Search in sources :

Example 51 with PermissionDeniedException

use of org.exist.security.PermissionDeniedException in project exist by eXist-db.

the class RpcConnection method execute.

@Deprecated
@Override
public Map<String, Object> execute(final String pathToQuery, final Map<String, Object> parameters) throws EXistException, PermissionDeniedException {
    final long startTime = System.currentTimeMillis();
    final Optional<String> sortBy = Optional.ofNullable(parameters.get(RpcAPI.SORT_EXPR)).map(Object::toString);
    return this.<Map<String, Object>>readDocument(XmldbURI.createInternal(pathToQuery)).apply((document, broker, transaction) -> {
        final BinaryDocument xquery = (BinaryDocument) document;
        if (xquery.getResourceType() != DocumentImpl.BINARY_FILE) {
            throw new EXistException("Document " + pathToQuery + " is not a binary resource");
        }
        if (!xquery.getPermissions().validate(user, Permission.READ | Permission.EXECUTE)) {
            throw new PermissionDeniedException("Insufficient privileges to access resource");
        }
        final Source source = new DBSource(broker, xquery, true);
        try {
            final Map<String, Object> rpcResponse = this.<Map<String, Object>>compileQuery(broker, transaction, source, parameters).apply(compiledQuery -> queryResultToRpcResponse(startTime, doQuery(broker, compiledQuery, null, parameters), sortBy));
            return rpcResponse;
        } catch (final XPathException e) {
            throw new EXistException(e);
        }
    });
}
Also used : DBSource(org.exist.source.DBSource) PermissionDeniedException(org.exist.security.PermissionDeniedException) EXistException(org.exist.EXistException) StringSource(org.exist.source.StringSource) Source(org.exist.source.Source) DBSource(org.exist.source.DBSource) InputSource(org.xml.sax.InputSource)

Example 52 with PermissionDeniedException

use of org.exist.security.PermissionDeniedException in project exist by eXist-db.

the class RpcConnection method storeBinary.

private boolean storeBinary(final byte[] data, final XmldbURI docUri, final String mimeType, final int overwrite, final Date created, final Date modified) throws EXistException, PermissionDeniedException {
    return this.<Boolean>writeCollection(docUri.removeLastSegment()).apply((collection, broker, transaction) -> {
        // keep a write lock in the transaction
        transaction.acquireCollectionLock(() -> broker.getBrokerPool().getLockManager().acquireCollectionWriteLock(collection.getURI()));
        try (final ManagedDocumentLock lockedDocument = broker.getBrokerPool().getLockManager().acquireDocumentWriteLock(docUri)) {
            if (overwrite == 0) {
                // NOTE: we have the document write lock above
                final DocumentImpl old = collection.getDocument(broker, docUri.lastSegment());
                if (old != null) {
                    // NOTE: early release of Collection lock inline with Asymmetrical Locking scheme
                    collection.close();
                    throw new PermissionDeniedException("Old document exists and overwrite is not allowed");
                }
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Storing binary resource to collection {}", collection.getURI());
            }
            broker.storeDocument(transaction, docUri.lastSegment(), new StringInputSource(data), MimeTable.getInstance().getContentType(mimeType), created, modified, null, null, null, collection);
            // NOTE: early release of Collection lock inline with Asymmetrical Locking scheme
            collection.close();
            return true;
        }
    });
}
Also used : ManagedDocumentLock(org.exist.storage.lock.ManagedDocumentLock) PermissionDeniedException(org.exist.security.PermissionDeniedException)

Example 53 with PermissionDeniedException

use of org.exist.security.PermissionDeniedException in project exist by eXist-db.

the class RpcConnection method lockResource.

private boolean lockResource(final XmldbURI docURI, final String userName) throws EXistException, PermissionDeniedException {
    return this.<Boolean>writeDocument(docURI).apply((document, broker, transaction) -> {
        // TODO : register the lock within the transaction ?
        if (!document.getPermissions().validate(user, Permission.WRITE)) {
            throw new PermissionDeniedException("User is not allowed to lock resource " + docURI);
        }
        final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
        if (!(userName.equals(user.getName()) || manager.hasAdminPrivileges(user))) {
            throw new PermissionDeniedException("User " + user.getName() + " is not allowed " + "to lock the resource for user " + userName);
        }
        final Account lockOwner = document.getUserLock();
        if (lockOwner != null && (!lockOwner.equals(user)) && (!manager.hasAdminPrivileges(user))) {
            throw new PermissionDeniedException("Resource is already locked by user " + lockOwner.getName());
        }
        document.setUserLock(user);
        broker.storeXMLResource(transaction, document);
        return true;
    });
}
Also used : Account(org.exist.security.Account) SecurityManager(org.exist.security.SecurityManager) PermissionDeniedException(org.exist.security.PermissionDeniedException)

Example 54 with PermissionDeniedException

use of org.exist.security.PermissionDeniedException in project exist by eXist-db.

the class RpcConnection method removeAccount.

@Override
public boolean removeAccount(final String name) throws EXistException, PermissionDeniedException {
    final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
    if (!manager.hasAdminPrivileges(user)) {
        throw new PermissionDeniedException("you are not allowed to remove users");
    }
    withDb((broker, transaction) -> manager.deleteAccount(name));
    return true;
}
Also used : SecurityManager(org.exist.security.SecurityManager) PermissionDeniedException(org.exist.security.PermissionDeniedException)

Example 55 with PermissionDeniedException

use of org.exist.security.PermissionDeniedException in project exist by eXist-db.

the class RpcConnection method unlockResource.

private boolean unlockResource(final XmldbURI docURI) throws EXistException, PermissionDeniedException {
    return this.<Boolean>writeDocument(docURI).apply((document, broker, transaction) -> {
        if (!document.getPermissions().validate(user, Permission.WRITE)) {
            throw new PermissionDeniedException("User is not allowed to lock resource " + docURI);
        }
        final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
        final Account lockOwner = document.getUserLock();
        if (lockOwner != null && (!lockOwner.equals(user)) && (!manager.hasAdminPrivileges(user))) {
            throw new PermissionDeniedException("Resource is already locked by user " + lockOwner.getName());
        }
        document.setUserLock(null);
        broker.storeXMLResource(transaction, document);
        return true;
    });
}
Also used : Account(org.exist.security.Account) SecurityManager(org.exist.security.SecurityManager) PermissionDeniedException(org.exist.security.PermissionDeniedException)

Aggregations

PermissionDeniedException (org.exist.security.PermissionDeniedException)182 EXistException (org.exist.EXistException)82 XmldbURI (org.exist.xmldb.XmldbURI)70 IOException (java.io.IOException)58 DocumentImpl (org.exist.dom.persistent.DocumentImpl)48 Collection (org.exist.collections.Collection)44 DBBroker (org.exist.storage.DBBroker)41 Txn (org.exist.storage.txn.Txn)38 LockException (org.exist.util.LockException)35 SAXException (org.xml.sax.SAXException)35 LockedDocument (org.exist.dom.persistent.LockedDocument)31 XPathException (org.exist.xquery.XPathException)31 Permission (org.exist.security.Permission)23 URISyntaxException (java.net.URISyntaxException)22 TriggerException (org.exist.collections.triggers.TriggerException)22 Source (org.exist.source.Source)20 Path (java.nio.file.Path)19 Account (org.exist.security.Account)18 InputSource (org.xml.sax.InputSource)18 Sequence (org.exist.xquery.value.Sequence)17