Impersonate");
RoleImpersonationContextFactory.addMenu(impersonateMenu);
menu.addChild(impersonateMenu);
}
}

NavTree signOut = new NavTree("Sign Out", PageFlowUtil.urlProvider(LoginUrls.class).getLogoutURL(c));
signOut.usePost();
menu.addChild(signOut);
}
}
Loading