Examples of org.exist.security.Group

• org.exist.security.Group

        try {
            executeWithBroker(new BrokerOperation<Void>() {
                @Override
                public Void withBroker(final DBBroker broker) throws EXistException, PermissionDeniedException {
                    final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
                    final Group group = sm.getGroup(groupName);
                    final Account account = sm.getAccount(manager);

                    group.removeManager(account);
                    sm.updateGroup(group);

                    return null;
                }
            });

    @Test
    public void copyOf_updates_metadata_created_and_lastModified() {
        BrokerPool mockBrokerPool = EasyMock.createMock(BrokerPool.class);
        Database mockDatabase = EasyMock.createMock(Database.class);
        Subject mockCurrentSubject = EasyMock.createMock(Subject.class);
        Group mockCurrentSubjectGroup= EasyMock.createMock(Group.class);
        SecurityManager mockSecurityManager = EasyMock.createMock(SecurityManager.class);
        PermissionFactory.sm = mockSecurityManager;

        //test values
        final DocumentMetadata docMetadata = new TestableDocumentMetadata();
        final DocumentMetadata otherMetadata = new DocumentMetadata();
        final long otherCreated = System.currentTimeMillis() - 2000;
        final long otherLastModified = System.currentTimeMillis() - 1000;

        //expectations
        expect(mockSecurityManager.getDatabase()).andReturn(mockDatabase).times(2);
        expect(mockDatabase.getSubject()).andReturn(mockCurrentSubject).times(2);
        expect(mockCurrentSubject.getUserMask()).andReturn(Permission.DEFAULT_UMASK).times(2);
        expect(mockCurrentSubject.getId()).andReturn(RealmImpl.SYSTEM_ACCOUNT_ID).times(2);
        expect(mockCurrentSubject.getDefaultGroup()).andReturn(mockCurrentSubjectGroup).times(2);
        expect(mockCurrentSubjectGroup.getId()).andReturn(RealmImpl.DBA_GROUP_ID).times(2);

        replay(mockBrokerPool, mockDatabase, mockCurrentSubject, mockCurrentSubjectGroup, mockSecurityManager);

        //test setup
        DocumentImpl doc = new DocumentImpl(mockBrokerPool);

    public void copyOf_calls_getMetadata() {

        BrokerPool mockBrokerPool = EasyMock.createMock(BrokerPool.class);
        Database mockDatabase = EasyMock.createMock(Database.class);
        Subject mockCurrentSubject = EasyMock.createMock(Subject.class);
        Group mockCurrentSubjectGroup= EasyMock.createMock(Group.class);
        SecurityManager mockSecurityManager = EasyMock.createMock(SecurityManager.class);
        PermissionFactory.sm = mockSecurityManager;

        //test values
        final DocumentMetadata otherMetadata = new DocumentMetadata();

        //expectations
        expect(mockSecurityManager.getDatabase()).andReturn(mockDatabase).times(2);
        expect(mockDatabase.getSubject()).andReturn(mockCurrentSubject).times(2);
        expect(mockCurrentSubject.getUserMask()).andReturn(Permission.DEFAULT_UMASK).times(2);
        expect(mockCurrentSubject.getId()).andReturn(RealmImpl.SYSTEM_ACCOUNT_ID).times(2);
        expect(mockCurrentSubject.getDefaultGroup()).andReturn(mockCurrentSubjectGroup).times(2);
        expect(mockCurrentSubjectGroup.getId()).andReturn(RealmImpl.DBA_GROUP_ID).times(2);

        replay(mockBrokerPool, mockDatabase, mockCurrentSubject, mockCurrentSubjectGroup, mockSecurityManager);

        //test setup
        TestableDocumentImpl doc = new TestableDocumentImpl(mockBrokerPool);

    @Test
    public void copyOf_calls_metadata_copyOf() {
        BrokerPool mockBrokerPool = EasyMock.createMock(BrokerPool.class);
        Database mockDatabase = EasyMock.createMock(Database.class);
        Subject mockCurrentSubject = EasyMock.createMock(Subject.class);
        Group mockCurrentSubjectGroup= EasyMock.createMock(Group.class);
        SecurityManager mockSecurityManager = EasyMock.createMock(SecurityManager.class);
        PermissionFactory.sm = mockSecurityManager;

        //test values
        final TestableDocumentMetadata docMetadata = new TestableDocumentMetadata();
        final DocumentMetadata otherMetadata = new DocumentMetadata();

        //expectations
        expect(mockSecurityManager.getDatabase()).andReturn(mockDatabase).times(2);
        expect(mockDatabase.getSubject()).andReturn(mockCurrentSubject).times(2);
        expect(mockCurrentSubject.getUserMask()).andReturn(Permission.DEFAULT_UMASK).times(2);
        expect(mockCurrentSubject.getId()).andReturn(RealmImpl.SYSTEM_ACCOUNT_ID).times(2);
        expect(mockCurrentSubject.getDefaultGroup()).andReturn(mockCurrentSubjectGroup).times(2);
        expect(mockCurrentSubjectGroup.getId()).andReturn(RealmImpl.DBA_GROUP_ID).times(2);

        replay(mockBrokerPool, mockDatabase, mockCurrentSubject, mockCurrentSubjectGroup, mockSecurityManager);

        //test setup
        DocumentImpl doc = new DocumentImpl(mockBrokerPool);

        }

        log( "Removing group " + name, Project.MSG_INFO );

        try {
            final Group group = service.getGroup( name );

            if( group != null ) {
                service.removeGroup( group );
            } else {
                log( "Group " + name + " does not exist.", Project.MSG_INFO );

                params.add(name);

                final Map<String,Object> tab = (HashMap<String,Object>) parent.getClient().execute("getGroup", params);

                if(tab != null && !tab.isEmpty()) {
                    final Group group = new GroupAider((Integer)tab.get("id"), (String) tab.get("realmId"), (String) tab.get("name"));

                    final Object[] managers = (Object[]) tab.get("managers");
                    for(final Object manager : managers) {
                        group.addManager(getAccount((String)manager));
                    }

                    final Map<String, String> metadata = (Map<String, String>)tab.get("metadata");
                    for(final String key : metadata.keySet()) {
                        if(AXSchemaType.valueOfNamespace(key) != null) {
                            group.setMetadataValue(AXSchemaType.valueOfNamespace(key), metadata.get(key));
                        } else if(EXistSchemaType.valueOfNamespace(key) != null) {
                            group.setMetadataValue(EXistSchemaType.valueOfNamespace(key), metadata.get(key));
                        }
                    }

                    return group;
                }

        try {

            final SecurityManager sm = context.getBroker().getBrokerPool().getSecurityManager();

            final Group group = sm.getGroup(groupName);

            final Account account = sm.getAccount(userName);
            if(account != null) {
                account.addGroup(group);

        if(currentUser.hasGroup(groupName)) {
            return BooleanValue.TRUE;
        } else if(currentUser.hasDbaRole()) {
            final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
            final Group group = sm.getGroup(groupName);
            return BooleanValue.valueOf(group != null);
        } else {
            throw new XPathException("You do not have permission to determine if the group exists");
        }
    }

      throw xPathException;
    }

    logger.info("Attempting to create group " + groupName);

    Group group = new GroupAider(groupName);

    final DBBroker broker = context.getBroker();
    final Subject currentUser = broker.getSubject();

    try {

      final SecurityManager sm = broker.getBrokerPool().getSecurityManager();

      // add the current user as a group manager
      group.addManager(currentUser);

      if (args.length == 2) {
        // add the additional group managers, this also makes sure they
        // all exist first!
        for (final SequenceIterator i = args[1].iterate(); i.hasNext();) {
          final String groupManager = i.nextItem().getStringValue();

          final Account groupManagerAccount = sm.getAccount(groupManager);
          if (groupManagerAccount == null) {
            logger.error("Could not find the user: " + groupManager);
            // throw exception is better -shabanovd
            return BooleanValue.FALSE;
          }
          group.addManager(groupManagerAccount);
        }
      }

      // create the group
      group = sm.addGroup(group);

            //TEMP - ESCALATE TO DBA :-(
            //START TEMP - we also need to make every manager a member of the group otherwise
            //they do not show up as group members automatically - this is a design problem because group
            //membership is managed on the user and not the group, this needs to be fixed!
            //see XMLDBAddUserToGroup and XMLDBRemoveUserFromGroup also
            final Subject currentSubject = context.getBroker().getSubject();
            try {
                //escalate
                context.getBroker().setSubject(sm.getSystemSubject());

                //perform action
                for(final Account manager : group.getManagers()) {
                    manager.addGroup(group);
                    sm.updateAccount(manager);
                }
            } finally {
                context.getBroker().setSubject(currentSubject);

      if(oldUser == null) {
                logger.error("User " + userName + " not found");
                throw new XPathException(this, "User " + userName + " not found");
      }

            final Group oldPrimaryGroup = oldUser.getDefaultGroup();
            final UserAider user;
            if(oldPrimaryGroup != null) {
                //dont forget to set the primary group
                user = new UserAider(oldUser.getName(), oldPrimaryGroup);
            } else {