@Override
  public void addGroup(final Group group) throws XMLDBException {
    final SecurityManager manager = pool.getSecurityManager();

    if (!manager.hasAdminPrivileges(user)) {
      throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, " you are not allowed to add role");
    }

    if (manager.hasGroup(group.getName())) {
      throw new XMLDBException(ErrorCodes.VENDOR_ERROR, "group '" + group.getName() + "' exists");
    }

    try {
      executeWithBroker(
          new BrokerOperation<Void>() {
            @Override
            public Void withBroker(DBBroker broker)
                throws XMLDBException, LockException, PermissionDeniedException, IOException,
                    EXistException, TriggerException {
              manager.addGroup(group);
              return null;
            }
          });
    } catch (final Exception e) {
      throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, e.getMessage(), e);
    }
  }
Exemplo n.º 2
0
  /*
   * (non-Javadoc)
   *
   * @see org.exist.xquery.Expression#eval(org.exist.dom.DocumentSet,
   * org.exist.xquery.value.Sequence, org.exist.xquery.value.Item)
   */
  @Override
  public Sequence eval(Sequence args[], Sequence contextSequence) throws XPathException {

    final String groupName = args[0].getStringValue();

    if ("guest".equals(context.getSubject().getName()) || "dba".equals(groupName)) {
      final XPathException xPathException =
          new XPathException(
              this,
              "Permission denied, calling account '"
                  + context.getSubject().getName()
                  + "' must be an authenticated account to call this function.");
      logger.error("Invalid user", xPathException);
      throw xPathException;
    }

    logger.info("Attempting to create group " + groupName);

    Group group = new GroupAider(groupName);

    final DBBroker broker = context.getBroker();
    final Subject currentUser = broker.getSubject();

    try {

      final SecurityManager sm = broker.getBrokerPool().getSecurityManager();

      // add the current user as a group manager
      group.addManager(currentUser);

      if (args.length == 2) {
        // add the additional group managers, this also makes sure they
        // all exist first!
        for (final SequenceIterator i = args[1].iterate(); i.hasNext(); ) {
          final String groupManager = i.nextItem().getStringValue();

          final Account groupManagerAccount = sm.getAccount(groupManager);
          if (groupManagerAccount == null) {
            logger.error("Could not find the user: "******"Permission denied, calling account '"
              + context.getSubject().getName()
              + "' do not authorize to call this function.");
    } catch (final EXistException exe) {
      logger.error("Failed to create group: " + group, exe);
    }

    return BooleanValue.FALSE;
  }