Search in sources :

Example 21 with BrokerPool

use of org.exist.storage.BrokerPool in project exist by eXist-db.

the class GroupManagementFunctionRemoveGroupTest method deleteUsersPersonalPrimaryGroup.

@Test(expected = PermissionDeniedException.class)
public void deleteUsersPersonalPrimaryGroup() throws PermissionDeniedException, EXistException {
    final BrokerPool pool = existWebServer.getBrokerPool();
    final SecurityManager sm = pool.getSecurityManager();
    // create user with personal group as primary group
    try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        createUser(broker, sm, USER1_NAME, USER1_PWD);
        transaction.commit();
    }
    // check that the user is as we expect
    String user1PrimaryGroup = null;
    try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        final Account user1 = sm.getAccount(USER1_NAME);
        user1PrimaryGroup = user1.getPrimaryGroup();
        assertEquals(USER1_NAME, user1PrimaryGroup);
        assertArrayEquals(new String[] { USER1_NAME }, user1.getGroups());
        transaction.commit();
    }
    // attempt to remove the primary group of the user
    try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        sm.deleteGroup(user1PrimaryGroup);
        fail("Should have received: PermissionDeniedException: Account 'user1' still has 'user1' as their primary group!");
        transaction.commit();
    }
}
Also used : DBBroker(org.exist.storage.DBBroker) SecurityManager(org.exist.security.SecurityManager) Txn(org.exist.storage.txn.Txn) BrokerPool(org.exist.storage.BrokerPool)

Example 22 with BrokerPool

use of org.exist.storage.BrokerPool in project exist by eXist-db.

the class PermissionsFunctionChownTest method changeCollectionGroupToSelfAsNonDBAOwner_clearsSetUidAndSetGid.

/**
 * With {@code posix-chown-restricted="false"},
 * as the collection owner user change the group of {@link #USER1_COL2} from "user1" to "user1".
 * Finally make sure that chown has cleared the setUid and setGid bits.
 */
@Test
public void changeCollectionGroupToSelfAsNonDBAOwner_clearsSetUidAndSetGid() throws AuthenticationException, EXistException, PermissionDeniedException, XPathException {
    final BrokerPool pool = existWebServer.getBrokerPool();
    final Subject user1 = pool.getSecurityManager().authenticate(USER1_NAME, USER1_PWD);
    // check the setUid and setGid bits are set before we begin
    assertCollectionSetUidSetGid(user1, TestConstants.TEST_COLLECTION_URI.append(USER1_COL2), IS_SET);
    // change the owner
    changeGroup(user1, NOT_RESTRICTED, TestConstants.TEST_COLLECTION_URI.append(USER1_COL2), USER1_NAME);
    // check the setUid and setGid bits are now cleared
    assertCollectionSetUidSetGid(user1, TestConstants.TEST_COLLECTION_URI.append(USER1_COL2), NOT_SET);
}
Also used : BrokerPool(org.exist.storage.BrokerPool)

Example 23 with BrokerPool

use of org.exist.storage.BrokerPool in project exist by eXist-db.

the class PermissionsFunctionChownTest method changeDocumentOwnerToSelfAsDBA_preservesSetUidAndSetGid_restricted.

/**
 * With {@code posix-chown-restricted="true"},
 * as the DBA user change the owner of {@link #USER1_DOC1} from "user1" to "user1".
 * Finally make sure that chown has preserved the setUid and setGid bits.
 */
@Test
public void changeDocumentOwnerToSelfAsDBA_preservesSetUidAndSetGid_restricted() throws EXistException, PermissionDeniedException, XPathException {
    final BrokerPool pool = existWebServer.getBrokerPool();
    final Subject user1 = pool.getSecurityManager().getSystemSubject();
    // check the setUid and setGid bits are set before we begin
    assertDocumentSetUidSetGid(user1, TestConstants.TEST_COLLECTION_URI.append(USER1_XQUERY1), IS_SET);
    // change the owner
    changeOwner(user1, RESTRICTED, TestConstants.TEST_COLLECTION_URI.append(USER1_XQUERY1), USER1_NAME);
    // check the setUid and setGid bits are still set
    assertDocumentSetUidSetGid(user1, TestConstants.TEST_COLLECTION_URI.append(USER1_XQUERY1), IS_SET);
}
Also used : BrokerPool(org.exist.storage.BrokerPool)

Example 24 with BrokerPool

use of org.exist.storage.BrokerPool in project exist by eXist-db.

the class PermissionsFunctionChownTest method changeDocumentOwnerToSelfAsNonDBAOwner_clearsSetUidAndSetGid_restricted.

/**
 * With {@code posix-chown-restricted="true"},
 * as the document owner user change the owner of {@link #USER1_DOC1} from "user1" to "user1".
 * Finally make sure that chown has cleared the setUid and setGid bits.
 */
@Test
public void changeDocumentOwnerToSelfAsNonDBAOwner_clearsSetUidAndSetGid_restricted() throws AuthenticationException, EXistException, PermissionDeniedException, XPathException {
    final BrokerPool pool = existWebServer.getBrokerPool();
    final Subject user1 = pool.getSecurityManager().authenticate(USER1_NAME, USER1_PWD);
    // check the setUid and setGid bits are set before we begin
    assertDocumentSetUidSetGid(user1, TestConstants.TEST_COLLECTION_URI.append(USER1_XQUERY1), IS_SET);
    // change the owner
    changeOwner(user1, RESTRICTED, TestConstants.TEST_COLLECTION_URI.append(USER1_XQUERY1), USER1_NAME);
    // check the setUid and setGid bits are now cleared
    assertDocumentSetUidSetGid(user1, TestConstants.TEST_COLLECTION_URI.append(USER1_XQUERY1), NOT_SET);
}
Also used : BrokerPool(org.exist.storage.BrokerPool)

Example 25 with BrokerPool

use of org.exist.storage.BrokerPool in project exist by eXist-db.

the class PermissionsFunctionChownTest method teardown.

@After
public void teardown() throws EXistException, PermissionDeniedException, IOException, TriggerException, LockException {
    final BrokerPool pool = existWebServer.getBrokerPool();
    try (final DBBroker broker = pool.get(Optional.of(pool.getSecurityManager().getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        removeDocument(broker, transaction, TestConstants.TEST_COLLECTION_URI.append(USER1_DOC1));
        removeCollection(broker, transaction, TestConstants.TEST_COLLECTION_URI.append(USER1_COL2));
        removeCollection(broker, transaction, TestConstants.TEST_COLLECTION_URI.append(USER1_COL1));
        transaction.commit();
    }
}
Also used : DBBroker(org.exist.storage.DBBroker) Txn(org.exist.storage.txn.Txn) BrokerPool(org.exist.storage.BrokerPool)

Aggregations

BrokerPool (org.exist.storage.BrokerPool)381 DBBroker (org.exist.storage.DBBroker)300 Txn (org.exist.storage.txn.Txn)180 Sequence (org.exist.xquery.value.Sequence)157 Test (org.junit.Test)115 XQuery (org.exist.xquery.XQuery)105 Collection (org.exist.collections.Collection)71 StringInputSource (org.exist.util.StringInputSource)66 TransactionManager (org.exist.storage.txn.TransactionManager)61 Source (org.exist.source.Source)43 StringSource (org.exist.source.StringSource)40 CompiledXQuery (org.exist.xquery.CompiledXQuery)38 Path (java.nio.file.Path)22 XmldbURI (org.exist.xmldb.XmldbURI)21 XPathException (org.exist.xquery.XPathException)21 Properties (java.util.Properties)20 LockedDocument (org.exist.dom.persistent.LockedDocument)20 InputSource (org.xml.sax.InputSource)20 IOException (java.io.IOException)19 XQueryContext (org.exist.xquery.XQueryContext)19