Examples with Permission org.exist.security.Permission used on opensource projects

Search in sources :

Example 46 with Permission

use of org.exist.security.Permission in project exist by eXist-db.

the class NativeBrokerTest method copyCollection_noDescendants_toExistingDest_canWriteDest.

/**
 * When copying an empty Collection (/db/test/source) where
 * we have execute+read access
 *
 * to the destination /db/test/dest (which already exists)
 * and we have execute+write access on /db/test and /db/test/dest
 * we should be allowed to copy the content of the Collection.
 */
@Test
public void copyCollection_noDescendants_toExistingDest_canWriteDest() throws LockException, PermissionDeniedException {
    final XmldbURI src = XmldbURI.create("/db/test/source");
    final XmldbURI dest = XmldbURI.create("/db/test");
    final XmldbURI newName = XmldbURI.create("dest");
    final Collection srcCollection = EasyMock.createStrictMock(Collection.class);
    final Permission srcPermissions = EasyMock.createStrictMock(Permission.class);
    final Collection destCollection = EasyMock.createStrictMock(Collection.class);
    final Permission destPermissions = EasyMock.createStrictMock(Permission.class);
    final Collection newDestCollection = EasyMock.createStrictMock(Collection.class);
    final Permission newDestPermissions = EasyMock.createStrictMock(Permission.class);
    final NativeBroker broker = EasyMock.createMockBuilder(NativeBroker.class).addMockedMethod("getCollection").addMockedMethod("getCurrentSubject").createStrictMock();
    final Subject subject = EasyMock.createStrictMock(Subject.class);
    // grant EXECUTE and READ permissions on the src
    expect(srcCollection.getPermissionsNoLock()).andReturn(srcPermissions);
    expect(broker.getCurrentSubject()).andReturn(subject);
    expect(srcPermissions.validate(subject, Permission.EXECUTE | Permission.READ)).andReturn(true);
    // grant EXECUTE and WRITE permission on the dest
    expect(destCollection.getURI()).andReturn(dest);
    final Capture<XmldbURI> newDestURICapture = newCapture();
    expect(broker.getCollection(capture(newDestURICapture))).andReturn(newDestCollection);
    expect(destCollection.getPermissionsNoLock()).andReturn(destPermissions);
    expect(broker.getCurrentSubject()).andReturn(subject);
    expect(destPermissions.validate(subject, Permission.EXECUTE | Permission.WRITE)).andReturn(true);
    expect(newDestCollection.getPermissionsNoLock()).andReturn(newDestPermissions);
    expect(broker.getCurrentSubject()).andReturn(subject);
    expect(newDestPermissions.validate(subject, Permission.EXECUTE | Permission.WRITE)).andReturn(true);
    // no sub-documents
    expect(srcCollection.iteratorNoLock(broker)).andReturn(Collections.emptyIterator());
    // no sub-collections
    expect(srcCollection.collectionIteratorNoLock(broker)).andReturn(Collections.emptyIterator());
    // test below
    replay(newDestPermissions, newDestCollection, destCollection, destPermissions, srcCollection, srcPermissions, subject, broker);
    // run the test
    broker.checkPermissionsForCopy(srcCollection, destCollection, newName);
    verify(newDestPermissions, newDestCollection, destCollection, destPermissions, srcCollection, srcPermissions, subject, broker);
    assertEquals(dest.append(newName), newDestURICapture.getValue());
}
Also used : Permission(org.exist.security.Permission) Collection(org.exist.collections.Collection) XmldbURI(org.exist.xmldb.XmldbURI) Subject(org.exist.security.Subject) Test(org.junit.Test)

Example 47 with Permission

use of org.exist.security.Permission in project exist by eXist-db.

the class NativeBrokerTest method copyCollection_oneSubDoc_oneSubColl_toNonExistingDest_canWriteDest.

/**
 * When copying a Collection (/db/test/source) where
 * we have execute+read access and
 * which has one descendant document (on which we have read access)
 * and one descendant collection (on which we have read+execute access) in it,
 *
 * to the destination /db/test/dest (which does not already exist)
 * and we have execute+write access on /db/test
 * we should be allowed to copy the Collection.
 */
@Ignore
@Test
public void copyCollection_oneSubDoc_oneSubColl_toNonExistingDest_canWriteDest() throws LockException, PermissionDeniedException {
    final XmldbURI src = XmldbURI.create("/db/test/source");
    final XmldbURI dest = XmldbURI.create("/db/test");
    final XmldbURI newName = XmldbURI.create("dest");
    final Collection srcCollection = EasyMock.createStrictMock(Collection.class);
    final Permission srcPermissions = EasyMock.createStrictMock(Permission.class);
    final DocumentImpl srcSubDocument = EasyMock.createStrictMock(DocumentImpl.class);
    final Permission srcSubDocumentPermissions = EasyMock.createStrictMock(Permission.class);
    final XmldbURI srcSubCollectionName = XmldbURI.create("sub-collection");
    final XmldbURI srcSubCollectionUri = src.append(srcSubCollectionName);
    final Collection srcSubCollection = EasyMock.createStrictMock(Collection.class);
    final Permission srcSubCollectionPermissions = EasyMock.createStrictMock(Permission.class);
    final Collection destCollection = EasyMock.createStrictMock(Collection.class);
    final Permission destPermissions = EasyMock.createStrictMock(Permission.class);
    final Collection newDestCollection = null;
    final NativeBroker broker = EasyMock.createMockBuilder(NativeBroker.class).addMockedMethod("getCollection").addMockedMethod("getCurrentSubject").createStrictMock();
    final Subject subject = EasyMock.createStrictMock(Subject.class);
    // grant EXECUTE and READ permissions on the src
    expect(srcCollection.getPermissionsNoLock()).andReturn(srcPermissions);
    expect(broker.getCurrentSubject()).andReturn(subject);
    expect(srcPermissions.validate(subject, Permission.EXECUTE | Permission.READ)).andReturn(true);
    // grant EXECUTE and WRITE permission on the dest
    expect(destCollection.getURI()).andReturn(dest);
    final Capture<XmldbURI> newDestURICapture = newCapture();
    expect(broker.getCollection(capture(newDestURICapture))).andReturn(newDestCollection);
    expect(destCollection.getPermissionsNoLock()).andReturn(destPermissions);
    expect(broker.getCurrentSubject()).andReturn(subject);
    expect(destPermissions.validate(subject, Permission.EXECUTE | Permission.WRITE)).andReturn(true);
    // one sub-document with READ permission
    expect(srcCollection.iterator(broker)).andReturn(new ArrayIterator<>(srcSubDocument));
    expect(srcSubDocument.getPermissions()).andReturn(srcSubDocumentPermissions);
    expect(broker.getCurrentSubject()).andReturn(subject);
    expect(srcSubDocumentPermissions.validate(subject, Permission.READ)).andReturn(true);
    // one sub-collection with READ and EXECUTE permission
    expect(srcCollection.collectionIterator(broker)).andReturn(new ArrayIterator<>(srcSubCollectionName));
    // TODO fix?!? .once()  .anyTimes()  .times(2)
    expect(srcCollection.getURI()).andReturn(src);
    expect(src.append(srcSubCollectionName)).andReturn(srcSubCollectionUri);
    expect(broker.getCollection(srcSubCollectionUri)).andReturn(srcSubCollection);
    /* we are now recursing on the sub-collection */
    expect(srcSubCollection.getPermissionsNoLock()).andReturn(srcSubCollectionPermissions);
    expect(broker.getCurrentSubject()).andReturn(subject);
    expect(srcSubCollectionPermissions.validate(subject, Permission.EXECUTE | Permission.READ)).andReturn(true);
    // no such dest collection, so return null
    expect(broker.getCollection(dest.append(newName))).andReturn(null);
    // no such dest sub-collection, so return null
    expect(broker.getCollection(dest.append(newName).append(srcSubCollectionName))).andReturn(null);
    // no sub-sub-docs
    expect(srcSubCollection.iterator(broker)).andReturn(Collections.emptyIterator());
    // no sub-sub-collections
    expect(srcSubCollection.collectionIterator(broker)).andReturn(Collections.emptyIterator());
    // test below
    replay(srcSubCollectionPermissions, srcSubCollection, srcSubDocumentPermissions, srcSubDocument, destCollection, destPermissions, srcCollection, srcPermissions, subject, broker);
    // run the test
    broker.checkPermissionsForCopy(srcCollection, destCollection, newName);
    verify(srcSubCollectionPermissions, srcSubCollection, srcSubDocumentPermissions, srcSubDocument, destCollection, destPermissions, srcCollection, srcPermissions, subject, broker);
    assertEquals(dest.append(newName), newDestURICapture.getValue());
}
Also used : Permission(org.exist.security.Permission) Collection(org.exist.collections.Collection) DocumentImpl(org.exist.dom.persistent.DocumentImpl) XmldbURI(org.exist.xmldb.XmldbURI) Subject(org.exist.security.Subject) Ignore(org.junit.Ignore) Test(org.junit.Test)

Example 48 with Permission

use of org.exist.security.Permission in project exist by eXist-db.

the class NativeBrokerTest method copyCollection_oneSubDoc_toExistingDest_canWriteDest.

/**
 * When copying a Collection (/db/test/source) where
 * we have execute+read access and
 * which has one descendant document (on which we have read access)
 * in it,
 *
 * to the destination /db/test/dest (which already exists)
 * and we have execute+write access on /db/test and /db/test/dest
 * we should be allowed to copy the content of the Collection.
 */
@Test
public void copyCollection_oneSubDoc_toExistingDest_canWriteDest() throws LockException, PermissionDeniedException {
    final XmldbURI src = XmldbURI.create("/db/test/source");
    final XmldbURI dest = XmldbURI.create("/db/test");
    final XmldbURI newName = XmldbURI.create("dest");
    final Collection srcCollection = EasyMock.createStrictMock(Collection.class);
    final Permission srcPermissions = EasyMock.createStrictMock(Permission.class);
    final DocumentImpl srcSubDocument = EasyMock.createStrictMock(DocumentImpl.class);
    final Permission srcSubDocumentPermissions = EasyMock.createStrictMock(Permission.class);
    final Collection destCollection = EasyMock.createStrictMock(Collection.class);
    final Permission destPermissions = EasyMock.createStrictMock(Permission.class);
    final Collection newDestCollection = EasyMock.createStrictMock(Collection.class);
    final Permission newDestPermissions = EasyMock.createStrictMock(Permission.class);
    final NativeBroker broker = EasyMock.createMockBuilder(NativeBroker.class).addMockedMethod("getCollection").addMockedMethod("getCurrentSubject").createStrictMock();
    final Subject subject = EasyMock.createStrictMock(Subject.class);
    // grant EXECUTE and READ permissions on the src
    expect(srcCollection.getPermissionsNoLock()).andReturn(srcPermissions);
    expect(broker.getCurrentSubject()).andReturn(subject);
    expect(srcPermissions.validate(subject, Permission.EXECUTE | Permission.READ)).andReturn(true);
    // grant EXECUTE and WRITE permission on the dest
    expect(destCollection.getURI()).andReturn(dest);
    final Capture<XmldbURI> newDestURICapture = newCapture();
    expect(broker.getCollection(capture(newDestURICapture))).andReturn(newDestCollection);
    expect(destCollection.getPermissionsNoLock()).andReturn(destPermissions);
    expect(broker.getCurrentSubject()).andReturn(subject);
    expect(destPermissions.validate(subject, Permission.EXECUTE | Permission.WRITE)).andReturn(true);
    expect(newDestCollection.getPermissionsNoLock()).andReturn(newDestPermissions);
    expect(broker.getCurrentSubject()).andReturn(subject);
    expect(newDestPermissions.validate(subject, Permission.EXECUTE | Permission.WRITE)).andReturn(true);
    // one sub-document with READ permission
    expect(srcCollection.iteratorNoLock(broker)).andReturn(new ArrayIterator<>(srcSubDocument));
    expect(srcSubDocument.getPermissions()).andReturn(srcSubDocumentPermissions);
    expect(broker.getCurrentSubject()).andReturn(subject);
    expect(srcSubDocumentPermissions.validate(subject, Permission.READ)).andReturn(true);
    // no documents in the dest collection
    expect(newDestCollection.isEmpty(broker)).andReturn(true);
    // no sub-collections
    expect(srcCollection.collectionIteratorNoLock(broker)).andReturn(Collections.emptyIterator());
    // test below
    replay(newDestPermissions, newDestCollection, srcSubDocumentPermissions, srcSubDocument, destCollection, destPermissions, srcCollection, srcPermissions, subject, broker);
    // run the test
    broker.checkPermissionsForCopy(srcCollection, destCollection, newName);
    verify(newDestPermissions, newDestCollection, srcSubDocumentPermissions, srcSubDocument, destCollection, destPermissions, srcCollection, srcPermissions, subject, broker);
    assertEquals(dest.append(newName), newDestURICapture.getValue());
}
Also used : Permission(org.exist.security.Permission) Collection(org.exist.collections.Collection) DocumentImpl(org.exist.dom.persistent.DocumentImpl) XmldbURI(org.exist.xmldb.XmldbURI) Subject(org.exist.security.Subject) Test(org.junit.Test)

Example 49 with Permission

use of org.exist.security.Permission in project exist by eXist-db.

the class NativeBrokerTest method copyCollection_oneSubDoc_toExistingDest_cannotReadSubDoc.

/**
 * When copying a Collection (/db/test/source) where
 * we have execute+read access and
 * which has one descendant document (on which we DO NOT have read access)
 * in it,
 *
 * to the destination /db/test/dest (which already exists)
 * and we have execute+write access on /db/test and /db/test/dest
 * we should NOT be allowed to copy the content of the Collection.
 */
@Test(expected = PermissionDeniedException.class)
public void copyCollection_oneSubDoc_toExistingDest_cannotReadSubDoc() throws LockException, PermissionDeniedException {
    final XmldbURI src = XmldbURI.create("/db/test/source");
    final XmldbURI dest = XmldbURI.create("/db/test");
    final XmldbURI newName = XmldbURI.create("dest");
    final Collection srcCollection = EasyMock.createStrictMock(Collection.class);
    final Permission srcPermissions = EasyMock.createStrictMock(Permission.class);
    final DocumentImpl srcSubDocument = EasyMock.createStrictMock(DocumentImpl.class);
    final Permission srcSubDocumentPermissions = EasyMock.createStrictMock(Permission.class);
    final Collection destCollection = EasyMock.createStrictMock(Collection.class);
    final Permission destPermissions = EasyMock.createStrictMock(Permission.class);
    final Collection newDestCollection = EasyMock.createStrictMock(Collection.class);
    final Permission newDestPermissions = EasyMock.createStrictMock(Permission.class);
    final NativeBroker broker = EasyMock.createMockBuilder(NativeBroker.class).addMockedMethod("getCollection").addMockedMethod("getCurrentSubject").createStrictMock();
    final Subject subject = EasyMock.createStrictMock(Subject.class);
    // grant EXECUTE and READ permissions on the src
    expect(srcCollection.getPermissionsNoLock()).andReturn(srcPermissions);
    expect(broker.getCurrentSubject()).andReturn(subject);
    expect(srcPermissions.validate(subject, Permission.EXECUTE | Permission.READ)).andReturn(true);
    // grant EXECUTE and WRITE permission on the dest
    expect(destCollection.getURI()).andReturn(dest);
    final Capture<XmldbURI> newDestURICapture = newCapture();
    expect(broker.getCollection(capture(newDestURICapture))).andReturn(newDestCollection);
    expect(destCollection.getPermissionsNoLock()).andReturn(destPermissions);
    expect(broker.getCurrentSubject()).andReturn(subject);
    expect(destPermissions.validate(subject, Permission.EXECUTE | Permission.WRITE)).andReturn(true);
    expect(newDestCollection.getPermissionsNoLock()).andReturn(newDestPermissions);
    expect(broker.getCurrentSubject()).andReturn(subject);
    expect(newDestPermissions.validate(subject, Permission.EXECUTE | Permission.WRITE)).andReturn(true);
    // one sub-document with READ permission
    expect(srcCollection.iteratorNoLock(broker)).andReturn(new ArrayIterator<>(srcSubDocument));
    expect(srcSubDocument.getPermissions()).andReturn(srcSubDocumentPermissions);
    expect(broker.getCurrentSubject()).andReturn(subject);
    expect(srcSubDocumentPermissions.validate(subject, Permission.READ)).andReturn(false);
    // expectations for exception that should be thrown
    expect(srcCollection.getURI()).andReturn(src);
    expect(srcSubDocument.getURI()).andReturn(src.append(newName).append("someSubDocument.xml"));
    expect(broker.getCurrentSubject()).andReturn(subject);
    expect(subject.getName()).andReturn("Fake user");
    // no sub-collections
    expect(srcCollection.collectionIteratorNoLock(broker)).andReturn(Collections.emptyIterator());
    // test below
    replay(newDestPermissions, newDestCollection, srcSubDocumentPermissions, srcSubDocument, destCollection, destPermissions, srcCollection, srcPermissions, subject, broker);
    // run the test
    broker.checkPermissionsForCopy(srcCollection, destCollection, newName);
    verify(newDestPermissions, newDestCollection, srcSubDocumentPermissions, srcSubDocument, destCollection, destPermissions, srcCollection, srcPermissions, subject, broker);
    assertEquals(dest.append(newName), newDestURICapture.getValue());
}
Also used : Permission(org.exist.security.Permission) Collection(org.exist.collections.Collection) DocumentImpl(org.exist.dom.persistent.DocumentImpl) XmldbURI(org.exist.xmldb.XmldbURI) Subject(org.exist.security.Subject) Test(org.junit.Test)

Aggregations

Permission (org.exist.security.Permission)49 XmldbURI (org.exist.xmldb.XmldbURI)23 PermissionDeniedException (org.exist.security.PermissionDeniedException)19 ACLPermission (org.exist.security.ACLPermission)18 Collection (org.exist.collections.Collection)17 Test (org.junit.Test)14 IOException (java.io.IOException)11 Subject (org.exist.security.Subject)11 SAXException (org.xml.sax.SAXException)9 EXistException (org.exist.EXistException)7 DocumentImpl (org.exist.dom.persistent.DocumentImpl)7 ACEAider (org.exist.security.internal.aider.ACEAider)7 Txn (org.exist.storage.txn.Txn)6 XMLDBException (org.xmldb.api.base.XMLDBException)6 URISyntaxException (java.net.URISyntaxException)4 XMLStreamException (javax.xml.stream.XMLStreamException)4 Account (org.exist.security.Account)4 TerminatedException (org.exist.xquery.TerminatedException)4 XPathException (org.exist.xquery.XPathException)4 DateTimeValue (org.exist.xquery.value.DateTimeValue)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial