Examples with Account org.exist.security.Account used on opensource projects

Example 51 with Account

use of org.exist.security.Account in project exist by eXist-db.

the class RealmImpl method deleteGroup.

@Override
public boolean deleteGroup(final Group group) throws PermissionDeniedException, EXistException {
    if (group == null) {
        return false;
    }
    groupsByName.<PermissionDeniedException, EXistException>write2E(principalDb -> {
        final AbstractPrincipal remove_group = (AbstractPrincipal) principalDb.get(group.getName());
        if (remove_group == null) {
            throw new IllegalArgumentException("Group does '" + group.getName() + "' not exist!");
        }
        if (SecurityManager.DBA_GROUP.equals(group.getName()) || SecurityManager.GUEST_GROUP.equals(group.getName()) || SecurityManager.UNKNOWN_GROUP.equals(group.getName())) {
            throw new PermissionDeniedException("The '" + group.getName() + "' group is required by the system for correct operation, you cannot delete it!");
        }
        final DBBroker broker = getDatabase().getActiveBroker();
        final Subject subject = broker.getCurrentSubject();
        ((Group) remove_group).assertCanModifyGroup(subject);
        // check that this is not an active primary group
        final Optional<String> isPrimaryGroupOf = usersByName.read(usersDb -> {
            for (final Account account : usersDb.values()) {
                final Group accountPrimaryGroup = account.getDefaultGroup();
                if (accountPrimaryGroup != null && accountPrimaryGroup.getId() == remove_group.getId()) {
                    return Optional.of(account.getName());
                }
            }
            return Optional.empty();
        });
        if (isPrimaryGroupOf.isPresent()) {
            throw new PermissionDeniedException("Account '" + isPrimaryGroupOf.get() + "' still has '" + group.getName() + "' as their primary group!");
        }
        remove_group.setRemoved(true);
        remove_group.setCollection(broker, collectionRemovedGroups, XmldbURI.create(UUIDGenerator.getUUID() + ".xml"));
        try (final Txn txn = broker.continueOrBeginTransaction()) {
            collectionGroups.removeXMLResource(txn, broker, XmldbURI.create(remove_group.getName() + ".xml"));
            txn.commit();
        } catch (final Exception e) {
            LOG.warn(e.getMessage(), e);
        }
        getSecurityManager().registerGroup((Group) remove_group);
        principalDb.remove(remove_group.getName());
    });
    return true;
}

Example 52 with Account

use of org.exist.security.Account in project exist by eXist-db.

the class RealmImpl method deleteAccount.

@Override
public boolean deleteAccount(final Account account) throws PermissionDeniedException, EXistException {
    if (account == null) {
        return false;
    }
    usersByName.<PermissionDeniedException, EXistException>write2E(principalDb -> {
        final AbstractAccount remove_account = (AbstractAccount) principalDb.get(account.getName());
        if (remove_account == null) {
            throw new IllegalArgumentException("No such account exists!");
        }
        if (SecurityManager.SYSTEM.equals(account.getName()) || SecurityManager.DBA_USER.equals(account.getName()) || SecurityManager.GUEST_USER.equals(account.getName()) || SecurityManager.UNKNOWN_USER.equals(account.getName())) {
            throw new PermissionDeniedException("The '" + account.getName() + "' account is required by the system for correct operation, and you cannot delete it! You may be able to disable it instead.");
        }
        try (final DBBroker broker = getDatabase().getBroker()) {
            final Account user = broker.getCurrentSubject();
            if (!(account.getName().equals(user.getName()) || user.hasDbaRole())) {
                throw new PermissionDeniedException("You are not allowed to delete '" + account.getName() + "' user");
            }
            remove_account.setRemoved(true);
            remove_account.setCollection(broker, collectionRemovedAccounts, XmldbURI.create(UUIDGenerator.getUUID() + ".xml"));
            try (final Txn txn = broker.continueOrBeginTransaction()) {
                collectionAccounts.removeXMLResource(txn, broker, XmldbURI.create(remove_account.getName() + ".xml"));
                txn.commit();
            } catch (final Exception e) {
                LOG.warn(e.getMessage(), e);
            }
            getSecurityManager().registerAccount(remove_account);
            principalDb.remove(remove_account.getName());
        }
    });
    return true;
}

Example 53 with Account

use of org.exist.security.Account in project exist by eXist-db.

the class AccountImpl method insertGroup.

private Group insertGroup(final int index, final Group group) throws PermissionDeniedException {
    if (group == null) {
        return null;
    }
    final Account user = getDatabase().getActiveBroker().getCurrentSubject();
    group.assertCanModifyGroup(user);
    if (!groups.contains(group)) {
        groups.add(index, group);
        if (SecurityManager.DBA_GROUP.equals(group.getName())) {
            hasDbaRole = true;
        }
    }
    return group;
}

Example 54 with Account

use of org.exist.security.Account in project exist by eXist-db.

the class DatabaseCollectionTest method setUp.

@Before
public void setUp() throws XMLDBException {
    final CollectionManagementService cms = (CollectionManagementService) existServer.getRoot().getService("CollectionManagementService", "1.0");
    final Collection test = cms.createCollection(TEST_COLLECTION);
    final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    // change ownership to guest
    final Account guest = ums.getAccount(TestUtils.GUEST_DB_USER);
    ums.chown(guest, guest.getPrimaryGroup());
    ums.chmod(Permission.DEFAULT_COLLECTION_PERM);
}

Example 55 with Account

use of org.exist.security.Account in project exist by eXist-db.

the class ConsistencyCheck method checkPermissions.

public void checkPermissions(final Collection collection, final List<ErrorReport> errorList) {
    try {
        final Permission perms = collection.getPermissions();
        final Account owner = perms.getOwner();
        if (owner == null) {
            final ErrorReport.CollectionError error = new ErrorReport.CollectionError(ErrorReport.ACCESS_FAILED, "Owner account not found for collection: " + collection.getURI());
            error.setCollectionId(collection.getId());
            error.setCollectionURI(collection.getURI());
            errorList.add(error);
        }
        final Group group = perms.getGroup();
        if (group == null) {
            final ErrorReport.CollectionError error = new ErrorReport.CollectionError(ErrorReport.ACCESS_FAILED, "Owner group not found for collection: " + collection.getURI());
            error.setCollectionId(collection.getId());
            error.setCollectionURI(collection.getURI());
            errorList.add(error);
        }
    } catch (final Exception e) {
        final ErrorReport.CollectionError error = new ErrorReport.CollectionError(ErrorReport.ACCESS_FAILED, "Exception caught while : " + collection.getURI());
        error.setCollectionId(collection.getId());
        error.setCollectionURI(collection.getURI());
        errorList.add(error);
    }
}