@Override public void addGroup(final Group group) throws XMLDBException { final SecurityManager manager = pool.getSecurityManager(); if (!manager.hasAdminPrivileges(user)) { throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, " you are not allowed to add role"); } if (manager.hasGroup(group.getName())) { throw new XMLDBException(ErrorCodes.VENDOR_ERROR, "group '" + group.getName() + "' exists"); } try { executeWithBroker( new BrokerOperation<Void>() { @Override public Void withBroker(DBBroker broker) throws XMLDBException, LockException, PermissionDeniedException, IOException, EXistException, TriggerException { manager.addGroup(group); return null; } }); } catch (final Exception e) { throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, e.getMessage(), e); } }
@Override public void setUserPrimaryGroup(final String username, final String groupName) throws XMLDBException { final SecurityManager manager = pool.getSecurityManager(); if (!manager.hasGroup(groupName)) { throw new XMLDBException( ErrorCodes.PERMISSION_DENIED, "Group '" + groupName + "' does not exist!"); } if (!manager.hasAdminPrivileges(user)) { throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, "Not allowed to modify user"); } try { executeWithBroker( new BrokerOperation<Void>() { @Override public Void withBroker(final DBBroker broker) throws XMLDBException, LockException, PermissionDeniedException, IOException, EXistException, TriggerException { final Account account = manager.getAccount(username); final Group group = manager.getGroup(groupName); account.setPrimaryGroup(group); manager.updateAccount(account); return null; } }); } catch (final Exception e) { throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, e.getMessage(), e); } }
private <R> R modifyResource( DBBroker broker, Resource resource, DatabaseItemModifier<DocumentImpl, R> modifier) throws XMLDBException, LockException, PermissionDeniedException, EXistException, SyntaxException { final TransactionManager transact = broker.getBrokerPool().getTransactionManager(); final Txn transaction = transact.beginTransaction(); DocumentImpl document = null; try { document = ((AbstractEXistResource) resource).openDocument(broker, Lock.WRITE_LOCK); final SecurityManager sm = broker.getBrokerPool().getSecurityManager(); if (!document.getPermissions().validate(user, Permission.WRITE) && !sm.hasAdminPrivileges(user)) { throw new XMLDBException( ErrorCodes.PERMISSION_DENIED, "you are not the owner of this resource; owner = " + document.getPermissions().getOwner()); } final R result = modifier.modify(document); broker.storeXMLResource(transaction, document); transact.commit(transaction); return result; } catch (final EXistException ee) { transact.abort(transaction); throw ee; } catch (final XMLDBException xmldbe) { transact.abort(transaction); throw xmldbe; } catch (final LockException le) { transact.abort(transaction); throw le; } catch (final PermissionDeniedException pde) { transact.abort(transaction); throw pde; } catch (final SyntaxException se) { transact.abort(transaction); throw se; } finally { transact.close(transaction); if (document != null) { ((AbstractEXistResource) resource).closeDocument(document, Lock.WRITE_LOCK); } } }