/** {@inheritDoc} */
public void unjoinGroup(String authzGroupId)
throws GroupNotDefinedException, AuthzPermissionException {
String user = sessionManager().getCurrentSessionUserId();
if (user == null)
throw new AuthzPermissionException(user, SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId);
// check security (throws if not permitted)
unlock(SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId);
// get the AuthzGroup
AuthzGroup azGroup = m_storage.get(authzGroupId);
if (azGroup == null) {
throw new GroupNotDefinedException(authzGroupId);
}
// if not joined (no grant), we are done
BaseMember grant = (BaseMember) azGroup.getMember(user);
if (grant == null) {
return;
}
// if the user currently is the only maintain role user, disallow the unjoin
if (grant.getRole().getId().equals(azGroup.getMaintainRole())) {
Set maintainers = azGroup.getUsersHasRole(azGroup.getMaintainRole());
if (maintainers.size() <= 1) {
throw new AuthzPermissionException(user, SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId);
}
}
// if the grant is provided, disallow the unjoin. There would be no point in
// allowing the user to unjoin, since the user will rejoin the realm the next
// time it is updated or he/she logs in.
if (grant.isProvided()) {
throw new AuthzPermissionException(user, SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId);
}
((BaseAuthzGroup) azGroup).setEvent(SECURE_UPDATE_OWN_AUTHZ_GROUP);
removeMemberFromGroup(azGroup, user);
}
/** {@inheritDoc} */
public boolean allowUnjoinGroup(String authzGroupId) {
String user = sessionManager().getCurrentSessionUserId();
if (user == null) {
return false;
}
// check security (throws if not permitted)
if (!unlockCheck(SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId)) return false;
// get the azGroup
AuthzGroup azGroup = m_storage.get(authzGroupId);
if (azGroup == null) {
return false;
}
// if not joined (no grant), unable to unjoin
BaseMember grant = (BaseMember) azGroup.getMember(user);
if (grant == null) {
return false;
}
// if the grant is provider, unable to unjoin
else if (grant.isProvided()) {
return false;
}
// if the user currently is the only maintain role user, disallow the unjoin
if (grant.getRole().getId().equals(azGroup.getMaintainRole())) {
Set maintainers = azGroup.getUsersHasRole(azGroup.getMaintainRole());
if (maintainers.size() <= 1) {
return false;
}
}
return true;
}
