@Override
public void addGroup(final Group group) throws XMLDBException {
final SecurityManager manager = pool.getSecurityManager();
if (!manager.hasAdminPrivileges(user)) {
throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, " you are not allowed to add role");
}
if (manager.hasGroup(group.getName())) {
throw new XMLDBException(ErrorCodes.VENDOR_ERROR, "group '" + group.getName() + "' exists");
}
try {
executeWithBroker(
new BrokerOperation<Void>() {
@Override
public Void withBroker(DBBroker broker)
throws XMLDBException, LockException, PermissionDeniedException, IOException,
EXistException, TriggerException {
manager.addGroup(group);
return null;
}
});
} catch (final Exception e) {
throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, e.getMessage(), e);
}
}
@Override
public void setUserPrimaryGroup(final String username, final String groupName)
throws XMLDBException {
final SecurityManager manager = pool.getSecurityManager();
if (!manager.hasGroup(groupName)) {
throw new XMLDBException(
ErrorCodes.PERMISSION_DENIED, "Group '" + groupName + "' does not exist!");
}
if (!manager.hasAdminPrivileges(user)) {
throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, "Not allowed to modify user");
}
try {
executeWithBroker(
new BrokerOperation<Void>() {
@Override
public Void withBroker(final DBBroker broker)
throws XMLDBException, LockException, PermissionDeniedException, IOException,
EXistException, TriggerException {
final Account account = manager.getAccount(username);
final Group group = manager.getGroup(groupName);
account.setPrimaryGroup(group);
manager.updateAccount(account);
return null;
}
});
} catch (final Exception e) {
throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, e.getMessage(), e);
}
}
private <R> R modifyResource(
DBBroker broker, Resource resource, DatabaseItemModifier<DocumentImpl, R> modifier)
throws XMLDBException, LockException, PermissionDeniedException, EXistException,
SyntaxException {
final TransactionManager transact = broker.getBrokerPool().getTransactionManager();
final Txn transaction = transact.beginTransaction();
DocumentImpl document = null;
try {
document = ((AbstractEXistResource) resource).openDocument(broker, Lock.WRITE_LOCK);
final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
if (!document.getPermissions().validate(user, Permission.WRITE)
&& !sm.hasAdminPrivileges(user)) {
throw new XMLDBException(
ErrorCodes.PERMISSION_DENIED,
"you are not the owner of this resource; owner = "
+ document.getPermissions().getOwner());
}
final R result = modifier.modify(document);
broker.storeXMLResource(transaction, document);
transact.commit(transaction);
return result;
} catch (final EXistException ee) {
transact.abort(transaction);
throw ee;
} catch (final XMLDBException xmldbe) {
transact.abort(transaction);
throw xmldbe;
} catch (final LockException le) {
transact.abort(transaction);
throw le;
} catch (final PermissionDeniedException pde) {
transact.abort(transaction);
throw pde;
} catch (final SyntaxException se) {
transact.abort(transaction);
throw se;
} finally {
transact.close(transaction);
if (document != null) {
((AbstractEXistResource) resource).closeDocument(document, Lock.WRITE_LOCK);
}
}
}