@Override
 public Group getWorkflowRoleGroup(
     Context context, Collection collection, String roleName, Group roleGroup)
     throws SQLException, IOException, WorkflowException, AuthorizeException {
   try {
     Role role = WorkflowUtils.getCollectionAndRepositoryRoles(collection).get(roleName);
     if (role.getScope() == Role.Scope.COLLECTION || role.getScope() == Role.Scope.REPOSITORY) {
       roleGroup = WorkflowUtils.getRoleGroup(context, collection, role);
       if (roleGroup == null) {
         authorizeService.authorizeAction(context, collection, Constants.WRITE);
         roleGroup = groupService.create(context);
         if (role.getScope() == Role.Scope.COLLECTION) {
           groupService.setName(
               roleGroup,
               "COLLECTION_" + collection.getID().toString() + "_WORKFLOW_ROLE_" + roleName);
         } else {
           groupService.setName(roleGroup, role.getName());
         }
         groupService.update(context, roleGroup);
         authorizeService.addPolicy(context, collection, Constants.ADD, roleGroup);
         if (role.getScope() == Role.Scope.COLLECTION) {
           WorkflowUtils.createCollectionWorkflowRole(context, collection, roleName, roleGroup);
         }
       }
     }
     return roleGroup;
   } catch (WorkflowConfigurationException e) {
     throw new WorkflowException(e);
   }
 }
示例#2
0
  @Override
  public Group createAdministrators(Context context, Community community)
      throws SQLException, AuthorizeException {
    // Check authorisation - Must be an Admin to create more Admins
    AuthorizeUtil.authorizeManageAdminGroup(context, community);

    Group admins = community.getAdministrators();
    if (admins == null) {
      // turn off authorization so that Community Admins can create Sub-Community Admins
      context.turnOffAuthorisationSystem();
      admins = groupService.create(context);
      context.restoreAuthSystemState();

      admins.setName(context, "COMMUNITY_" + community.getID() + "_ADMIN");
      groupService.update(context, admins);
    }

    authorizeService.addPolicy(context, community, Constants.ADMIN, admins);

    // register this as the admin group
    community.setAdmins(admins);
    return admins;
  }