use of org.exist.security.Group in project exist by eXist-db.
the class RealmImpl method deleteGroup.
@Override
public boolean deleteGroup(final Group group) throws PermissionDeniedException, EXistException {
if (group == null) {
return false;
}
groupsByName.<PermissionDeniedException, EXistException>write2E(principalDb -> {
final AbstractPrincipal remove_group = (AbstractPrincipal) principalDb.get(group.getName());
if (remove_group == null) {
throw new IllegalArgumentException("Group does '" + group.getName() + "' not exist!");
}
if (SecurityManager.DBA_GROUP.equals(group.getName()) || SecurityManager.GUEST_GROUP.equals(group.getName()) || SecurityManager.UNKNOWN_GROUP.equals(group.getName())) {
throw new PermissionDeniedException("The '" + group.getName() + "' group is required by the system for correct operation, you cannot delete it!");
}
final DBBroker broker = getDatabase().getActiveBroker();
final Subject subject = broker.getCurrentSubject();
((Group) remove_group).assertCanModifyGroup(subject);
// check that this is not an active primary group
final Optional<String> isPrimaryGroupOf = usersByName.read(usersDb -> {
for (final Account account : usersDb.values()) {
final Group accountPrimaryGroup = account.getDefaultGroup();
if (accountPrimaryGroup != null && accountPrimaryGroup.getId() == remove_group.getId()) {
return Optional.of(account.getName());
}
}
return Optional.empty();
});
if (isPrimaryGroupOf.isPresent()) {
throw new PermissionDeniedException("Account '" + isPrimaryGroupOf.get() + "' still has '" + group.getName() + "' as their primary group!");
}
remove_group.setRemoved(true);
remove_group.setCollection(broker, collectionRemovedGroups, XmldbURI.create(UUIDGenerator.getUUID() + ".xml"));
try (final Txn txn = broker.continueOrBeginTransaction()) {
collectionGroups.removeXMLResource(txn, broker, XmldbURI.create(remove_group.getName() + ".xml"));
txn.commit();
} catch (final Exception e) {
LOG.warn(e.getMessage(), e);
}
getSecurityManager().registerGroup((Group) remove_group);
principalDb.remove(remove_group.getName());
});
return true;
}
use of org.exist.security.Group in project exist by eXist-db.
the class ConsistencyCheck method checkPermissions.
public void checkPermissions(final Collection collection, final List<ErrorReport> errorList) {
try {
final Permission perms = collection.getPermissions();
final Account owner = perms.getOwner();
if (owner == null) {
final ErrorReport.CollectionError error = new ErrorReport.CollectionError(ErrorReport.ACCESS_FAILED, "Owner account not found for collection: " + collection.getURI());
error.setCollectionId(collection.getId());
error.setCollectionURI(collection.getURI());
errorList.add(error);
}
final Group group = perms.getGroup();
if (group == null) {
final ErrorReport.CollectionError error = new ErrorReport.CollectionError(ErrorReport.ACCESS_FAILED, "Owner group not found for collection: " + collection.getURI());
error.setCollectionId(collection.getId());
error.setCollectionURI(collection.getURI());
errorList.add(error);
}
} catch (final Exception e) {
final ErrorReport.CollectionError error = new ErrorReport.CollectionError(ErrorReport.ACCESS_FAILED, "Exception caught while : " + collection.getURI());
error.setCollectionId(collection.getId());
error.setCollectionURI(collection.getURI());
errorList.add(error);
}
}
use of org.exist.security.Group in project exist by eXist-db.
the class ConsistencyCheck method checkPermissions.
public ErrorReport checkPermissions(final DocumentImpl doc) {
try {
final Permission perms = doc.getPermissions();
final Account owner = perms.getOwner();
if (owner == null) {
return new ErrorReport.ResourceError(ErrorReport.RESOURCE_ACCESS_FAILED, "Owner account not found for document " + doc.getFileURI());
}
final Group group = perms.getGroup();
if (group == null) {
return new ErrorReport.ResourceError(ErrorReport.RESOURCE_ACCESS_FAILED, "Owner group not found for document " + doc.getFileURI());
}
} catch (final Exception e) {
return new ErrorReport.ResourceError(ErrorReport.RESOURCE_ACCESS_FAILED, "Exception caught while checking permissions on document " + doc.getFileURI(), e);
}
return null;
}
Aggregations