Пример #1
0
 @Override
 public Group getWorkflowRoleGroup(
     Context context, Collection collection, String roleName, Group roleGroup)
     throws SQLException, IOException, WorkflowException, AuthorizeException {
   try {
     Role role = WorkflowUtils.getCollectionAndRepositoryRoles(collection).get(roleName);
     if (role.getScope() == Role.Scope.COLLECTION || role.getScope() == Role.Scope.REPOSITORY) {
       roleGroup = WorkflowUtils.getRoleGroup(context, collection, role);
       if (roleGroup == null) {
         authorizeService.authorizeAction(context, collection, Constants.WRITE);
         roleGroup = groupService.create(context);
         if (role.getScope() == Role.Scope.COLLECTION) {
           groupService.setName(
               roleGroup,
               "COLLECTION_" + collection.getID().toString() + "_WORKFLOW_ROLE_" + roleName);
         } else {
           groupService.setName(roleGroup, role.getName());
         }
         groupService.update(context, roleGroup);
         authorizeService.addPolicy(context, collection, Constants.ADD, roleGroup);
         if (role.getScope() == Role.Scope.COLLECTION) {
           WorkflowUtils.createCollectionWorkflowRole(context, collection, roleName, roleGroup);
         }
       }
     }
     return roleGroup;
   } catch (WorkflowConfigurationException e) {
     throw new WorkflowException(e);
   }
 }
  /*
   * Add authenticated users to the group defined in dspace.cfg by
   * the authentication-ldap.login.groupmap.* key.
   */
  private void assignGroups(String dn, String group, Context context) {
    if (StringUtils.isNotBlank(dn)) {
      System.out.println("dn:" + dn);
      int i = 1;
      String groupMap =
          ConfigurationManager.getProperty("authentication-ldap", "login.groupmap." + i);

      boolean cmp;

      while (groupMap != null) {
        String t[] = groupMap.split(":");
        String ldapSearchString = t[0];
        String dspaceGroupName = t[1];

        if (group == null) {
          cmp = StringUtils.containsIgnoreCase(dn, ldapSearchString + ",");
        } else {
          cmp = StringUtils.equalsIgnoreCase(group, ldapSearchString);
        }

        if (cmp) {
          // assign user to this group
          try {
            Group ldapGroup = groupService.findByName(context, dspaceGroupName);
            if (ldapGroup != null) {
              groupService.addMember(context, ldapGroup, context.getCurrentUser());
              groupService.update(context, ldapGroup);
            } else {
              // The group does not exist
              log.warn(
                  LogManager.getHeader(
                      context,
                      "ldap_assignGroupsBasedOnLdapDn",
                      "Group defined in authentication-ldap.login.groupmap."
                          + i
                          + " does not exist :: "
                          + dspaceGroupName));
            }
          } catch (AuthorizeException ae) {
            log.debug(
                LogManager.getHeader(
                    context,
                    "assignGroupsBasedOnLdapDn could not authorize addition to group",
                    dspaceGroupName));
          } catch (SQLException e) {
            log.debug(
                LogManager.getHeader(
                    context, "assignGroupsBasedOnLdapDn could not find group", dspaceGroupName));
          }
        }

        groupMap = ConfigurationManager.getProperty("authentication-ldap", "login.groupmap." + ++i);
      }
    }
  }
Пример #3
0
  @Override
  public Group createAdministrators(Context context, Community community)
      throws SQLException, AuthorizeException {
    // Check authorisation - Must be an Admin to create more Admins
    AuthorizeUtil.authorizeManageAdminGroup(context, community);

    Group admins = community.getAdministrators();
    if (admins == null) {
      // turn off authorization so that Community Admins can create Sub-Community Admins
      context.turnOffAuthorisationSystem();
      admins = groupService.create(context);
      context.restoreAuthSystemState();

      admins.setName(context, "COMMUNITY_" + community.getID() + "_ADMIN");
      groupService.update(context, admins);
    }

    authorizeService.addPolicy(context, community, Constants.ADMIN, admins);

    // register this as the admin group
    community.setAdmins(admins);
    return admins;
  }