Search in sources :

Example 11 with ACEAider

use of org.exist.security.internal.aider.ACEAider in project exist by eXist-db.

the class EditPropertiesDialog method btnSaveActionPerformed.

// </editor-fold>//GEN-END:initComponents
private void btnSaveActionPerformed(java.awt.event.ActionEvent evt) {
    try {
        for (final ResourceDescriptor desc : applyTo) {
            final String newOwner;
            if (MULTIPLE_INDICATOR.equals(lblOwnerValue.getText()) || desc.getOwner().equals(lblOwnerValue.getText())) {
                newOwner = desc.getOwner();
            } else {
                newOwner = lblOwnerValue.getText();
            }
            final String newGroup;
            if (MULTIPLE_INDICATOR.equals(lblGroupValue.getText()) || desc.getGroup().equals(lblGroupValue.getText())) {
                newGroup = desc.getGroup();
            } else {
                newGroup = lblGroupValue.getText();
            }
            final Permission existingPermission = desc.getPermissions();
            final ModeDisplay modeChanges = getBasicPermissionsTableModel().getMode();
            final Permission updatedPermission = getUpdatedPermission(existingPermission, modeChanges);
            final List<ACEAider> dlgAces = new ArrayList<>();
            if (acl == null) {
                if (existingPermission instanceof ACLPermission) {
                    final ACLPermission existingAclPermission = (ACLPermission) existingPermission;
                    for (int i = 0; i < existingAclPermission.getACECount(); i++) {
                        dlgAces.add(new ACEAider(existingAclPermission.getACEAccessType(i), existingAclPermission.getACETarget(i), existingAclPermission.getACEWho(i), existingAclPermission.getACEMode(i)));
                    }
                }
            } else {
                for (int i = 0; i < tblAcl.getRowCount(); i++) {
                    final ACLPermission.ACE_TARGET target = ACLPermission.ACE_TARGET.valueOf((String) getAclTableModel().getValueAt(i, 0));
                    final String who = (String) getAclTableModel().getValueAt(i, 1);
                    final ACLPermission.ACE_ACCESS_TYPE access = ACLPermission.ACE_ACCESS_TYPE.valueOf((String) getAclTableModel().getValueAt(i, 2));
                    int mode = 0;
                    if ((Boolean) tblAcl.getValueAt(i, 3)) {
                        mode |= Permission.READ;
                    }
                    if ((Boolean) tblAcl.getValueAt(i, 4)) {
                        mode |= Permission.WRITE;
                    }
                    if ((Boolean) tblAcl.getValueAt(i, 5)) {
                        mode |= Permission.EXECUTE;
                    }
                    dlgAces.add(new ACEAider(access, target, who, mode));
                }
            }
            if (desc.isCollection()) {
                final Collection coll = parent.getChildCollection(desc.getName().toString());
                getUserManagementService().setPermissions(coll, newOwner, newGroup, updatedPermission.getMode(), dlgAces);
            } else {
                final Resource res = parent.getResource(desc.getName().toString());
                getUserManagementService().setPermissions(res, newOwner, newGroup, updatedPermission.getMode(), dlgAces);
            }
        }
        setVisible(false);
        dispose();
    } catch (final PermissionDeniedException | XMLDBException e) {
        JOptionPane.showMessageDialog(this, "Could not update properties: " + e.getMessage(), ERROR_TITLE, JOptionPane.ERROR_MESSAGE);
    }
}
Also used : ACLPermission(org.exist.security.ACLPermission) ArrayList(java.util.ArrayList) Resource(org.xmldb.api.base.Resource) XMLDBException(org.xmldb.api.base.XMLDBException) ACEAider(org.exist.security.internal.aider.ACEAider) ACLPermission(org.exist.security.ACLPermission) Permission(org.exist.security.Permission) Collection(org.xmldb.api.base.Collection) PermissionDeniedException(org.exist.security.PermissionDeniedException)

Example 12 with ACEAider

use of org.exist.security.internal.aider.ACEAider in project exist by eXist-db.

the class FnCollectionSecurityTest method createCollection.

private static void createCollection(final DBBroker broker, final Txn transaction, final String collectionUri, final String modeStr, final ACEAider... aces) throws PermissionDeniedException, IOException, TriggerException, SyntaxException {
    try (final Collection collection = broker.getOrCreateCollection(transaction, XmldbURI.create(collectionUri))) {
        final Permission permissions = collection.getPermissions();
        permissions.setMode(modeStr);
        if (permissions instanceof SimpleACLPermission) {
            final SimpleACLPermission aclPermissions = (SimpleACLPermission) permissions;
            for (final ACEAider ace : aces) {
                aclPermissions.addACE(ace.getAccessType(), ace.getTarget(), ace.getWho(), ace.getMode());
            }
        }
        broker.saveCollection(transaction, collection);
    }
}
Also used : ACEAider(org.exist.security.internal.aider.ACEAider) Collection(org.exist.collections.Collection)

Example 13 with ACEAider

use of org.exist.security.internal.aider.ACEAider in project exist by eXist-db.

the class FnCollectionSecurityTest method setup.

/**
 * Sets up the database like:
 *
 *  /db/all                                  system:dba rwxrwxrwx
 *  /db/system-only                          system:dba rwx------
 *
 *  /db/fnDocSecurityTest1                   system:dba rwxr-xr--
 *  /db/fnDocSecurityTest1/child1            system:dba rwxrwxrwx
 *  /db/fnDocSecurityTest1/child1/child1_1   system:dba rwxrwxrwx
 *
 *  /db/fnDocSecurityTest2                   system:dba rwxr-xr-x+ (acl=[DENIED USER docTestUser1 "r-x"])
 *  /db/fnDocSecurityTest2/child2            system:dba rwxrwxrwx
 *  /db/fnDocSecurityTest2/child2/child2_2   system:dba rwxrwxrwx
 *
 * Creates a new user: docTestUser1
 */
@BeforeClass
public static void setup() throws EXistException, PermissionDeniedException, SyntaxException, IOException, SAXException, LockException {
    // as system user
    final BrokerPool pool = server.getBrokerPool();
    final SecurityManager securityManager = pool.getSecurityManager();
    try (final DBBroker broker = pool.get(Optional.of(securityManager.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        createUser(securityManager, broker, TEST_USER_1);
        // create /db/all.xml
        createCollection(broker, transaction, TEST_COLLECTION_ALL, "rwxrwxrwx");
        // create /db/system-only.xml
        createCollection(broker, transaction, TEST_COLLECTION_SYSTEM_ONLY, "rwx------");
        // create /db/fnCollectionSecurityTest1...
        createCollection(broker, transaction, TEST_COLLECTION_1, "rwxr-xr--");
        createCollection(broker, transaction, TEST_SUB_COLLECTION_1, "rwxrwxrwx");
        createCollection(broker, transaction, TEST_SUB_COLLECTION_1_1, "rwxrwxrwx");
        // create /db/fnDocSecurityTest2...
        final ACEAider ace = new ACEAider(ACLPermission.ACE_ACCESS_TYPE.DENIED, ACLPermission.ACE_TARGET.USER, TEST_USER_1, SimpleACLPermission.aceSimpleSymbolicModeToInt("r-x"));
        createCollection(broker, transaction, TEST_COLLECTION_2, "rwxr-xr-x", ace);
        createCollection(broker, transaction, TEST_SUB_COLLECTION_2, "rwxrwxrwx");
        createCollection(broker, transaction, TEST_SUB_COLLECTION_2_2, "rwxrwxrwx");
        transaction.commit();
    }
}
Also used : DBBroker(org.exist.storage.DBBroker) ACEAider(org.exist.security.internal.aider.ACEAider) Txn(org.exist.storage.txn.Txn) BrokerPool(org.exist.storage.BrokerPool) BeforeClass(org.junit.BeforeClass)

Example 14 with ACEAider

use of org.exist.security.internal.aider.ACEAider in project exist by eXist-db.

the class NativeBroker method copyModeAndAcl.

/**
 * Copies just the mode and ACL from the src to the dest
 *
 * @param srcPermission The source to copy from
 * @param destPermission The destination to copy to
 */
private void copyModeAndAcl(final Permission srcPermission, final Permission destPermission) throws PermissionDeniedException {
    final List<ACEAider> aces = new ArrayList<>();
    if (srcPermission instanceof SimpleACLPermission && destPermission instanceof SimpleACLPermission) {
        final SimpleACLPermission srcAclPermission = (SimpleACLPermission) srcPermission;
        for (int i = 0; i < srcAclPermission.getACECount(); i++) {
            aces.add(new ACEAider(srcAclPermission.getACEAccessType(i), srcAclPermission.getACETarget(i), srcAclPermission.getACEWho(i), srcAclPermission.getACEMode(i)));
        }
    }
    PermissionFactory.chmod(this, destPermission, Optional.of(srcPermission.getMode()), Optional.of(aces));
}
Also used : ACEAider(org.exist.security.internal.aider.ACEAider)

Example 15 with ACEAider

use of org.exist.security.internal.aider.ACEAider in project exist by eXist-db.

the class FnDocSecurityTest method createCollection.

private static void createCollection(final DBBroker broker, final Txn transaction, final String collectionUri, final String modeStr, final ACEAider... aces) throws PermissionDeniedException, IOException, TriggerException, SyntaxException {
    try (final Collection collection = broker.getOrCreateCollection(transaction, XmldbURI.create(collectionUri))) {
        final Permission permissions = collection.getPermissions();
        permissions.setMode(modeStr);
        if (permissions instanceof SimpleACLPermission) {
            final SimpleACLPermission aclPermissions = (SimpleACLPermission) permissions;
            for (final ACEAider ace : aces) {
                aclPermissions.addACE(ace.getAccessType(), ace.getTarget(), ace.getWho(), ace.getMode());
            }
        }
        broker.saveCollection(transaction, collection);
    }
}
Also used : ACEAider(org.exist.security.internal.aider.ACEAider) Collection(org.exist.collections.Collection)

Aggregations

ACEAider (org.exist.security.internal.aider.ACEAider)23 PermissionDeniedException (org.exist.security.PermissionDeniedException)8 XMLDBException (org.xmldb.api.base.XMLDBException)8 ACLPermission (org.exist.security.ACLPermission)7 Permission (org.exist.security.Permission)7 ArrayList (java.util.ArrayList)5 Map (java.util.Map)3 Collection (org.exist.collections.Collection)3 BrokerPool (org.exist.storage.BrokerPool)3 DBBroker (org.exist.storage.DBBroker)3 Txn (org.exist.storage.txn.Txn)3 ACE_ACCESS_TYPE (org.exist.security.ACLPermission.ACE_ACCESS_TYPE)2 ACE_TARGET (org.exist.security.ACLPermission.ACE_TARGET)2 BeforeClass (org.junit.BeforeClass)2 Collection (org.xmldb.api.base.Collection)2 Either (com.evolvedbinary.j8fu.Either)1 ConsumerE (com.evolvedbinary.j8fu.function.ConsumerE)1 IOException (java.io.IOException)1 URISyntaxException (java.net.URISyntaxException)1 List (java.util.List)1