Search in sources :

Example 21 with Account

use of org.exist.security.Account in project exist by eXist-db.

the class RpcConnection method removeGroupManager.

@Override
public void removeGroupManager(final String groupName, final String manager) throws EXistException, PermissionDeniedException {
    withDb((broker, transaction) -> {
        final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
        final Group group = sm.getGroup(groupName);
        final Account account = sm.getAccount(manager);
        group.removeManager(account);
        sm.updateGroup(group);
        return null;
    });
}
Also used : Group(org.exist.security.Group) Account(org.exist.security.Account) SecurityManager(org.exist.security.SecurityManager)

Example 22 with Account

use of org.exist.security.Account in project exist by eXist-db.

the class RpcConnection method removeGroupMember.

@Override
public void removeGroupMember(final String group, final String member) throws EXistException, PermissionDeniedException {
    withDb((broker, transaction) -> {
        final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
        final Account account = sm.getAccount(member);
        account.remGroup(group);
        sm.updateAccount(account);
        return null;
    });
}
Also used : Account(org.exist.security.Account) SecurityManager(org.exist.security.SecurityManager)

Example 23 with Account

use of org.exist.security.Account in project exist by eXist-db.

the class RpcConnection method lockResource.

private boolean lockResource(final XmldbURI docURI, final String userName) throws EXistException, PermissionDeniedException {
    return this.<Boolean>writeDocument(docURI).apply((document, broker, transaction) -> {
        // TODO : register the lock within the transaction ?
        if (!document.getPermissions().validate(user, Permission.WRITE)) {
            throw new PermissionDeniedException("User is not allowed to lock resource " + docURI);
        }
        final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
        if (!(userName.equals(user.getName()) || manager.hasAdminPrivileges(user))) {
            throw new PermissionDeniedException("User " + user.getName() + " is not allowed " + "to lock the resource for user " + userName);
        }
        final Account lockOwner = document.getUserLock();
        if (lockOwner != null && (!lockOwner.equals(user)) && (!manager.hasAdminPrivileges(user))) {
            throw new PermissionDeniedException("Resource is already locked by user " + lockOwner.getName());
        }
        document.setUserLock(user);
        broker.storeXMLResource(transaction, document);
        return true;
    });
}
Also used : Account(org.exist.security.Account) SecurityManager(org.exist.security.SecurityManager) PermissionDeniedException(org.exist.security.PermissionDeniedException)

Example 24 with Account

use of org.exist.security.Account in project exist by eXist-db.

the class RpcConnection method addAccountToGroup.

@Override
public void addAccountToGroup(final String accountName, final String groupName) throws EXistException, PermissionDeniedException {
    withDb((broker, transaction) -> {
        final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
        final Account account = sm.getAccount(accountName);
        account.addGroup(groupName);
        sm.updateAccount(account);
        return null;
    });
}
Also used : Account(org.exist.security.Account) SecurityManager(org.exist.security.SecurityManager)

Example 25 with Account

use of org.exist.security.Account in project exist by eXist-db.

the class RpcConnection method unlockResource.

private boolean unlockResource(final XmldbURI docURI) throws EXistException, PermissionDeniedException {
    return this.<Boolean>writeDocument(docURI).apply((document, broker, transaction) -> {
        if (!document.getPermissions().validate(user, Permission.WRITE)) {
            throw new PermissionDeniedException("User is not allowed to lock resource " + docURI);
        }
        final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
        final Account lockOwner = document.getUserLock();
        if (lockOwner != null && (!lockOwner.equals(user)) && (!manager.hasAdminPrivileges(user))) {
            throw new PermissionDeniedException("Resource is already locked by user " + lockOwner.getName());
        }
        document.setUserLock(null);
        broker.storeXMLResource(transaction, document);
        return true;
    });
}
Also used : Account(org.exist.security.Account) SecurityManager(org.exist.security.SecurityManager) PermissionDeniedException(org.exist.security.PermissionDeniedException)

Aggregations

Account (org.exist.security.Account)60 PermissionDeniedException (org.exist.security.PermissionDeniedException)18 SecurityManager (org.exist.security.SecurityManager)17 EXistException (org.exist.EXistException)12 XMLDBException (org.xmldb.api.base.XMLDBException)11 Group (org.exist.security.Group)10 Collection (org.xmldb.api.base.Collection)10 AuthenticationException (org.exist.security.AuthenticationException)9 DBBroker (org.exist.storage.DBBroker)9 AbstractAccount (org.exist.security.AbstractAccount)7 CollectionManagementService (org.xmldb.api.modules.CollectionManagementService)7 Txn (org.exist.storage.txn.Txn)6 DocumentImpl (org.exist.dom.persistent.DocumentImpl)5 Subject (org.exist.security.Subject)5 UserAider (org.exist.security.internal.aider.UserAider)5 UserManagementService (org.exist.xmldb.UserManagementService)5 Permission (org.exist.security.Permission)4 XPathException (org.exist.xquery.XPathException)4 Before (org.junit.Before)4 Test (org.junit.Test)4