use of org.exist.security.Group in project exist by eXist-db.
the class RpcConnection method removeGroupManager.
@Override
public void removeGroupManager(final String groupName, final String manager) throws EXistException, PermissionDeniedException {
withDb((broker, transaction) -> {
final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
final Group group = sm.getGroup(groupName);
final Account account = sm.getAccount(manager);
group.removeManager(account);
sm.updateGroup(group);
return null;
});
}
use of org.exist.security.Group in project exist by eXist-db.
the class RpcConnection method getGroups.
@Override
public List<String> getGroups() throws EXistException, PermissionDeniedException {
final java.util.Collection<Group> groups = factory.getBrokerPool().getSecurityManager().getGroups();
final List<String> v = new ArrayList<>(groups.size());
for (final Group group : groups) {
v.add(group.getName());
}
return v;
}
use of org.exist.security.Group in project exist by eXist-db.
the class RpcConnection method toMap.
private Map<String, Object> toMap(final Account account) {
final Map<String, Object> result = new HashMap<>();
result.put("uid", account.getId());
result.put("name", account.getName());
result.put("groups", Arrays.asList(account.getGroups()));
final Group dg = account.getDefaultGroup();
if (dg != null) {
result.put("default-group-id", dg.getId());
result.put("default-group-realmId", dg.getRealmId());
result.put("default-group-name", dg.getName());
}
result.put("enabled", Boolean.toString(account.isEnabled()));
result.put("umask", account.getUserMask());
final Map<String, String> metadata = new HashMap<>();
for (final SchemaType key : account.getMetadataKeys()) {
metadata.put(key.getNamespace(), account.getMetadataValue(key));
}
result.put("metadata", metadata);
return result;
}
use of org.exist.security.Group in project exist by eXist-db.
the class RemoteUserManagementService method getGroup.
@Override
public Group getGroup(final String name) throws XMLDBException {
try {
final List<Object> params = new ArrayList<>();
params.add(name);
final Map<String, Object> tab = (Map<String, Object>) collection.execute("getGroup", params);
if (tab != null && !tab.isEmpty()) {
final Group group = new GroupAider((Integer) tab.get("id"), (String) tab.get("realmId"), (String) tab.get("name"));
final Object[] managers = (Object[]) tab.get("managers");
for (final Object manager : managers) {
group.addManager(getAccount((String) manager));
}
final Map<String, String> metadata = (Map<String, String>) tab.get("metadata");
for (final Map.Entry<String, String> m : metadata.entrySet()) {
if (AXSchemaType.valueOfNamespace(m.getKey()) != null) {
group.setMetadataValue(AXSchemaType.valueOfNamespace(m.getKey()), m.getValue());
} else if (EXistSchemaType.valueOfNamespace(m.getKey()) != null) {
group.setMetadataValue(EXistSchemaType.valueOfNamespace(m.getKey()), m.getValue());
}
}
return group;
}
return null;
} catch (final PermissionDeniedException pde) {
throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, pde);
}
}
use of org.exist.security.Group in project exist by eXist-db.
the class SecurityManagerImpl method processParameter.
@Override
public void processParameter(final DBBroker broker, final DocumentImpl document) throws ConfigurationException {
XmldbURI uri = document.getCollection().getURI();
final boolean isRemoved = uri.endsWith(SecurityManager.REMOVED_COLLECTION_URI);
if (isRemoved) {
uri = uri.removeLastSegment();
}
final boolean isAccount = uri.endsWith(SecurityManager.ACCOUNTS_COLLECTION_URI);
final boolean isGroup = uri.endsWith(SecurityManager.GROUPS_COLLECTION_URI);
if (isAccount || isGroup) {
uri = uri.removeLastSegment();
final String realmId = uri.lastSegment().toString();
final AbstractRealm realm = (AbstractRealm) findRealmForRealmId(realmId);
final Configuration conf = Configurator.parse(broker.getBrokerPool(), document);
Integer id = -1;
if (isRemoved) {
id = conf.getPropertyInteger("id");
}
final String name = conf.getProperty("name");
if (isAccount) {
if (isRemoved && id > 2 && !hasUser(id)) {
final AccountImpl account = new AccountImpl(realm, conf);
account.removed = true;
registerAccount(account);
} else if (name != null) {
if (realm.hasAccount(name)) {
final Integer oldId = saving.get(document.getURI());
final Integer newId = conf.getPropertyInteger("id");
if (!newId.equals(oldId)) {
final Account current = realm.getAccount(name);
try (final ManagedLock<ReadWriteLock> lock = ManagedLock.acquire(accountLocks.getLock(current), LockMode.WRITE_LOCK)) {
usersById.write(principalDb -> {
principalDb.remove(oldId);
principalDb.put(newId, current);
});
}
}
} else {
final Account account = new AccountImpl(realm, conf);
if (account.getGroups().length == 0) {
try {
account.setPrimaryGroup(realm.getGroup(SecurityManager.UNKNOWN_GROUP));
LOG.warn("Account '{}' has no groups, but every account must have at least 1 group. Assigned group: " + SecurityManager.UNKNOWN_GROUP, account.getName());
} catch (final PermissionDeniedException e) {
throw new ConfigurationException("Account has no group, unable to default to " + SecurityManager.UNKNOWN_GROUP + ": " + e.getMessage(), e);
}
}
registerAccount(account);
realm.registerAccount(account);
}
} else {
// this can't be! log any way
LOG.error("Account '{}' already exists in realm: '{}', but received notification that a new one was created.", name, realmId);
}
} else if (isGroup) {
if (isRemoved && id > 2 && !hasGroup(id)) {
final GroupImpl group = new GroupImpl(realm, conf);
group.removed = true;
registerGroup(group);
} else if (name != null && !realm.hasGroup(name)) {
final GroupImpl group = new GroupImpl(realm, conf);
registerGroup(group);
realm.registerGroup(group);
} else {
// this can't be! log any way
LOG.error("Group '{}' already exists in realm: '{}', but received notification that a new one was created.", name, realmId);
}
}
saving.remove(document.getURI());
}
}
Aggregations