use of org.exist.storage.BrokerPool in project exist by eXist-db.
the class GroupManagementFunctionRemoveGroupTest method deleteUsersPersonalPrimaryGroup.
@Test(expected = PermissionDeniedException.class)
public void deleteUsersPersonalPrimaryGroup() throws PermissionDeniedException, EXistException {
final BrokerPool pool = existWebServer.getBrokerPool();
final SecurityManager sm = pool.getSecurityManager();
// create user with personal group as primary group
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
createUser(broker, sm, USER1_NAME, USER1_PWD);
transaction.commit();
}
// check that the user is as we expect
String user1PrimaryGroup = null;
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
final Account user1 = sm.getAccount(USER1_NAME);
user1PrimaryGroup = user1.getPrimaryGroup();
assertEquals(USER1_NAME, user1PrimaryGroup);
assertArrayEquals(new String[] { USER1_NAME }, user1.getGroups());
transaction.commit();
}
// attempt to remove the primary group of the user
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
sm.deleteGroup(user1PrimaryGroup);
fail("Should have received: PermissionDeniedException: Account 'user1' still has 'user1' as their primary group!");
transaction.commit();
}
}
use of org.exist.storage.BrokerPool in project exist by eXist-db.
the class PermissionsFunctionChownTest method changeCollectionGroupToSelfAsNonDBAOwner_clearsSetUidAndSetGid.
/**
* With {@code posix-chown-restricted="false"},
* as the collection owner user change the group of {@link #USER1_COL2} from "user1" to "user1".
* Finally make sure that chown has cleared the setUid and setGid bits.
*/
@Test
public void changeCollectionGroupToSelfAsNonDBAOwner_clearsSetUidAndSetGid() throws AuthenticationException, EXistException, PermissionDeniedException, XPathException {
final BrokerPool pool = existWebServer.getBrokerPool();
final Subject user1 = pool.getSecurityManager().authenticate(USER1_NAME, USER1_PWD);
// check the setUid and setGid bits are set before we begin
assertCollectionSetUidSetGid(user1, TestConstants.TEST_COLLECTION_URI.append(USER1_COL2), IS_SET);
// change the owner
changeGroup(user1, NOT_RESTRICTED, TestConstants.TEST_COLLECTION_URI.append(USER1_COL2), USER1_NAME);
// check the setUid and setGid bits are now cleared
assertCollectionSetUidSetGid(user1, TestConstants.TEST_COLLECTION_URI.append(USER1_COL2), NOT_SET);
}
use of org.exist.storage.BrokerPool in project exist by eXist-db.
the class PermissionsFunctionChownTest method changeDocumentOwnerToSelfAsDBA_preservesSetUidAndSetGid_restricted.
/**
* With {@code posix-chown-restricted="true"},
* as the DBA user change the owner of {@link #USER1_DOC1} from "user1" to "user1".
* Finally make sure that chown has preserved the setUid and setGid bits.
*/
@Test
public void changeDocumentOwnerToSelfAsDBA_preservesSetUidAndSetGid_restricted() throws EXistException, PermissionDeniedException, XPathException {
final BrokerPool pool = existWebServer.getBrokerPool();
final Subject user1 = pool.getSecurityManager().getSystemSubject();
// check the setUid and setGid bits are set before we begin
assertDocumentSetUidSetGid(user1, TestConstants.TEST_COLLECTION_URI.append(USER1_XQUERY1), IS_SET);
// change the owner
changeOwner(user1, RESTRICTED, TestConstants.TEST_COLLECTION_URI.append(USER1_XQUERY1), USER1_NAME);
// check the setUid and setGid bits are still set
assertDocumentSetUidSetGid(user1, TestConstants.TEST_COLLECTION_URI.append(USER1_XQUERY1), IS_SET);
}
use of org.exist.storage.BrokerPool in project exist by eXist-db.
the class PermissionsFunctionChownTest method changeDocumentOwnerToSelfAsNonDBAOwner_clearsSetUidAndSetGid_restricted.
/**
* With {@code posix-chown-restricted="true"},
* as the document owner user change the owner of {@link #USER1_DOC1} from "user1" to "user1".
* Finally make sure that chown has cleared the setUid and setGid bits.
*/
@Test
public void changeDocumentOwnerToSelfAsNonDBAOwner_clearsSetUidAndSetGid_restricted() throws AuthenticationException, EXistException, PermissionDeniedException, XPathException {
final BrokerPool pool = existWebServer.getBrokerPool();
final Subject user1 = pool.getSecurityManager().authenticate(USER1_NAME, USER1_PWD);
// check the setUid and setGid bits are set before we begin
assertDocumentSetUidSetGid(user1, TestConstants.TEST_COLLECTION_URI.append(USER1_XQUERY1), IS_SET);
// change the owner
changeOwner(user1, RESTRICTED, TestConstants.TEST_COLLECTION_URI.append(USER1_XQUERY1), USER1_NAME);
// check the setUid and setGid bits are now cleared
assertDocumentSetUidSetGid(user1, TestConstants.TEST_COLLECTION_URI.append(USER1_XQUERY1), NOT_SET);
}
use of org.exist.storage.BrokerPool in project exist by eXist-db.
the class PermissionsFunctionChownTest method teardown.
@After
public void teardown() throws EXistException, PermissionDeniedException, IOException, TriggerException, LockException {
final BrokerPool pool = existWebServer.getBrokerPool();
try (final DBBroker broker = pool.get(Optional.of(pool.getSecurityManager().getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
removeDocument(broker, transaction, TestConstants.TEST_COLLECTION_URI.append(USER1_DOC1));
removeCollection(broker, transaction, TestConstants.TEST_COLLECTION_URI.append(USER1_COL2));
removeCollection(broker, transaction, TestConstants.TEST_COLLECTION_URI.append(USER1_COL1));
transaction.commit();
}
}
Aggregations