Example 21 with Permission
use of org.exist.security.Permission in project exist by eXist-db.
the class RemoteUserManagementService method listResourcePermissions.
@Override
public Permission[] listResourcePermissions() throws XMLDBException {
try {
final List<Object> params = new ArrayList<>();
params.add(collection.getPath());
final Map result = (Map) collection.execute("listDocumentPermissions", params);
final Permission[] perm = new Permission[result.size()];
final String[] resources = collection.listResources();
Object[] t;
for (int i = 0; i < resources.length; i++) {
t = (Object[]) result.get(resources[i]);
final String owner = (String) t[0];
final String group = (String) t[1];
final int mode = (Integer) t[2];
final Stream<ACEAider> aces = extractAces(t[3]);
perm[i] = getPermission(owner, group, mode, aces);
}
return perm;
} catch (final PermissionDeniedException pde) {
throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, pde.getMessage(), pde);
}
}
Also used :
XMLDBException(org.xmldb.api.base.XMLDBException)
ACEAider(org.exist.security.internal.aider.ACEAider)
ACLPermission(org.exist.security.ACLPermission)
Permission(org.exist.security.Permission)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
Example 22 with Permission
use of org.exist.security.Permission in project exist by eXist-db.
the class NativeBrokerTest method copyCollection_noDescendants_toNonExistingDest_cannotWriteDest.
/**
* When copying a Collection (/db/test/source) where
* we have execute+read access and
* which has no descendant documents or collections in it,
*
* to the destination /db/test/dest (which does not already exist)
* and we DO NOT have execute+write access on /db/test
* we should NOT be allowed to copy the Collection.
*/
@Test(expected = PermissionDeniedException.class)
public void copyCollection_noDescendants_toNonExistingDest_cannotWriteDest() throws LockException, PermissionDeniedException {
final XmldbURI src = XmldbURI.create("/db/test/source");
final XmldbURI dest = XmldbURI.create("/db/test");
final XmldbURI newName = XmldbURI.create("dest");
final Collection srcCollection = EasyMock.createStrictMock(Collection.class);
final Permission srcPermissions = EasyMock.createStrictMock(Permission.class);
final Collection destCollection = EasyMock.createStrictMock(Collection.class);
final Permission destPermissions = EasyMock.createStrictMock(Permission.class);
// EasyMock.createMock(Collection.class);
final Collection newDestCollection = null;
final NativeBroker broker = EasyMock.createMockBuilder(NativeBroker.class).addMockedMethod("getCollection").addMockedMethod("getCurrentSubject").createStrictMock();
final Subject subject = EasyMock.createStrictMock(Subject.class);
// grant EXECUTE and READ permissions on the src
expect(srcCollection.getPermissionsNoLock()).andReturn(srcPermissions);
expect(broker.getCurrentSubject()).andReturn(subject);
expect(srcPermissions.validate(subject, Permission.EXECUTE | Permission.READ)).andReturn(true);
// grant EXECUTE and WRITE permission on the dest
expect(destCollection.getURI()).andReturn(dest);
final Capture<XmldbURI> newDestURICapture = newCapture();
expect(broker.getCollection(capture(newDestURICapture))).andReturn(newDestCollection);
expect(destCollection.getPermissionsNoLock()).andReturn(destPermissions);
expect(broker.getCurrentSubject()).andReturn(subject);
expect(destPermissions.validate(subject, Permission.EXECUTE | Permission.WRITE)).andReturn(false);
// expectations for exception that should be thrown
expect(srcCollection.getURI()).andReturn(src);
expect(destCollection.getURI()).andReturn(dest);
expect(broker.getCurrentSubject()).andReturn(subject);
expect(subject.getName()).andReturn("Fake user");
// test below
replay(subject, destCollection, destPermissions, srcCollection, srcPermissions, broker);
// run the test
broker.checkPermissionsForCopy(srcCollection, destCollection, newName);
// not actually called, but here for showing intention
verify(subject, destCollection, destPermissions, srcCollection, srcPermissions, broker);
}
Also used :
Permission(org.exist.security.Permission)
Collection(org.exist.collections.Collection)
XmldbURI(org.exist.xmldb.XmldbURI)
Subject(org.exist.security.Subject)
Test(org.junit.Test)
Example 23 with Permission
use of org.exist.security.Permission in project exist by eXist-db.
the class NativeBrokerTest method copyCollection_noDescendants_toNonExistingDest_canWriteDest.
/**
* When copying a Collection (/db/test/source) where
* we have execute+read access and
* which has no descendant documents or collections in it
* to the destination /db/test/dest (which does not already exist)
* and we have execute+write access on /db/test
* we should be allowed to copy the Collection.
*/
@Test
public void copyCollection_noDescendants_toNonExistingDest_canWriteDest() throws LockException, PermissionDeniedException {
final XmldbURI src = XmldbURI.create("/db/test/source");
final XmldbURI dest = XmldbURI.create("/db/test");
final XmldbURI newName = XmldbURI.create("dest");
final Collection srcCollection = EasyMock.createStrictMock(Collection.class);
final Permission srcPermissions = EasyMock.createStrictMock(Permission.class);
final Collection destCollection = EasyMock.createStrictMock(Collection.class);
final Permission destPermissions = EasyMock.createStrictMock(Permission.class);
final Collection newDestCollection = null;
final NativeBroker broker = EasyMock.createMockBuilder(NativeBroker.class).addMockedMethod("getCollection").addMockedMethod("getCurrentSubject").createStrictMock();
final Subject subject = EasyMock.createStrictMock(Subject.class);
// grant EXECUTE and READ permissions on the src
expect(srcCollection.getPermissionsNoLock()).andReturn(srcPermissions);
expect(broker.getCurrentSubject()).andReturn(subject);
expect(srcPermissions.validate(subject, Permission.EXECUTE | Permission.READ)).andReturn(true);
// grant EXECUTE and WRITE permission on the dest
expect(destCollection.getURI()).andReturn(dest);
final Capture<XmldbURI> newDestURICapture = newCapture();
expect(broker.getCollection(capture(newDestURICapture))).andReturn(newDestCollection);
expect(destCollection.getPermissionsNoLock()).andReturn(destPermissions);
expect(broker.getCurrentSubject()).andReturn(subject);
expect(destPermissions.validate(subject, Permission.EXECUTE | Permission.WRITE)).andReturn(true);
// no sub-documents
expect(srcCollection.iteratorNoLock(broker)).andReturn(Collections.emptyIterator());
// no sub-collections
expect(srcCollection.collectionIteratorNoLock(broker)).andReturn(Collections.emptyIterator());
// test below
replay(destCollection, destPermissions, srcCollection, srcPermissions, subject, broker);
// run the test
broker.checkPermissionsForCopy(srcCollection, destCollection, newName);
verify(destCollection, destPermissions, srcCollection, srcPermissions, subject, broker);
assertEquals(dest.append(newName), newDestURICapture.getValue());
}
Also used :
Permission(org.exist.security.Permission)
Collection(org.exist.collections.Collection)
XmldbURI(org.exist.xmldb.XmldbURI)
Subject(org.exist.security.Subject)
Test(org.junit.Test)
Example 24 with Permission
use of org.exist.security.Permission in project exist by eXist-db.
the class NativeBrokerTest method copyCollection_oneSubDoc_toNonExistingDest_canWriteDest.
/**
* When copying a Collection (/db/test/source) where
* we have execute+read access and
* which has one descendant document (on which we have read access)
* in it,
*
* to the destination /db/test/dest (which does not already exist)
* and we have execute+write access on /db/test
* we should be allowed to copy the Collection.
*/
@Test
public void copyCollection_oneSubDoc_toNonExistingDest_canWriteDest() throws LockException, PermissionDeniedException {
final XmldbURI src = XmldbURI.create("/db/test/source");
final XmldbURI dest = XmldbURI.create("/db/test");
final XmldbURI newName = XmldbURI.create("dest");
final Collection srcCollection = EasyMock.createStrictMock(Collection.class);
final Permission srcPermissions = EasyMock.createStrictMock(Permission.class);
final DocumentImpl srcSubDocument = EasyMock.createStrictMock(DocumentImpl.class);
final Permission srcSubDocumentPermissions = EasyMock.createStrictMock(Permission.class);
final Collection destCollection = EasyMock.createStrictMock(Collection.class);
final Permission destPermissions = EasyMock.createStrictMock(Permission.class);
final Collection newDestCollection = null;
final NativeBroker broker = EasyMock.createMockBuilder(NativeBroker.class).addMockedMethod("getCollection").addMockedMethod("getCurrentSubject").createStrictMock();
final Subject subject = EasyMock.createStrictMock(Subject.class);
// grant EXECUTE and READ permissions on the src
expect(srcCollection.getPermissionsNoLock()).andReturn(srcPermissions);
expect(broker.getCurrentSubject()).andReturn(subject);
expect(srcPermissions.validate(subject, Permission.EXECUTE | Permission.READ)).andReturn(true);
// grant EXECUTE and WRITE permission on the dest
expect(destCollection.getURI()).andReturn(dest);
final Capture<XmldbURI> newDestURICapture = newCapture();
expect(broker.getCollection(capture(newDestURICapture))).andReturn(newDestCollection);
expect(destCollection.getPermissionsNoLock()).andReturn(destPermissions);
expect(broker.getCurrentSubject()).andReturn(subject);
expect(destPermissions.validate(subject, Permission.EXECUTE | Permission.WRITE)).andReturn(true);
// one sub-document with READ permission
expect(srcCollection.iteratorNoLock(broker)).andReturn(new ArrayIterator<>(srcSubDocument));
expect(srcSubDocument.getPermissions()).andReturn(srcSubDocumentPermissions);
expect(broker.getCurrentSubject()).andReturn(subject);
expect(srcSubDocumentPermissions.validate(subject, Permission.READ)).andReturn(true);
// no sub-collections
expect(srcCollection.collectionIteratorNoLock(broker)).andReturn(Collections.emptyIterator());
// test below
replay(srcSubDocumentPermissions, srcSubDocument, destCollection, destPermissions, srcCollection, srcPermissions, subject, broker);
// run the test
broker.checkPermissionsForCopy(srcCollection, destCollection, newName);
verify(srcSubDocumentPermissions, srcSubDocument, destCollection, destPermissions, srcCollection, srcPermissions, subject, broker);
assertEquals(dest.append(newName), newDestURICapture.getValue());
}
Also used :
Permission(org.exist.security.Permission)
Collection(org.exist.collections.Collection)
DocumentImpl(org.exist.dom.persistent.DocumentImpl)
XmldbURI(org.exist.xmldb.XmldbURI)
Subject(org.exist.security.Subject)
Test(org.junit.Test)
Example 25 with Permission
use of org.exist.security.Permission in project exist by eXist-db.
the class RemoteDatabaseImplTest method testGetCollection.
@Test
public void testGetCollection() throws ClassNotFoundException, IllegalAccessException, InstantiationException, XMLDBException, SyntaxException, PermissionDeniedException {
Class<?> cl = Class.forName(DB_DRIVER);
Database database = (Database) cl.newInstance();
DatabaseManager.registerDatabase(database);
Collection rootCollection = DatabaseManager.getCollection(getUri() + XmldbURI.ROOT_COLLECTION, "admin", "");
CollectionManagementService cms = (CollectionManagementService) rootCollection.getService("CollectionManagementService", "1.0");
Collection adminCollection = cms.createCollection(ADMIN_COLLECTION_NAME);
UserManagementService ums = (UserManagementService) rootCollection.getService("UserManagementService", "1.0");
if (ums != null) {
Permission p = ums.getPermissions(adminCollection);
p.setMode(Permission.USER_STRING + "=+read,+write," + Permission.GROUP_STRING + "=-read,-write," + Permission.OTHER_STRING + "=-read,-write");
ums.setPermissions(adminCollection, p);
Collection guestCollection = DatabaseManager.getCollection(getUri() + XmldbURI.ROOT_COLLECTION + "/" + ADMIN_COLLECTION_NAME, "guest", "guest");
Resource resource = guestCollection.createResource("testguest", "BinaryResource");
resource.setContent("123".getBytes());
try {
guestCollection.storeResource(resource);
fail();
} catch (XMLDBException e) {
}
cms.removeCollection(ADMIN_COLLECTION_NAME);
}
}
Also used :
CollectionManagementService(org.xmldb.api.modules.CollectionManagementService)
Database(org.xmldb.api.base.Database)
Permission(org.exist.security.Permission)
Resource(org.xmldb.api.base.Resource)
Collection(org.xmldb.api.base.Collection)
XMLDBException(org.xmldb.api.base.XMLDBException)
Test(org.junit.Test)
Aggregations
Permission (org.exist.security.Permission)49
XmldbURI (org.exist.xmldb.XmldbURI)23
PermissionDeniedException (org.exist.security.PermissionDeniedException)19
ACLPermission (org.exist.security.ACLPermission)18
Collection (org.exist.collections.Collection)17
Test (org.junit.Test)14
IOException (java.io.IOException)11
Subject (org.exist.security.Subject)11
SAXException (org.xml.sax.SAXException)9
EXistException (org.exist.EXistException)7
DocumentImpl (org.exist.dom.persistent.DocumentImpl)7
ACEAider (org.exist.security.internal.aider.ACEAider)7
Txn (org.exist.storage.txn.Txn)6
XMLDBException (org.xmldb.api.base.XMLDBException)6
URISyntaxException (java.net.URISyntaxException)4
XMLStreamException (javax.xml.stream.XMLStreamException)4
Account (org.exist.security.Account)4
TerminatedException (org.exist.xquery.TerminatedException)4
XPathException (org.exist.xquery.XPathException)4
DateTimeValue (org.exist.xquery.value.DateTimeValue)4
