use of org.exist.security.internal.aider.ACEAider in project exist by eXist-db.
the class EditPropertiesDialog method btnSaveActionPerformed.
// </editor-fold>//GEN-END:initComponents
private void btnSaveActionPerformed(java.awt.event.ActionEvent evt) {
try {
for (final ResourceDescriptor desc : applyTo) {
final String newOwner;
if (MULTIPLE_INDICATOR.equals(lblOwnerValue.getText()) || desc.getOwner().equals(lblOwnerValue.getText())) {
newOwner = desc.getOwner();
} else {
newOwner = lblOwnerValue.getText();
}
final String newGroup;
if (MULTIPLE_INDICATOR.equals(lblGroupValue.getText()) || desc.getGroup().equals(lblGroupValue.getText())) {
newGroup = desc.getGroup();
} else {
newGroup = lblGroupValue.getText();
}
final Permission existingPermission = desc.getPermissions();
final ModeDisplay modeChanges = getBasicPermissionsTableModel().getMode();
final Permission updatedPermission = getUpdatedPermission(existingPermission, modeChanges);
final List<ACEAider> dlgAces = new ArrayList<>();
if (acl == null) {
if (existingPermission instanceof ACLPermission) {
final ACLPermission existingAclPermission = (ACLPermission) existingPermission;
for (int i = 0; i < existingAclPermission.getACECount(); i++) {
dlgAces.add(new ACEAider(existingAclPermission.getACEAccessType(i), existingAclPermission.getACETarget(i), existingAclPermission.getACEWho(i), existingAclPermission.getACEMode(i)));
}
}
} else {
for (int i = 0; i < tblAcl.getRowCount(); i++) {
final ACLPermission.ACE_TARGET target = ACLPermission.ACE_TARGET.valueOf((String) getAclTableModel().getValueAt(i, 0));
final String who = (String) getAclTableModel().getValueAt(i, 1);
final ACLPermission.ACE_ACCESS_TYPE access = ACLPermission.ACE_ACCESS_TYPE.valueOf((String) getAclTableModel().getValueAt(i, 2));
int mode = 0;
if ((Boolean) tblAcl.getValueAt(i, 3)) {
mode |= Permission.READ;
}
if ((Boolean) tblAcl.getValueAt(i, 4)) {
mode |= Permission.WRITE;
}
if ((Boolean) tblAcl.getValueAt(i, 5)) {
mode |= Permission.EXECUTE;
}
dlgAces.add(new ACEAider(access, target, who, mode));
}
}
if (desc.isCollection()) {
final Collection coll = parent.getChildCollection(desc.getName().toString());
getUserManagementService().setPermissions(coll, newOwner, newGroup, updatedPermission.getMode(), dlgAces);
} else {
final Resource res = parent.getResource(desc.getName().toString());
getUserManagementService().setPermissions(res, newOwner, newGroup, updatedPermission.getMode(), dlgAces);
}
}
setVisible(false);
dispose();
} catch (final PermissionDeniedException | XMLDBException e) {
JOptionPane.showMessageDialog(this, "Could not update properties: " + e.getMessage(), ERROR_TITLE, JOptionPane.ERROR_MESSAGE);
}
}
use of org.exist.security.internal.aider.ACEAider in project exist by eXist-db.
the class FnCollectionSecurityTest method createCollection.
private static void createCollection(final DBBroker broker, final Txn transaction, final String collectionUri, final String modeStr, final ACEAider... aces) throws PermissionDeniedException, IOException, TriggerException, SyntaxException {
try (final Collection collection = broker.getOrCreateCollection(transaction, XmldbURI.create(collectionUri))) {
final Permission permissions = collection.getPermissions();
permissions.setMode(modeStr);
if (permissions instanceof SimpleACLPermission) {
final SimpleACLPermission aclPermissions = (SimpleACLPermission) permissions;
for (final ACEAider ace : aces) {
aclPermissions.addACE(ace.getAccessType(), ace.getTarget(), ace.getWho(), ace.getMode());
}
}
broker.saveCollection(transaction, collection);
}
}
use of org.exist.security.internal.aider.ACEAider in project exist by eXist-db.
the class FnCollectionSecurityTest method setup.
/**
* Sets up the database like:
*
* /db/all system:dba rwxrwxrwx
* /db/system-only system:dba rwx------
*
* /db/fnDocSecurityTest1 system:dba rwxr-xr--
* /db/fnDocSecurityTest1/child1 system:dba rwxrwxrwx
* /db/fnDocSecurityTest1/child1/child1_1 system:dba rwxrwxrwx
*
* /db/fnDocSecurityTest2 system:dba rwxr-xr-x+ (acl=[DENIED USER docTestUser1 "r-x"])
* /db/fnDocSecurityTest2/child2 system:dba rwxrwxrwx
* /db/fnDocSecurityTest2/child2/child2_2 system:dba rwxrwxrwx
*
* Creates a new user: docTestUser1
*/
@BeforeClass
public static void setup() throws EXistException, PermissionDeniedException, SyntaxException, IOException, SAXException, LockException {
// as system user
final BrokerPool pool = server.getBrokerPool();
final SecurityManager securityManager = pool.getSecurityManager();
try (final DBBroker broker = pool.get(Optional.of(securityManager.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
createUser(securityManager, broker, TEST_USER_1);
// create /db/all.xml
createCollection(broker, transaction, TEST_COLLECTION_ALL, "rwxrwxrwx");
// create /db/system-only.xml
createCollection(broker, transaction, TEST_COLLECTION_SYSTEM_ONLY, "rwx------");
// create /db/fnCollectionSecurityTest1...
createCollection(broker, transaction, TEST_COLLECTION_1, "rwxr-xr--");
createCollection(broker, transaction, TEST_SUB_COLLECTION_1, "rwxrwxrwx");
createCollection(broker, transaction, TEST_SUB_COLLECTION_1_1, "rwxrwxrwx");
// create /db/fnDocSecurityTest2...
final ACEAider ace = new ACEAider(ACLPermission.ACE_ACCESS_TYPE.DENIED, ACLPermission.ACE_TARGET.USER, TEST_USER_1, SimpleACLPermission.aceSimpleSymbolicModeToInt("r-x"));
createCollection(broker, transaction, TEST_COLLECTION_2, "rwxr-xr-x", ace);
createCollection(broker, transaction, TEST_SUB_COLLECTION_2, "rwxrwxrwx");
createCollection(broker, transaction, TEST_SUB_COLLECTION_2_2, "rwxrwxrwx");
transaction.commit();
}
}
use of org.exist.security.internal.aider.ACEAider in project exist by eXist-db.
the class NativeBroker method copyModeAndAcl.
/**
* Copies just the mode and ACL from the src to the dest
*
* @param srcPermission The source to copy from
* @param destPermission The destination to copy to
*/
private void copyModeAndAcl(final Permission srcPermission, final Permission destPermission) throws PermissionDeniedException {
final List<ACEAider> aces = new ArrayList<>();
if (srcPermission instanceof SimpleACLPermission && destPermission instanceof SimpleACLPermission) {
final SimpleACLPermission srcAclPermission = (SimpleACLPermission) srcPermission;
for (int i = 0; i < srcAclPermission.getACECount(); i++) {
aces.add(new ACEAider(srcAclPermission.getACEAccessType(i), srcAclPermission.getACETarget(i), srcAclPermission.getACEWho(i), srcAclPermission.getACEMode(i)));
}
}
PermissionFactory.chmod(this, destPermission, Optional.of(srcPermission.getMode()), Optional.of(aces));
}
use of org.exist.security.internal.aider.ACEAider in project exist by eXist-db.
the class FnDocSecurityTest method createCollection.
private static void createCollection(final DBBroker broker, final Txn transaction, final String collectionUri, final String modeStr, final ACEAider... aces) throws PermissionDeniedException, IOException, TriggerException, SyntaxException {
try (final Collection collection = broker.getOrCreateCollection(transaction, XmldbURI.create(collectionUri))) {
final Permission permissions = collection.getPermissions();
permissions.setMode(modeStr);
if (permissions instanceof SimpleACLPermission) {
final SimpleACLPermission aclPermissions = (SimpleACLPermission) permissions;
for (final ACEAider ace : aces) {
aclPermissions.addACE(ace.getAccessType(), ace.getTarget(), ace.getWho(), ace.getMode());
}
}
broker.saveCollection(transaction, collection);
}
}
Aggregations