Examples with PermissionDeniedException org.exist.security.PermissionDeniedException used on opensource projects

Example 36 with PermissionDeniedException

use of org.exist.security.PermissionDeniedException in project exist by eXist-db.

the class Remove method process.

@Override
public long process(Txn transaction) throws PermissionDeniedException, LockException, EXistException, XPathException, TriggerException {
    try {
        final StoredNode[] ql = selectAndLock(transaction);
        final NotificationService notifier = broker.getBrokerPool().getNotificationService();
        for (final StoredNode node : ql) {
            final DocumentImpl doc = node.getOwnerDocument();
            if (!doc.getPermissions().validate(broker.getCurrentSubject(), Permission.WRITE)) {
                throw new PermissionDeniedException("User '" + broker.getCurrentSubject().getName() + "' does not have permission to write to the document '" + doc.getDocumentURI() + "'!");
            }
            final NodeImpl parent = (NodeImpl) getParent(node);
            if (parent == null || parent.getNodeType() != Node.ELEMENT_NODE) {
                throw new EXistException("you cannot remove the document element. Use update " + "instead");
            } else {
                parent.removeChild(transaction, node);
            }
            doc.setLastModified(System.currentTimeMillis());
            modifiedDocuments.add(doc);
            broker.storeXMLResource(transaction, doc);
            notifier.notifyUpdate(doc, UpdateListener.UPDATE);
        }
        checkFragmentation(transaction, modifiedDocuments);
        return ql.length;
    } finally {
        unlockDocuments(transaction);
    }
}

Example 37 with PermissionDeniedException

use of org.exist.security.PermissionDeniedException in project exist by eXist-db.

the class Update method process.

@Override
public long process(Txn transaction) throws PermissionDeniedException, LockException, EXistException, XPathException, TriggerException {
    final NodeList children = content;
    if (children.getLength() == 0) {
        return 0;
    }
    int modifications = children.getLength();
    try {
        final StoredNode[] ql = selectAndLock(transaction);
        final NotificationService notifier = broker.getBrokerPool().getNotificationService();
        for (final StoredNode node : ql) {
            if (node == null) {
                LOG.warn("select {} returned empty node", selectStmt);
                continue;
            }
            final DocumentImpl doc = node.getOwnerDocument();
            if (!doc.getPermissions().validate(broker.getCurrentSubject(), Permission.WRITE)) {
                throw new PermissionDeniedException("User '" + broker.getCurrentSubject().getName() + "' does not have permission to write to the document '" + doc.getDocumentURI() + "'!");
            }
            switch(node.getNodeType()) {
                case Node.ELEMENT_NODE:
                    if (modifications == 0) {
                        modifications = 1;
                    }
                    ((ElementImpl) node).update(transaction, children);
                    break;
                case Node.TEXT_NODE:
                    final ElementImpl textParent = (ElementImpl) node.getParentNode();
                    final Node textTemp = children.item(0);
                    final TextImpl text = new TextImpl(textTemp.getNodeValue());
                    modifications = 1;
                    text.setOwnerDocument(doc);
                    textParent.updateChild(transaction, node, text);
                    break;
                case Node.ATTRIBUTE_NODE:
                    final ElementImpl attrParent = (ElementImpl) ((Attr) node).getOwnerElement();
                    if (attrParent == null) {
                        LOG.warn("parent node not found for {}", node.getNodeId());
                        break;
                    }
                    final AttrImpl attr = (AttrImpl) node;
                    final Node attrTemp = children.item(0);
                    final AttrImpl attribute = new AttrImpl(attr.getQName(), attrTemp.getNodeValue(), broker.getBrokerPool().getSymbols());
                    attribute.setOwnerDocument(doc);
                    attrParent.updateChild(transaction, node, attribute);
                    break;
                default:
                    throw new EXistException("unsupported node-type");
            }
            doc.setLastModified(System.currentTimeMillis());
            modifiedDocuments.add(doc);
            broker.storeXMLResource(transaction, doc);
            notifier.notifyUpdate(doc, UpdateListener.UPDATE);
        }
        checkFragmentation(transaction, modifiedDocuments);
    } finally {
        unlockDocuments(transaction);
    }
    return modifications;
}

Example 38 with PermissionDeniedException

use of org.exist.security.PermissionDeniedException in project exist by eXist-db.

the class GetField method eval.

@Override
public Sequence eval(Sequence[] args, Sequence contextSequence) throws XPathException {
    XmldbURI uri = XmldbURI.createInternal(args[0].getStringValue());
    String field = args[1].getStringValue();
    try (final LockedDocument lockedDoc = context.getBroker().getXMLResource(uri, LockMode.READ_LOCK)) {
        if (lockedDoc == null) {
            return Sequence.EMPTY_SEQUENCE;
        }
        // Get the lucene worker
        final LuceneIndexWorker index = (LuceneIndexWorker) context.getBroker().getIndexController().getWorkerByIndexId(LuceneIndex.ID);
        final String content = index.getFieldContent(lockedDoc.getDocument().getDocId(), field);
        return content == null ? Sequence.EMPTY_SEQUENCE : new org.exist.xquery.value.StringValue(content);
    } catch (PermissionDeniedException e) {
        throw new XPathException(this, LuceneModule.EXXQDYFT0001, "Permission denied to read document " + args[0].getStringValue());
    } catch (IOException e) {
        throw new XPathException(this, LuceneModule.EXXQDYFT0002, "IO error while reading document " + args[0].getStringValue());
    }
}

Example 39 with PermissionDeniedException

use of org.exist.security.PermissionDeniedException in project exist by eXist-db.

the class ExistDocument method unlock.

/**
 * Unlock document in database.
 */
void unlock() throws PermissionDeniedException, DocumentNotLockedException, EXistException {
    if (LOG.isDebugEnabled()) {
        LOG.debug("unlock {}", xmldbUri);
    }
    final TransactionManager txnManager = brokerPool.getTransactionManager();
    // Try to get document
    try (final DBBroker broker = brokerPool.get(Optional.ofNullable(subject));
        final Txn txn = txnManager.beginTransaction();
        final LockedDocument lockedDocument = broker.getXMLResource(xmldbUri, LockMode.WRITE_LOCK)) {
        final DocumentImpl document = lockedDocument.getDocument();
        if (document == null) {
            final String msg = String.format("No resource found for path: %s", xmldbUri);
            LOG.debug(msg);
            throw new EXistException(msg);
        }
        // Get current userlock
        Account lock = document.getUserLock();
        // Check if Resource is already locked.
        if (lock == null) {
            LOG.debug("Resource {} is not locked.", xmldbUri);
            throw new DocumentNotLockedException("" + xmldbUri);
        }
        // Check if Resource is from subject
        if (!lock.getName().equals(subject.getName()) && !subject.hasDbaRole()) {
            LOG.debug("Resource lock is from user {}", lock.getName());
            throw new PermissionDeniedException(lock.getName());
        }
        // Update document
        document.setUserLock(null);
        document.setLockToken(null);
        // Make it persistant
        broker.storeMetadata(txn, document);
        txnManager.commit(txn);
    } catch (EXistException | PermissionDeniedException e) {
        LOG.error(e);
        throw e;
    } catch (TriggerException e) {
        LOG.error(e);
        throw new EXistException(e);
    } finally {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Finished create lock");
        }
    }
}

Example 40 with PermissionDeniedException

use of org.exist.security.PermissionDeniedException in project exist by eXist-db.

the class ExistDocument method initMetadata.

/**
 * Initialize Collection, authenticate() is required first
 */
@Override
public void initMetadata() {
    if (subject == null) {
        LOG.error("User not initialized yet");
        return;
    }
    // check if initialization is required
    if (isInitialized) {
        LOG.debug("Already initialized");
        return;
    }
    try (final DBBroker broker = brokerPool.get(Optional.of(subject))) {
        // If it is not a collection, check if it is a document
        try (final LockedDocument lockedDocument = broker.getXMLResource(xmldbUri, LockMode.READ_LOCK)) {
            final DocumentImpl document = lockedDocument.getDocument();
            if (document.getResourceType() == DocumentImpl.XML_FILE) {
                isXmlDocument = true;
            }
            // Get meta data
            creationTime = document.getCreated();
            lastModified = document.getLastModified();
            mimeType = document.getMimeType();
            // Retrieve perssions
            permissions = document.getPermissions();
            readAllowed = permissions.validate(subject, Permission.READ);
            writeAllowed = permissions.validate(subject, Permission.WRITE);
            executeAllowed = permissions.validate(subject, Permission.EXECUTE);
            ownerUser = permissions.getOwner().getUsername();
            ownerGroup = permissions.getGroup().getName();
            // Get (estimated) file size
            contentLength = document.getContentLength();
        }
    } catch (final EXistException | PermissionDeniedException e) {
        LOG.error(e);
    }
    isInitialized = true;
}