Examples with Permission org.exist.security.Permission used on opensource projects

Example 16 with Permission

use of org.exist.security.Permission in project exist by eXist-db.

the class ResourceFunctionExecutorImpl method getEffectiveSubject.

/**
 * If the compiled xquery is setUid and/or setGid
 * we return the EffectiveSubject that should be used
 * for execution
 *
 * @param xquery The XQuery to determine the effective subject for
 * @return Maybe an effective subject or empty if there is no setUid or setGid bits
 */
private Optional<EffectiveSubject> getEffectiveSubject(final CompiledXQuery xquery) {
    final Optional<EffectiveSubject> effectiveSubject;
    final Source src = xquery.getContext().getSource();
    if (src instanceof DBSource) {
        final DBSource dbSrc = (DBSource) src;
        final Permission perm = dbSrc.getPermissions();
        if (perm.isSetUid()) {
            if (perm.isSetGid()) {
                // setUid and SetGid
                effectiveSubject = Optional.of(new EffectiveSubject(perm.getOwner(), perm.getGroup()));
            } else {
                // just setUid
                effectiveSubject = Optional.of(new EffectiveSubject(perm.getOwner()));
            }
        } else if (perm.isSetGid()) {
            // just setGid, so we use the current user as the effective user
            effectiveSubject = Optional.of(new EffectiveSubject(xquery.getContext().getBroker().getCurrentSubject(), perm.getGroup()));
        } else {
            effectiveSubject = Optional.empty();
        }
    } else {
        effectiveSubject = Optional.empty();
    }
    return effectiveSubject;
}

Example 17 with Permission

use of org.exist.security.Permission in project exist by eXist-db.

the class RemoteCollection method getResource.

@Override
public Resource getResource(final String name) throws XMLDBException {
    final List<String> params = new ArrayList<>(1);
    XmldbURI docUri;
    try {
        docUri = XmldbURI.xmldbUriFor(name);
    } catch (final URISyntaxException e) {
        throw new XMLDBException(ErrorCodes.INVALID_URI, e);
    }
    params.add(getPathURI().append(docUri).toString());
    final Map hash;
    hash = (Map) execute("describeResource", params);
    final String docName = (String) hash.get("name");
    if (docName == null) {
        // resource does not exist!
        return null;
    }
    try {
        docUri = XmldbURI.xmldbUriFor(docName).lastSegment();
    } catch (final URISyntaxException e) {
        throw new XMLDBException(ErrorCodes.INVALID_URI, e);
    }
    final String owner = (String) hash.get("owner");
    final String group = (String) hash.get("group");
    final int mode = (Integer) hash.get("permissions");
    final Stream<ACEAider> aces = extractAces(hash.get("acl"));
    final Permission perm;
    try {
        perm = getPermission(owner, group, mode, aces);
    } catch (final PermissionDeniedException pde) {
        throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, "Unable to retrieve permissions for resource '" + name + "': " + pde.getMessage(), pde);
    }
    final String type = (String) hash.get("type");
    long contentLen = 0;
    if (hash.containsKey("content-length-64bit")) {
        final Object o = hash.get("content-length-64bit");
        if (o instanceof Long) {
            contentLen = (Long) o;
        } else {
            contentLen = Long.parseLong((String) o);
        }
    } else if (hash.containsKey("content-length")) {
        contentLen = (Integer) hash.get("content-length");
    }
    final AbstractRemoteResource r;
    if (type == null || "XMLResource".equals(type)) {
        r = new RemoteXMLResource(this, -1, -1, docUri, Optional.empty());
    } else {
        r = new RemoteBinaryResource(this, docUri);
        if (hash.containsKey("blob-id")) {
            final byte[] blobId = (byte[]) hash.get("blob-id");
            ((RemoteBinaryResource) r).setBlobId(new BlobId(blobId));
        }
        if (hash.containsKey("digest-algorithm") && hash.containsKey("digest")) {
            final String digestAlgorithm = (String) hash.get("digest-algorithm");
            final byte[] digest = (byte[]) hash.get("digest");
            final MessageDigest messageDigest = new MessageDigest(DigestType.forCommonName(digestAlgorithm), digest);
            ((RemoteBinaryResource) r).setContentDigest(messageDigest);
        }
    }
    r.setPermissions(perm);
    r.setContentLength(contentLen);
    r.dateCreated = (Date) hash.get("created");
    r.dateModified = (Date) hash.get("modified");
    if (hash.containsKey("mime-type")) {
        r.setMimeType((String) hash.get("mime-type"));
    }
    return r;
}

Example 18 with Permission

use of org.exist.security.Permission in project exist by eXist-db.

the class CollectionRemovalTest method initDB.

@Before
public void initDB() throws EXistException, PermissionDeniedException, IOException, SAXException, LockException {
    final BrokerPool pool = existEmbeddedServer.getBrokerPool();
    final TransactionManager transact = pool.getTransactionManager();
    try (final DBBroker broker = pool.get(Optional.of(pool.getSecurityManager().getSystemSubject()));
        final Txn transaction = transact.beginTransaction()) {
        final int worldReadable = 0744;
        final int worldForbidden = 0700;
        /*
             * Creates 3 collections: /db/test, /db/test/test2, /db/test/test2/test3 and /db/test/test2/test4,
             * and stores one document into each.
             * Collection /db/test/test2/test3 is only readable by the owner (i.e. admin user).
             */
        final List<Tuple2<XmldbURI, Integer>> collectionUriAndModes = Arrays.asList(Tuple(TestConstants.TEST_COLLECTION_URI2, worldReadable), Tuple(TestConstants.TEST_COLLECTION_URI3, worldForbidden), Tuple(TestConstants.TEST_COLLECTION_URI2.append("test4"), worldReadable));
        // creat collections
        for (final Tuple2<XmldbURI, Integer> collectionUriAndMode : collectionUriAndModes) {
            final XmldbURI collectionUri = collectionUriAndMode._1;
            final int mode = collectionUriAndMode._2;
            // create collection
            final Collection collection = broker.getOrCreateCollection(transaction, collectionUri);
            assertNotNull(collection);
            final Permission perms = collection.getPermissions();
            perms.setMode(mode);
            broker.saveCollection(transaction, collection);
            // store document
            broker.storeDocument(transaction, XmldbURI.create("document.xml"), new StringInputSource(DATA), MimeType.XML_TYPE, collection);
        }
        transact.commit(transaction);
    }
}

Example 19 with Permission

use of org.exist.security.Permission in project exist by eXist-db.

the class RpcConnection method listDocumentPermissions.

private Map<String, List> listDocumentPermissions(final XmldbURI collUri) throws EXistException, PermissionDeniedException {
    return this.<Map<String, List>>readCollection(collUri).apply((collection, broker, transaction) -> {
        final Map<String, List> result = new HashMap<>(collection.getDocumentCount(broker));
        for (final Iterator<DocumentImpl> i = collection.iterator(broker); i.hasNext(); ) {
            final DocumentImpl doc = i.next();
            try (final ManagedDocumentLock documentLock = broker.getBrokerPool().getLockManager().acquireDocumentReadLock(doc.getURI())) {
                final Permission perm = doc.getPermissions();
                result.put(doc.getFileURI().toString(), toList(perm));
            }
        }
        return result;
    });
}

Example 20 with Permission

use of org.exist.security.Permission in project exist by eXist-db.

the class RpcConnection method describeCollection.

/**
 * The method <code>describeCollection</code>
 *
 * Returns details of a collection - collections (list of sub-collections) -
 * name - created - owner - group - permissions - acl
 *
 * If you do not have read access on the collection, the list of
 * sub-collections will be empty, an exception will not be thrown!
 *
 * @param collUri a <code>XmldbURI</code> value
 * @return a <code>Map</code> value
 * @throws EXistException if an internal error occurs
 * @throws PermissionDeniedException If the current user is not allowed to perform this action
 */
private Map<String, Object> describeCollection(final XmldbURI collUri) throws EXistException, PermissionDeniedException {
    return this.<Map<String, Object>>readCollection(collUri).apply((collection, broker, transaction) -> {
        final Map<String, Object> desc = new HashMap<>();
        final List<String> collections = new ArrayList<>();
        if (collection.getPermissionsNoLock().validate(user, Permission.READ)) {
            for (final Iterator<XmldbURI> i = collection.collectionIterator(broker); i.hasNext(); ) {
                collections.add(i.next().toString());
            }
        }
        final Permission perms = collection.getPermissionsNoLock();
        desc.put("collections", collections);
        desc.put("name", collection.getURI().toString());
        desc.put("created", Long.toString(collection.getCreated()));
        desc.put("owner", perms.getOwner().getName());
        desc.put("group", perms.getGroup().getName());
        desc.put("permissions", perms.getMode());
        if (perms instanceof ACLPermission) {
            desc.put("acl", getACEs(perms));
        }
        return desc;
    });
}