Search in sources :

Example 6 with ACEAider

use of org.exist.security.internal.aider.ACEAider in project exist by eXist-db.

the class RemoteUserManagementService method getPermissions.

@Override
public Permission getPermissions(final Resource res) throws XMLDBException {
    if (res == null) {
        throw new XMLDBException(ErrorCodes.INVALID_RESOURCE, "resource is null");
    }
    // TODO : use dedicated function in XmldbURI
    final String path = ((RemoteCollection) res.getParentCollection()).getPath() + "/" + res.getId();
    try {
        final List<Object> params = new ArrayList<>();
        params.add(path);
        final Map result = (Map) collection.execute("getPermissions", params);
        final String owner = (String) result.get("owner");
        final String group = (String) result.get("group");
        final int mode = (Integer) result.get("permissions");
        final Stream<ACEAider> aces = extractAces(result.get("acl"));
        return getPermission(owner, group, mode, aces);
    } catch (final PermissionDeniedException pde) {
        throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, pde.getMessage(), pde);
    }
}
Also used : ACEAider(org.exist.security.internal.aider.ACEAider) XMLDBException(org.xmldb.api.base.XMLDBException) PermissionDeniedException(org.exist.security.PermissionDeniedException)

Example 7 with ACEAider

use of org.exist.security.internal.aider.ACEAider in project exist by eXist-db.

the class ACEAiderParser method toAceAider.

private static ACEAider toAceAider(final List<Object> list) throws SAXException {
    if (list.size() != 4) {
        throw new SAXException("Inavlis list size for ACEAider");
    }
    Object object = list.get(0);
    final ACE_ACCESS_TYPE aceAccessType;
    if (object instanceof String) {
        try {
            aceAccessType = ACE_ACCESS_TYPE.valueOf((String) object);
        } catch (final IllegalArgumentException e) {
            throw new SAXException(e);
        }
    } else {
        throw new SAXException("Expected ACE_ACCESS_TYPE");
    }
    object = list.get(1);
    final ACE_TARGET aceTarget;
    if (object instanceof String) {
        try {
            aceTarget = ACE_TARGET.valueOf((String) object);
        } catch (final IllegalArgumentException e) {
            throw new SAXException(e);
        }
    } else {
        throw new SAXException("Expected ACE_TARGET");
    }
    object = list.get(2);
    final String aceWho;
    if (object instanceof String) {
        aceWho = (String) object;
    } else {
        throw new SAXException("Expected String");
    }
    object = list.get(3);
    final int aceMode;
    if (object instanceof Integer) {
        aceMode = (Integer) object;
    } else {
        throw new SAXException("Expected Integer");
    }
    return new ACEAider(aceAccessType, aceTarget, aceWho, aceMode);
}
Also used : ACE_ACCESS_TYPE(org.exist.security.ACLPermission.ACE_ACCESS_TYPE) ACEAider(org.exist.security.internal.aider.ACEAider) ACE_TARGET(org.exist.security.ACLPermission.ACE_TARGET) SAXException(org.xml.sax.SAXException)

Example 8 with ACEAider

use of org.exist.security.internal.aider.ACEAider in project exist by eXist-db.

the class ACEAiderSerializer method writeData.

private void writeData(final ContentHandler handler, final Object object) throws SAXException {
    final ACEAider aceAider = (ACEAider) object;
    writeObject(handler, aceAider.getAccessType().name());
    writeObject(handler, aceAider.getTarget().name());
    writeObject(handler, aceAider.getWho());
    writeObject(handler, aceAider.getMode());
}
Also used : ACEAider(org.exist.security.internal.aider.ACEAider)

Example 9 with ACEAider

use of org.exist.security.internal.aider.ACEAider in project exist by eXist-db.

the class XmldbApiSecurityTest method addCollectionUserAce.

@Override
protected void addCollectionUserAce(final String collectionUri, final String user_uid, final String mode, final boolean allow, final String uid, final String pwd) throws ApiException {
    Collection parentCol = null;
    Collection subCol = null;
    try {
        final String parentColUri = collectionUri.substring(0, collectionUri.lastIndexOf('/'));
        final String subColName = collectionUri.substring(collectionUri.lastIndexOf('/') + 1);
        parentCol = DatabaseManager.getCollection(getBaseUri() + parentColUri, uid, pwd);
        final UserManagementService ums = (UserManagementService) parentCol.getService("UserManagementService", "1.0");
        final Permission subColPermissions = ums.getSubCollectionPermissions(parentCol, subColName);
        subCol = DatabaseManager.getCollection(getBaseUri() + collectionUri, uid, pwd);
        final List<ACEAider> aces = new ArrayList<>();
        final ACEAider ace = new ACEAider(allow ? ACLPermission.ACE_ACCESS_TYPE.ALLOWED : ACLPermission.ACE_ACCESS_TYPE.DENIED, ACLPermission.ACE_TARGET.USER, user_uid, SimpleACLPermission.aceSimpleSymbolicModeToInt(mode));
        aces.add(ace);
        ums.setPermissions(subCol, subColPermissions.getOwner().getName(), subColPermissions.getGroup().getName(), subColPermissions.getMode(), aces);
    } catch (final XMLDBException | PermissionDeniedException e) {
        throw new ApiException(e);
    } finally {
        if (subCol != null) {
            try {
                subCol.close();
            } catch (final XMLDBException xmldbe) {
                throw new ApiException(xmldbe);
            }
        }
        if (parentCol != null) {
            try {
                parentCol.close();
            } catch (final XMLDBException xmldbe) {
                throw new ApiException(xmldbe);
            }
        }
    }
}
Also used : ACEAider(org.exist.security.internal.aider.ACEAider) ArrayList(java.util.ArrayList) Collection(org.xmldb.api.base.Collection) XMLDBException(org.xmldb.api.base.XMLDBException) UserManagementService(org.exist.xmldb.UserManagementService)

Example 10 with ACEAider

use of org.exist.security.internal.aider.ACEAider in project exist by eXist-db.

the class RpcConnection method getACEs.

private List<ACEAider> getACEs(final Permission perm) {
    final List<ACEAider> aces = new ArrayList<>();
    final ACLPermission aclPermission = (ACLPermission) perm;
    for (int i = 0; i < aclPermission.getACECount(); i++) {
        aces.add(new ACEAider(aclPermission.getACEAccessType(i), aclPermission.getACETarget(i), aclPermission.getACEWho(i), aclPermission.getACEMode(i)));
    }
    return aces;
}
Also used : ACLPermission(org.exist.security.ACLPermission) ACEAider(org.exist.security.internal.aider.ACEAider)

Aggregations

ACEAider (org.exist.security.internal.aider.ACEAider)23 PermissionDeniedException (org.exist.security.PermissionDeniedException)8 XMLDBException (org.xmldb.api.base.XMLDBException)8 ACLPermission (org.exist.security.ACLPermission)7 Permission (org.exist.security.Permission)7 ArrayList (java.util.ArrayList)5 Map (java.util.Map)3 Collection (org.exist.collections.Collection)3 BrokerPool (org.exist.storage.BrokerPool)3 DBBroker (org.exist.storage.DBBroker)3 Txn (org.exist.storage.txn.Txn)3 ACE_ACCESS_TYPE (org.exist.security.ACLPermission.ACE_ACCESS_TYPE)2 ACE_TARGET (org.exist.security.ACLPermission.ACE_TARGET)2 BeforeClass (org.junit.BeforeClass)2 Collection (org.xmldb.api.base.Collection)2 Either (com.evolvedbinary.j8fu.Either)1 ConsumerE (com.evolvedbinary.j8fu.function.ConsumerE)1 IOException (java.io.IOException)1 URISyntaxException (java.net.URISyntaxException)1 List (java.util.List)1