Example 1 with AbstractPrincipal
use of org.exist.security.AbstractPrincipal in project exist by eXist-db.
the class RealmImpl method deleteGroup.
@Override
public boolean deleteGroup(final Group group) throws PermissionDeniedException, EXistException {
if (group == null) {
return false;
}
groupsByName.<PermissionDeniedException, EXistException>write2E(principalDb -> {
final AbstractPrincipal remove_group = (AbstractPrincipal) principalDb.get(group.getName());
if (remove_group == null) {
throw new IllegalArgumentException("Group does '" + group.getName() + "' not exist!");
}
if (SecurityManager.DBA_GROUP.equals(group.getName()) || SecurityManager.GUEST_GROUP.equals(group.getName()) || SecurityManager.UNKNOWN_GROUP.equals(group.getName())) {
throw new PermissionDeniedException("The '" + group.getName() + "' group is required by the system for correct operation, you cannot delete it!");
}
final DBBroker broker = getDatabase().getActiveBroker();
final Subject subject = broker.getCurrentSubject();
((Group) remove_group).assertCanModifyGroup(subject);
// check that this is not an active primary group
final Optional<String> isPrimaryGroupOf = usersByName.read(usersDb -> {
for (final Account account : usersDb.values()) {
final Group accountPrimaryGroup = account.getDefaultGroup();
if (accountPrimaryGroup != null && accountPrimaryGroup.getId() == remove_group.getId()) {
return Optional.of(account.getName());
}
}
return Optional.empty();
});
if (isPrimaryGroupOf.isPresent()) {
throw new PermissionDeniedException("Account '" + isPrimaryGroupOf.get() + "' still has '" + group.getName() + "' as their primary group!");
}
remove_group.setRemoved(true);
remove_group.setCollection(broker, collectionRemovedGroups, XmldbURI.create(UUIDGenerator.getUUID() + ".xml"));
try (final Txn txn = broker.continueOrBeginTransaction()) {
collectionGroups.removeXMLResource(txn, broker, XmldbURI.create(remove_group.getName() + ".xml"));
txn.commit();
} catch (final Exception e) {
LOG.warn(e.getMessage(), e);
}
getSecurityManager().registerGroup((Group) remove_group);
principalDb.remove(remove_group.getName());
});
return true;
}
Also used :
Group(org.exist.security.Group)
Account(org.exist.security.Account)
AbstractAccount(org.exist.security.AbstractAccount)
DBBroker(org.exist.storage.DBBroker)
AbstractPrincipal(org.exist.security.AbstractPrincipal)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
EXistException(org.exist.EXistException)
Txn(org.exist.storage.txn.Txn)
Subject(org.exist.security.Subject)
ConfigurationException(org.exist.config.ConfigurationException)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
EXistException(org.exist.EXistException)
AuthenticationException(org.exist.security.AuthenticationException)
Aggregations
EXistException (org.exist.EXistException)1
ConfigurationException (org.exist.config.ConfigurationException)1
AbstractAccount (org.exist.security.AbstractAccount)1
AbstractPrincipal (org.exist.security.AbstractPrincipal)1
Account (org.exist.security.Account)1
AuthenticationException (org.exist.security.AuthenticationException)1
Group (org.exist.security.Group)1
PermissionDeniedException (org.exist.security.PermissionDeniedException)1
Subject (org.exist.security.Subject)1
DBBroker (org.exist.storage.DBBroker)1
Txn (org.exist.storage.txn.Txn)1
