use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class RpcConnection method execute.
@Deprecated
@Override
public Map<String, Object> execute(final String pathToQuery, final Map<String, Object> parameters) throws EXistException, PermissionDeniedException {
final long startTime = System.currentTimeMillis();
final Optional<String> sortBy = Optional.ofNullable(parameters.get(RpcAPI.SORT_EXPR)).map(Object::toString);
return this.<Map<String, Object>>readDocument(XmldbURI.createInternal(pathToQuery)).apply((document, broker, transaction) -> {
final BinaryDocument xquery = (BinaryDocument) document;
if (xquery.getResourceType() != DocumentImpl.BINARY_FILE) {
throw new EXistException("Document " + pathToQuery + " is not a binary resource");
}
if (!xquery.getPermissions().validate(user, Permission.READ | Permission.EXECUTE)) {
throw new PermissionDeniedException("Insufficient privileges to access resource");
}
final Source source = new DBSource(broker, xquery, true);
try {
final Map<String, Object> rpcResponse = this.<Map<String, Object>>compileQuery(broker, transaction, source, parameters).apply(compiledQuery -> queryResultToRpcResponse(startTime, doQuery(broker, compiledQuery, null, parameters), sortBy));
return rpcResponse;
} catch (final XPathException e) {
throw new EXistException(e);
}
});
}
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class RpcConnection method storeBinary.
private boolean storeBinary(final byte[] data, final XmldbURI docUri, final String mimeType, final int overwrite, final Date created, final Date modified) throws EXistException, PermissionDeniedException {
return this.<Boolean>writeCollection(docUri.removeLastSegment()).apply((collection, broker, transaction) -> {
// keep a write lock in the transaction
transaction.acquireCollectionLock(() -> broker.getBrokerPool().getLockManager().acquireCollectionWriteLock(collection.getURI()));
try (final ManagedDocumentLock lockedDocument = broker.getBrokerPool().getLockManager().acquireDocumentWriteLock(docUri)) {
if (overwrite == 0) {
// NOTE: we have the document write lock above
final DocumentImpl old = collection.getDocument(broker, docUri.lastSegment());
if (old != null) {
// NOTE: early release of Collection lock inline with Asymmetrical Locking scheme
collection.close();
throw new PermissionDeniedException("Old document exists and overwrite is not allowed");
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("Storing binary resource to collection {}", collection.getURI());
}
broker.storeDocument(transaction, docUri.lastSegment(), new StringInputSource(data), MimeTable.getInstance().getContentType(mimeType), created, modified, null, null, null, collection);
// NOTE: early release of Collection lock inline with Asymmetrical Locking scheme
collection.close();
return true;
}
});
}
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class RpcConnection method lockResource.
private boolean lockResource(final XmldbURI docURI, final String userName) throws EXistException, PermissionDeniedException {
return this.<Boolean>writeDocument(docURI).apply((document, broker, transaction) -> {
// TODO : register the lock within the transaction ?
if (!document.getPermissions().validate(user, Permission.WRITE)) {
throw new PermissionDeniedException("User is not allowed to lock resource " + docURI);
}
final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
if (!(userName.equals(user.getName()) || manager.hasAdminPrivileges(user))) {
throw new PermissionDeniedException("User " + user.getName() + " is not allowed " + "to lock the resource for user " + userName);
}
final Account lockOwner = document.getUserLock();
if (lockOwner != null && (!lockOwner.equals(user)) && (!manager.hasAdminPrivileges(user))) {
throw new PermissionDeniedException("Resource is already locked by user " + lockOwner.getName());
}
document.setUserLock(user);
broker.storeXMLResource(transaction, document);
return true;
});
}
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class RpcConnection method removeAccount.
@Override
public boolean removeAccount(final String name) throws EXistException, PermissionDeniedException {
final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
if (!manager.hasAdminPrivileges(user)) {
throw new PermissionDeniedException("you are not allowed to remove users");
}
withDb((broker, transaction) -> manager.deleteAccount(name));
return true;
}
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class RpcConnection method unlockResource.
private boolean unlockResource(final XmldbURI docURI) throws EXistException, PermissionDeniedException {
return this.<Boolean>writeDocument(docURI).apply((document, broker, transaction) -> {
if (!document.getPermissions().validate(user, Permission.WRITE)) {
throw new PermissionDeniedException("User is not allowed to lock resource " + docURI);
}
final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
final Account lockOwner = document.getUserLock();
if (lockOwner != null && (!lockOwner.equals(user)) && (!manager.hasAdminPrivileges(user))) {
throw new PermissionDeniedException("Resource is already locked by user " + lockOwner.getName());
}
document.setUserLock(null);
broker.storeXMLResource(transaction, document);
return true;
});
}
Aggregations