@Override public Group getWorkflowRoleGroup( Context context, Collection collection, String roleName, Group roleGroup) throws SQLException, IOException, WorkflowException, AuthorizeException { try { Role role = WorkflowUtils.getCollectionAndRepositoryRoles(collection).get(roleName); if (role.getScope() == Role.Scope.COLLECTION || role.getScope() == Role.Scope.REPOSITORY) { roleGroup = WorkflowUtils.getRoleGroup(context, collection, role); if (roleGroup == null) { authorizeService.authorizeAction(context, collection, Constants.WRITE); roleGroup = groupService.create(context); if (role.getScope() == Role.Scope.COLLECTION) { groupService.setName( roleGroup, "COLLECTION_" + collection.getID().toString() + "_WORKFLOW_ROLE_" + roleName); } else { groupService.setName(roleGroup, role.getName()); } groupService.update(context, roleGroup); authorizeService.addPolicy(context, collection, Constants.ADD, roleGroup); if (role.getScope() == Role.Scope.COLLECTION) { WorkflowUtils.createCollectionWorkflowRole(context, collection, roleName, roleGroup); } } } return roleGroup; } catch (WorkflowConfigurationException e) { throw new WorkflowException(e); } }
@Override public Group createAdministrators(Context context, Community community) throws SQLException, AuthorizeException { // Check authorisation - Must be an Admin to create more Admins AuthorizeUtil.authorizeManageAdminGroup(context, community); Group admins = community.getAdministrators(); if (admins == null) { // turn off authorization so that Community Admins can create Sub-Community Admins context.turnOffAuthorisationSystem(); admins = groupService.create(context); context.restoreAuthSystemState(); admins.setName(context, "COMMUNITY_" + community.getID() + "_ADMIN"); groupService.update(context, admins); } authorizeService.addPolicy(context, community, Constants.ADMIN, admins); // register this as the admin group community.setAdmins(admins); return admins; }