use of org.exist.security.Account in project exist by eXist-db.
the class RpcConnection method removeGroupManager.
@Override
public void removeGroupManager(final String groupName, final String manager) throws EXistException, PermissionDeniedException {
withDb((broker, transaction) -> {
final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
final Group group = sm.getGroup(groupName);
final Account account = sm.getAccount(manager);
group.removeManager(account);
sm.updateGroup(group);
return null;
});
}
use of org.exist.security.Account in project exist by eXist-db.
the class RpcConnection method removeGroupMember.
@Override
public void removeGroupMember(final String group, final String member) throws EXistException, PermissionDeniedException {
withDb((broker, transaction) -> {
final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
final Account account = sm.getAccount(member);
account.remGroup(group);
sm.updateAccount(account);
return null;
});
}
use of org.exist.security.Account in project exist by eXist-db.
the class RpcConnection method lockResource.
private boolean lockResource(final XmldbURI docURI, final String userName) throws EXistException, PermissionDeniedException {
return this.<Boolean>writeDocument(docURI).apply((document, broker, transaction) -> {
// TODO : register the lock within the transaction ?
if (!document.getPermissions().validate(user, Permission.WRITE)) {
throw new PermissionDeniedException("User is not allowed to lock resource " + docURI);
}
final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
if (!(userName.equals(user.getName()) || manager.hasAdminPrivileges(user))) {
throw new PermissionDeniedException("User " + user.getName() + " is not allowed " + "to lock the resource for user " + userName);
}
final Account lockOwner = document.getUserLock();
if (lockOwner != null && (!lockOwner.equals(user)) && (!manager.hasAdminPrivileges(user))) {
throw new PermissionDeniedException("Resource is already locked by user " + lockOwner.getName());
}
document.setUserLock(user);
broker.storeXMLResource(transaction, document);
return true;
});
}
use of org.exist.security.Account in project exist by eXist-db.
the class RpcConnection method addAccountToGroup.
@Override
public void addAccountToGroup(final String accountName, final String groupName) throws EXistException, PermissionDeniedException {
withDb((broker, transaction) -> {
final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
final Account account = sm.getAccount(accountName);
account.addGroup(groupName);
sm.updateAccount(account);
return null;
});
}
use of org.exist.security.Account in project exist by eXist-db.
the class RpcConnection method unlockResource.
private boolean unlockResource(final XmldbURI docURI) throws EXistException, PermissionDeniedException {
return this.<Boolean>writeDocument(docURI).apply((document, broker, transaction) -> {
if (!document.getPermissions().validate(user, Permission.WRITE)) {
throw new PermissionDeniedException("User is not allowed to lock resource " + docURI);
}
final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
final Account lockOwner = document.getUserLock();
if (lockOwner != null && (!lockOwner.equals(user)) && (!manager.hasAdminPrivileges(user))) {
throw new PermissionDeniedException("Resource is already locked by user " + lockOwner.getName());
}
document.setUserLock(null);
broker.storeXMLResource(transaction, document);
return true;
});
}
Aggregations