Package org.exist.xquery.functions.securitymanager

Source Code of org.exist.xquery.functions.securitymanager.AccountStatusFunction

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
/*
*  eXist SecurityManager Module Extension
*  Copyright (C) 2012 Adam Retter <adam@existsolutions.com>
*  www.adamretter.co.uk
*  This program is free software; you can redistribute it and/or
*  modify it under the terms of the GNU Lesser General Public License
*  as published by the Free Software Foundation; either version 2
*  of the License, or (at your option) any later version.
*  This program is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU Lesser General Public License for more details.
*  You should have received a copy of the GNU Lesser General Public License
*  along with this program; if not, write to the Free Software
*  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*  $Id$
*/
package org.exist.xquery.functions.securitymanager;

import org.exist.config.ConfigurationException;
import org.exist.dom.QName;
import org.exist.security.Account;
import org.exist.security.PermissionDeniedException;
import org.exist.security.SecurityManager;
import org.exist.security.Subject;
import org.exist.storage.DBBroker;
import org.exist.xquery.BasicFunction;
import org.exist.xquery.Cardinality;
import org.exist.xquery.FunctionSignature;
import org.exist.xquery.XPathException;
import org.exist.xquery.XQueryContext;
import org.exist.xquery.value.BooleanValue;
import org.exist.xquery.value.FunctionParameterSequenceType;
import org.exist.xquery.value.FunctionReturnSequenceType;
import org.exist.xquery.value.Sequence;
import org.exist.xquery.value.SequenceType;
import org.exist.xquery.value.Type;

/**
*
* @author Adam Retter <adam.retter@googlemail.com>
*/
public class AccountStatusFunction extends BasicFunction {

    private final static QName qnIsAccountEnabled = new QName("is-account-enabled", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private final static QName qnSetAccountEnabled = new QName("set-account-enabled", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
   
    public final static FunctionSignature FNS_IS_ACCOUNT_ENABLED = new FunctionSignature(
        qnIsAccountEnabled,
        "Determines whether a user account is enabled. You must be a DBA, or you must be enquiring about your own user account.",
        new SequenceType[] {
            new FunctionParameterSequenceType("username", Type.STRING, Cardinality.EXACTLY_ONE, "The username of the account to check the status for.")
        },
        new FunctionReturnSequenceType(Type.BOOLEAN, Cardinality.EXACTLY_ONE, "true if the account is enabled, false otherwise.")
    );
   
    public final static FunctionSignature FNS_SET_ACCOUNT_ENABLED = new FunctionSignature(
        qnSetAccountEnabled,
        "Enabled or disables a users account. You must be a DBA to enable or disable an account.",
        new SequenceType[] {
            new FunctionParameterSequenceType("username", Type.STRING, Cardinality.EXACTLY_ONE, "The username of the account to enable or disable."),
            new FunctionParameterSequenceType("enabled", Type.BOOLEAN, Cardinality.EXACTLY_ONE, "true to enable the account, false to disable the account.")
        },
        new SequenceType(Type.EMPTY, Cardinality.ZERO)
    );
   
    public AccountStatusFunction(final XQueryContext context, final FunctionSignature signature) {
        super(context, signature);
    }
   
    @Override
    public Sequence eval(final Sequence[] args, final Sequence contextSequence) throws XPathException {
        final DBBroker broker = getContext().getBroker();
        final Subject currentUser = broker.getSubject();
        final SecurityManager securityManager = broker.getBrokerPool().getSecurityManager();
       
        final String username = args[0].getStringValue();
       
        if(isCalledAs(qnIsAccountEnabled.getLocalName())) {
            if(!currentUser.hasDbaRole() && !currentUser.getName().equals(username)) {
                throw new XPathException("You must be a DBA or be enquiring about your own account!");
            }
            final Account account = securityManager.getAccount(username);
            return new BooleanValue(account.isEnabled());
        } else if(isCalledAs(qnSetAccountEnabled.getLocalName())) {
            if(!currentUser.hasDbaRole()) {
                throw new XPathException("You must be a DBA to change the status of an account!");
            }
           
            final boolean enable = args[1].effectiveBooleanValue();
           
            final Account account = securityManager.getAccount(username);
            account.setEnabled(enable);
           
            try {
                account.save(broker);
                return Sequence.EMPTY_SEQUENCE;
            } catch(final ConfigurationException ce) {
                throw new XPathException(ce.getMessage(), ce);
            } catch(final PermissionDeniedException pde) {
                throw new XPathException(pde.getMessage(), pde);
            }
        } else {
            throw new XPathException("Unknown function");
        }
    }
   
}
TOP

Related Classes of org.exist.xquery.functions.securitymanager.AccountStatusFunction

  • org.exist.security.Account
  • org.exist.security.SecurityManager
  • org.exist.security.Subject
  • org.exist.storage.DBBroker
  • org.exist.xquery.value.BooleanValue
  • org.exist.xquery.XPathException
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.