use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class RpcConnection method parseLocal.
private boolean parseLocal(final String localFile, final XmldbURI docUri, final int overwrite, final String mimeType, final Boolean isXML, final Date created, final Date modified) throws EXistException, PermissionDeniedException {
return this.<Boolean>writeCollection(docUri.removeLastSegment()).apply((collection, broker, transaction) -> {
try (final ManagedDocumentLock lockedDocument = broker.getBrokerPool().getLockManager().acquireDocumentWriteLock(docUri)) {
if (overwrite == 0) {
// NOTE: we have the document write lock above
final DocumentImpl old = collection.getDocument(broker, docUri.lastSegment());
if (old != null) {
// NOTE: early release of Collection lock inline with Asymmetrical Locking scheme
collection.close();
throw new PermissionDeniedException("Old document exists and overwrite is not allowed");
}
}
// get the source for parsing
SupplierE<FileInputSource, IOException> sourceSupplier;
try {
final int handle = Integer.parseInt(localFile);
final SerializedResult sr = factory.resultSets.getSerializedResult(handle);
if (sr == null) {
// NOTE: early release of Collection lock inline with Asymmetrical Locking scheme
collection.close();
throw new EXistException("Invalid handle specified");
}
sourceSupplier = () -> {
final FileInputSource source = new FileInputSource(sr.result);
// de-reference the temp file in the SerializeResult, so it is not re-claimed before we need it
sr.result = null;
factory.resultSets.remove(handle);
return source;
};
} catch (final NumberFormatException nfe) {
// As this file can be a non-temporal one, we should not
// blindly erase it!
final Path path = Paths.get(localFile);
if (!Files.isReadable(path)) {
// NOTE: early release of Collection lock inline with Asymmetrical Locking scheme
collection.close();
throw new EXistException("unable to read file " + path.toAbsolutePath().toString());
}
sourceSupplier = () -> new FileInputSource(path);
}
// parse the source
try (final FileInputSource source = sourceSupplier.get()) {
final MimeType mime = Optional.ofNullable(MimeTable.getInstance().getContentType(mimeType)).orElse(MimeType.BINARY_TYPE);
broker.storeDocument(transaction, docUri.lastSegment(), source, mime, created, modified, null, null, null, collection);
// NOTE: early release of Collection lock inline with Asymmetrical Locking scheme
collection.close();
return true;
}
}
});
}
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class RpcConnection method setDocType.
private boolean setDocType(final XmldbURI docUri, final String doctypename, final String publicid, final String systemid) throws EXistException, PermissionDeniedException {
return this.<Boolean>writeDocument(docUri).apply((document, broker, transaction) -> {
// TODO : register the lock within the transaction ?
if (!document.getPermissions().validate(user, Permission.WRITE)) {
throw new PermissionDeniedException("User is not allowed to lock resource " + docUri);
}
DocumentType result = null;
if (doctypename != null && !doctypename.isEmpty()) {
result = new DocumentTypeImpl(doctypename, publicid != null && publicid.isEmpty() ? null : publicid, systemid != null && systemid.isEmpty() ? null : systemid);
}
document.setDocumentType(result);
broker.storeXMLResource(transaction, document);
return true;
});
}
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class TemplatesFactory method stylesheet.
public static <E extends Exception> Stylesheet stylesheet(DBBroker broker, NodeValue node, String baseUri) throws E, TransformerConfigurationException {
SAXTransformerFactory factory = TransformerFactoryAllocator.getTransformerFactory(broker.getBrokerPool());
String base = baseUri;
Document doc = node.getOwnerDocument();
if (doc != null) {
String uri = doc.getDocumentURI();
/*
* This must be checked because in the event the stylesheet is
* an in-memory document, it will cause an NPE
*/
if (uri != null) {
base = uri.substring(0, uri.lastIndexOf('/'));
}
}
// setup any URI resolvers
final URIResolver uriResolver = getXsltURIResolver(broker.getBrokerPool(), factory.getURIResolver(), base, true);
factory.setURIResolver(uriResolver);
return new Stylesheet() {
@Override
public <E extends Exception> Templates templates(DBBroker broker, XSLTErrorsListener<E> errorListener) throws E, TransformerConfigurationException, IOException, PermissionDeniedException, SAXException {
final TemplatesHandler handler = factory.newTemplatesHandler();
handler.startDocument();
node.toSAX(broker, handler, null);
handler.endDocument();
final Templates t = handler.getTemplates();
// check for errors
errorListener.checkForErrors();
return t;
}
@Override
public <E extends Exception> TransformerHandler newTransformerHandler(DBBroker broker, XSLTErrorsListener<E> errorListener) throws E, PermissionDeniedException, SAXException, TransformerConfigurationException, IOException {
TransformerHandler handler = factory.newTransformerHandler(templates(broker, errorListener));
handler.getTransformer().setErrorListener(errorListener);
return handler;
}
};
}
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class Replace method process.
@Override
public long process(Txn transaction) throws PermissionDeniedException, LockException, EXistException, XPathException, TriggerException {
final NodeList children = content;
if (children.getLength() == 0) {
return 0;
}
if (children.getLength() > 1) {
throw new EXistException("xupdate:replace requires exactly one content node");
}
LOG.debug("processing replace ...");
int modifications = children.getLength();
try {
final StoredNode[] ql = selectAndLock(transaction);
final NotificationService notifier = broker.getBrokerPool().getNotificationService();
Node temp;
TextImpl text;
AttrImpl attribute;
ElementImpl parent;
for (final StoredNode node : ql) {
if (node == null) {
LOG.warn("select {} returned empty node set", selectStmt);
continue;
}
final DocumentImpl doc = node.getOwnerDocument();
if (!doc.getPermissions().validate(broker.getCurrentSubject(), Permission.WRITE)) {
throw new PermissionDeniedException("User '" + broker.getCurrentSubject().getName() + "' does not have permission to write to the document '" + doc.getDocumentURI() + "'!");
}
parent = (ElementImpl) node.getParentStoredNode();
if (parent == null) {
throw new EXistException("The root element of a document can not be replaced with 'xu:replace'. " + "Please consider removing the document or use 'xu:update' to just replace the children of the root.");
}
switch(node.getNodeType()) {
case Node.ELEMENT_NODE:
if (modifications == 0) {
modifications = 1;
}
temp = children.item(0);
parent.replaceChild(transaction, temp, node);
break;
case Node.TEXT_NODE:
temp = children.item(0);
text = new TextImpl(temp.getNodeValue());
modifications = 1;
text.setOwnerDocument(doc);
parent.updateChild(transaction, node, text);
break;
case Node.ATTRIBUTE_NODE:
final AttrImpl attr = (AttrImpl) node;
temp = children.item(0);
attribute = new AttrImpl(attr.getQName(), temp.getNodeValue(), broker.getBrokerPool().getSymbols());
attribute.setOwnerDocument(doc);
parent.updateChild(transaction, node, attribute);
break;
default:
throw new EXistException("unsupported node-type");
}
doc.setLastModified(System.currentTimeMillis());
modifiedDocuments.add(doc);
broker.storeXMLResource(transaction, doc);
notifier.notifyUpdate(doc, UpdateListener.UPDATE);
}
checkFragmentation(transaction, modifiedDocuments);
} finally {
unlockDocuments(transaction);
}
return modifications;
}
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class Rename method process.
@Override
public long process(Txn transaction) throws PermissionDeniedException, LockException, EXistException, XPathException, TriggerException {
final NodeList children = content;
if (children.getLength() == 0) {
return 0;
}
int modificationCount = 0;
try {
final StoredNode[] ql = selectAndLock(transaction);
final NotificationService notifier = broker.getBrokerPool().getNotificationService();
final String newName = children.item(0).getTextContent();
for (final StoredNode node : ql) {
final DocumentImpl doc = node.getOwnerDocument();
if (!doc.getPermissions().validate(broker.getCurrentSubject(), Permission.WRITE)) {
throw new PermissionDeniedException("User '" + broker.getCurrentSubject().getName() + "' does not have permission to write to the document '" + doc.getDocumentURI() + "'!");
}
final NodeImpl parent = (NodeImpl) getParent(node);
// update the document
final NamedNode newNode;
switch(node.getNodeType()) {
case Node.ELEMENT_NODE:
newNode = new ElementImpl((ElementImpl) node);
break;
case Node.ATTRIBUTE_NODE:
newNode = new AttrImpl((AttrImpl) node);
break;
default:
throw new EXistException("unsupported node-type");
}
newNode.setNodeName(new QName(newName, "", null));
parent.updateChild(transaction, node, newNode);
modificationCount++;
doc.setLastModified(System.currentTimeMillis());
modifiedDocuments.add(doc);
broker.storeXMLResource(transaction, doc);
notifier.notifyUpdate(doc, UpdateListener.UPDATE);
}
checkFragmentation(transaction, modifiedDocuments);
} finally {
unlockDocuments(transaction);
}
return modificationCount;
}
Aggregations