@Override
  protected void addGroupsToModel(VdcQueryReturnValue returnValue, Set<String> excludeUsers) {
    Iterable<DbGroup> filteredGroups =
        Linq.where(
            (ArrayList<DbGroup>) returnValue.getReturnValue(),
            new Linq.DbGroupPredicate(getTargetDbGroup()));

    for (DbGroup group : filteredGroups) {
      if (!excludeUsers.contains(group.getId().toString())) {
        DbUser dbUser = new DbUser();
        dbUser.setExternalId(group.getExternalId());
        dbUser.setFirstName(group.getName());
        dbUser.setLastName(""); // $NON-NLS-1$
        dbUser.setLoginName(""); // $NON-NLS-1$
        dbUser.setDomain(group.getDomain());
        dbUser.setNamespace(group.getNamespace());

        EntityModel entity = new EntityModel();
        entity.setEntity(dbUser);
        getgroups().add(entity);
      }
    }
  }
  @Override
  protected void executeCommand() {
    // Get the parameters:
    T parameters = getParameters();

    // The user or group given in the parameters may haven't been added to the database yet, if this
    // is the case
    // then they need to be added to the database now, before the permission:
    DbUser user = parameters.getUser();
    if (user != null) {
      Guid id = user.getId();
      String directory = user.getDomain();
      String externalId = user.getExternalId();
      DbUser existing = getDbUserDAO().getByIdOrExternalId(id, directory, externalId);
      if (existing != null) {
        user = existing;
      } else {
        user = addUser(user);
        if (user == null) {
          setSucceeded(false);
          return;
        }
      }
    }
    DbGroup group = parameters.getGroup();
    if (group != null) {
      Guid id = group.getId();
      String directory = group.getDomain();
      String externalId = group.getExternalId();
      DbGroup existing = getAdGroupDAO().getByIdOrExternalId(id, directory, externalId);
      if (existing != null) {
        group = existing;
      } else {
        group = addGroup(group);
        if (group == null) {
          setSucceeded(false);
          return;
        }
      }
    }

    // The identifier of the principal of the permission can come from the parameters directly or
    // from the
    // user/group objects:
    Guid principalId;
    if (user != null) {
      principalId = user.getId();
    } else if (group != null) {
      principalId = group.getId();
    } else {
      principalId = parameters.getPermission().getad_element_id();
    }

    final Permissions paramPermission = parameters.getPermission();

    Permissions permission =
        getPermissionDAO()
            .getForRoleAndAdElementAndObject(
                paramPermission.getrole_id(), principalId, paramPermission.getObjectId());

    if (permission == null) {
      paramPermission.setId(Guid.newGuid());
      paramPermission.setad_element_id(principalId);

      TransactionSupport.executeInNewTransaction(
          new TransactionMethod<Void>() {
            @Override
            public Void runInTransaction() {
              getPermissionDAO().save(paramPermission);
              getCompensationContext().snapshotNewEntity(paramPermission);
              getCompensationContext().stateChanged();
              return null;
            }
          });
      permission = paramPermission;
    }

    getReturnValue().setActionReturnValue(permission.getId());

    if (user != null) {
      updateAdminStatus(permission);
    }
    setSucceeded(true);
  }