Examples with Principal - org.exist.security.Principal

Example 1 with Principal

use of org.exist.security.Principal in project exist by eXist-db.

the class GetPrincipalMetadataFunction method eval.

@Override
public Sequence eval(final Sequence[] args, final Sequence contextSequence) throws XPathException {
    Sequence result = Sequence.EMPTY_SEQUENCE;
    final DBBroker broker = getContext().getBroker();
    final Subject currentUser = broker.getCurrentSubject();
    if (args.length == 0) {
        if (isCalledAs(qnGetAccountMetadataKeys.getLocalPart())) {
            result = getAllAccountMetadataKeys();
        } else if (isCalledAs(qnGetGroupMetadataKeys.getLocalPart())) {
            result = getAllGroupMetadataKeys();
        } else {
            throw new XPathException("Unknown function");
        }
    } else {
        final SecurityManager securityManager = broker.getBrokerPool().getSecurityManager();
        final String strPrincipal = args[0].getStringValue();
        final Principal principal;
        if (isCalledAs(qnGetAccountMetadataKeys.getLocalPart()) || isCalledAs(qnGetAccountMetadata.getLocalPart())) {
            if (!currentUser.hasDbaRole() && !currentUser.getUsername().equals(strPrincipal)) {
                throw new XPathException("You must be a DBA to retrieve metadata about other users, otherwise you may only retrieve metadata about yourself.");
            }
            principal = securityManager.getAccount(strPrincipal);
        } else if (isCalledAs(qnGetGroupMetadataKeys.getLocalPart()) || isCalledAs(qnGetGroupMetadata.getLocalPart())) {
            if (!currentUser.hasDbaRole() && !currentUser.hasGroup(strPrincipal)) {
                throw new XPathException("You must be a DBA to retrieve metadata about other groups, otherwise you may only retrieve metadata about groups you are a member of.");
            }
            principal = securityManager.getGroup(strPrincipal);
        } else {
            throw new XPathException("Unknown function");
        }
        if (principal == null) {
            result = Sequence.EMPTY_SEQUENCE;
        } else {
            if (isCalledAs(qnGetAccountMetadataKeys.getLocalPart()) || isCalledAs(qnGetGroupMetadataKeys.getLocalPart())) {
                result = getPrincipalMetadataKeys(principal);
            } else if (isCalledAs(qnGetAccountMetadata.getLocalPart()) || isCalledAs(qnGetGroupMetadata.getLocalPart())) {
                final String metadataAttributeNamespace = args[1].getStringValue();
                result = getPrincipalMetadata(principal, metadataAttributeNamespace);
            } else {
                throw new XPathException("Unknown function");
            }
        }
    }
    return result;
}

Also used : DBBroker(org.exist.storage.DBBroker) SecurityManager(org.exist.security.SecurityManager) XPathException(org.exist.xquery.XPathException) ValueSequence(org.exist.xquery.value.ValueSequence) Sequence(org.exist.xquery.value.Sequence) Subject(org.exist.security.Subject) Principal(org.exist.security.Principal)

Aggregations

Principal (org.exist.security.Principal)1 SecurityManager (org.exist.security.SecurityManager)1 Subject (org.exist.security.Subject)1 DBBroker (org.exist.storage.DBBroker)1 XPathException (org.exist.xquery.XPathException)1 Sequence (org.exist.xquery.value.Sequence)1 ValueSequence (org.exist.xquery.value.ValueSequence)1