@Override
public Group getWorkflowRoleGroup(
Context context, Collection collection, String roleName, Group roleGroup)
throws SQLException, IOException, WorkflowException, AuthorizeException {
try {
Role role = WorkflowUtils.getCollectionAndRepositoryRoles(collection).get(roleName);
if (role.getScope() == Role.Scope.COLLECTION || role.getScope() == Role.Scope.REPOSITORY) {
roleGroup = WorkflowUtils.getRoleGroup(context, collection, role);
if (roleGroup == null) {
authorizeService.authorizeAction(context, collection, Constants.WRITE);
roleGroup = groupService.create(context);
if (role.getScope() == Role.Scope.COLLECTION) {
groupService.setName(
roleGroup,
"COLLECTION_" + collection.getID().toString() + "_WORKFLOW_ROLE_" + roleName);
} else {
groupService.setName(roleGroup, role.getName());
}
groupService.update(context, roleGroup);
authorizeService.addPolicy(context, collection, Constants.ADD, roleGroup);
if (role.getScope() == Role.Scope.COLLECTION) {
WorkflowUtils.createCollectionWorkflowRole(context, collection, roleName, roleGroup);
}
}
}
return roleGroup;
} catch (WorkflowConfigurationException e) {
throw new WorkflowException(e);
}
}
/*
* Add authenticated users to the group defined in dspace.cfg by
* the authentication-ldap.login.groupmap.* key.
*/
private void assignGroups(String dn, String group, Context context) {
if (StringUtils.isNotBlank(dn)) {
System.out.println("dn:" + dn);
int i = 1;
String groupMap =
ConfigurationManager.getProperty("authentication-ldap", "login.groupmap." + i);
boolean cmp;
while (groupMap != null) {
String t[] = groupMap.split(":");
String ldapSearchString = t[0];
String dspaceGroupName = t[1];
if (group == null) {
cmp = StringUtils.containsIgnoreCase(dn, ldapSearchString + ",");
} else {
cmp = StringUtils.equalsIgnoreCase(group, ldapSearchString);
}
if (cmp) {
// assign user to this group
try {
Group ldapGroup = groupService.findByName(context, dspaceGroupName);
if (ldapGroup != null) {
groupService.addMember(context, ldapGroup, context.getCurrentUser());
groupService.update(context, ldapGroup);
} else {
// The group does not exist
log.warn(
LogManager.getHeader(
context,
"ldap_assignGroupsBasedOnLdapDn",
"Group defined in authentication-ldap.login.groupmap."
+ i
+ " does not exist :: "
+ dspaceGroupName));
}
} catch (AuthorizeException ae) {
log.debug(
LogManager.getHeader(
context,
"assignGroupsBasedOnLdapDn could not authorize addition to group",
dspaceGroupName));
} catch (SQLException e) {
log.debug(
LogManager.getHeader(
context, "assignGroupsBasedOnLdapDn could not find group", dspaceGroupName));
}
}
groupMap = ConfigurationManager.getProperty("authentication-ldap", "login.groupmap." + ++i);
}
}
}
@Override
public Group createAdministrators(Context context, Community community)
throws SQLException, AuthorizeException {
// Check authorisation - Must be an Admin to create more Admins
AuthorizeUtil.authorizeManageAdminGroup(context, community);
Group admins = community.getAdministrators();
if (admins == null) {
// turn off authorization so that Community Admins can create Sub-Community Admins
context.turnOffAuthorisationSystem();
admins = groupService.create(context);
context.restoreAuthSystemState();
admins.setName(context, "COMMUNITY_" + community.getID() + "_ADMIN");
groupService.update(context, admins);
}
authorizeService.addPolicy(context, community, Constants.ADMIN, admins);
// register this as the admin group
community.setAdmins(admins);
return admins;
}