@Override
public Group getWorkflowRoleGroup(
Context context, Collection collection, String roleName, Group roleGroup)
throws SQLException, IOException, WorkflowException, AuthorizeException {
try {
Role role = WorkflowUtils.getCollectionAndRepositoryRoles(collection).get(roleName);
if (role.getScope() == Role.Scope.COLLECTION || role.getScope() == Role.Scope.REPOSITORY) {
roleGroup = WorkflowUtils.getRoleGroup(context, collection, role);
if (roleGroup == null) {
authorizeService.authorizeAction(context, collection, Constants.WRITE);
roleGroup = groupService.create(context);
if (role.getScope() == Role.Scope.COLLECTION) {
groupService.setName(
roleGroup,
"COLLECTION_" + collection.getID().toString() + "_WORKFLOW_ROLE_" + roleName);
} else {
groupService.setName(roleGroup, role.getName());
}
groupService.update(context, roleGroup);
authorizeService.addPolicy(context, collection, Constants.ADD, roleGroup);
if (role.getScope() == Role.Scope.COLLECTION) {
WorkflowUtils.createCollectionWorkflowRole(context, collection, roleName, roleGroup);
}
}
}
return roleGroup;
} catch (WorkflowConfigurationException e) {
throw new WorkflowException(e);
}
}
@Override
public Group createAdministrators(Context context, Community community)
throws SQLException, AuthorizeException {
// Check authorisation - Must be an Admin to create more Admins
AuthorizeUtil.authorizeManageAdminGroup(context, community);
Group admins = community.getAdministrators();
if (admins == null) {
// turn off authorization so that Community Admins can create Sub-Community Admins
context.turnOffAuthorisationSystem();
admins = groupService.create(context);
context.restoreAuthSystemState();
admins.setName(context, "COMMUNITY_" + community.getID() + "_ADMIN");
groupService.update(context, admins);
}
authorizeService.addPolicy(context, community, Constants.ADMIN, admins);
// register this as the admin group
community.setAdmins(admins);
return admins;
}