Search in sources :

Example 31 with DBBroker

use of org.exist.storage.DBBroker in project exist by eXist-db.

the class GroupManagementFunctionRemoveGroupTest method deleteUsersSharingPersonalPrimaryGroup.

@Test
public void deleteUsersSharingPersonalPrimaryGroup() throws PermissionDeniedException, EXistException {
    final BrokerPool pool = existWebServer.getBrokerPool();
    final SecurityManager sm = pool.getSecurityManager();
    // create two users which share a primary group
    try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        final Group otherGroup1 = createGroup(broker, sm, OTHER_GROUP1_NAME);
        Account user1 = createUser(broker, sm, USER1_NAME, USER1_PWD);
        addUserToGroup(sm, user1, otherGroup1);
        setPrimaryGroup(sm, user1, otherGroup1);
        final Account user2 = createUser(broker, sm, USER2_NAME, USER2_PWD);
        addUserToGroup(sm, user2, otherGroup1);
        setPrimaryGroup(sm, user2, otherGroup1);
        transaction.commit();
    }
    // check that the users are as we expect
    String primaryGroup = null;
    try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        final Account user1 = sm.getAccount(USER1_NAME);
        primaryGroup = user1.getPrimaryGroup();
        assertEquals(OTHER_GROUP1_NAME, primaryGroup);
        final String[] user1Groups = user1.getGroups();
        assertArrayEquals(new String[] { OTHER_GROUP1_NAME, USER1_NAME }, user1Groups);
        for (final String user1Group : user1Groups) {
            assertNotNull(sm.getGroup(user1Group));
        }
        final Account user2 = sm.getAccount(USER2_NAME);
        assertEquals(OTHER_GROUP1_NAME, user2.getPrimaryGroup());
        final String[] user2Groups = user2.getGroups();
        assertArrayEquals(new String[] { OTHER_GROUP1_NAME, USER2_NAME }, user2Groups);
        for (final String user2Group : user2Groups) {
            assertNotNull(sm.getGroup(user2Group));
        }
        transaction.commit();
    }
    // attempt to remove the primary group of the first user
    try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        try {
            sm.deleteGroup(primaryGroup);
            fail("Should have received: PermissionDeniedException: Account 'user1' still has 'otherGroup1' as their primary group!");
        } catch (final PermissionDeniedException e) {
        // expected
        }
        transaction.commit();
    }
    // delete the first user
    try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        removeUser(sm, USER1_NAME);
        transaction.commit();
    }
    // attempt to remove the primary group of the second user
    try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        try {
            sm.deleteGroup(primaryGroup);
            fail("Should have received: PermissionDeniedException: Account 'user2' still has 'otherGroup1' as their primary group!");
        } catch (final PermissionDeniedException e) {
        // expected
        }
        transaction.commit();
    }
    // delete the second user
    try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        removeUser(sm, USER2_NAME);
        transaction.commit();
    }
    // no users have the group as primary group, so now should be able to delete the group
    try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        sm.deleteGroup(primaryGroup);
        transaction.commit();
    }
}
Also used : DBBroker(org.exist.storage.DBBroker) SecurityManager(org.exist.security.SecurityManager) Txn(org.exist.storage.txn.Txn) BrokerPool(org.exist.storage.BrokerPool)

Example 32 with DBBroker

use of org.exist.storage.DBBroker in project exist by eXist-db.

the class GroupManagementFunctionRemoveGroupTest method deleteUsersPersonalPrimaryGroup.

@Test(expected = PermissionDeniedException.class)
public void deleteUsersPersonalPrimaryGroup() throws PermissionDeniedException, EXistException {
    final BrokerPool pool = existWebServer.getBrokerPool();
    final SecurityManager sm = pool.getSecurityManager();
    // create user with personal group as primary group
    try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        createUser(broker, sm, USER1_NAME, USER1_PWD);
        transaction.commit();
    }
    // check that the user is as we expect
    String user1PrimaryGroup = null;
    try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        final Account user1 = sm.getAccount(USER1_NAME);
        user1PrimaryGroup = user1.getPrimaryGroup();
        assertEquals(USER1_NAME, user1PrimaryGroup);
        assertArrayEquals(new String[] { USER1_NAME }, user1.getGroups());
        transaction.commit();
    }
    // attempt to remove the primary group of the user
    try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        sm.deleteGroup(user1PrimaryGroup);
        fail("Should have received: PermissionDeniedException: Account 'user1' still has 'user1' as their primary group!");
        transaction.commit();
    }
}
Also used : DBBroker(org.exist.storage.DBBroker) SecurityManager(org.exist.security.SecurityManager) Txn(org.exist.storage.txn.Txn) BrokerPool(org.exist.storage.BrokerPool)

Example 33 with DBBroker

use of org.exist.storage.DBBroker in project exist by eXist-db.

the class PermissionsFunctionChownTest method teardown.

@After
public void teardown() throws EXistException, PermissionDeniedException, IOException, TriggerException, LockException {
    final BrokerPool pool = existWebServer.getBrokerPool();
    try (final DBBroker broker = pool.get(Optional.of(pool.getSecurityManager().getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        removeDocument(broker, transaction, TestConstants.TEST_COLLECTION_URI.append(USER1_DOC1));
        removeCollection(broker, transaction, TestConstants.TEST_COLLECTION_URI.append(USER1_COL2));
        removeCollection(broker, transaction, TestConstants.TEST_COLLECTION_URI.append(USER1_COL1));
        transaction.commit();
    }
}
Also used : DBBroker(org.exist.storage.DBBroker) Txn(org.exist.storage.txn.Txn) BrokerPool(org.exist.storage.BrokerPool)

Example 34 with DBBroker

use of org.exist.storage.DBBroker in project exist by eXist-db.

the class PermissionsFunctionChownTest method prepareDb.

@BeforeClass
public static void prepareDb() throws EXistException, PermissionDeniedException, IOException, TriggerException {
    final BrokerPool pool = existWebServer.getBrokerPool();
    final SecurityManager sm = pool.getSecurityManager();
    try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        final Collection collection = broker.getOrCreateCollection(transaction, TestConstants.TEST_COLLECTION_URI);
        PermissionFactory.chmod(broker, collection, Optional.of(511), Optional.empty());
        broker.saveCollection(transaction, collection);
        createUser(broker, sm, USER1_NAME, USER1_PWD);
        createUser(broker, sm, USER2_NAME, USER2_PWD);
        createUser(broker, sm, USERRM_NAME, USERRM_PWD);
        final Group otherGroup = new GroupAider(OTHER_GROUP_NAME);
        sm.addGroup(broker, otherGroup);
        final Account user1 = sm.getAccount(USER1_NAME);
        user1.addGroup(OTHER_GROUP_NAME);
        sm.updateAccount(user1);
        final Account user2 = sm.getAccount(USER2_NAME);
        user2.addGroup(OTHER_GROUP_NAME);
        sm.updateAccount(user2);
        transaction.commit();
    }
    try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        removeUser(sm, USERRM_NAME);
        transaction.commit();
    }
}
Also used : DBBroker(org.exist.storage.DBBroker) SecurityManager(org.exist.security.SecurityManager) Collection(org.exist.collections.Collection) Txn(org.exist.storage.txn.Txn) GroupAider(org.exist.security.internal.aider.GroupAider) BrokerPool(org.exist.storage.BrokerPool)

Example 35 with DBBroker

use of org.exist.storage.DBBroker in project exist by eXist-db.

the class PermissionsFunctionChownTest method changeOwner.

private void changeOwner(final Subject execAsUser, final boolean restricted, final XmldbURI uri, final String newOwnerGroup, final String expectedOwnerGroup) throws EXistException, PermissionDeniedException, XPathException {
    final BrokerPool pool = existWebServer.getBrokerPool();
    final boolean prevRestricted = setPosixChownRestricted(restricted);
    final String query = "import module namespace sm = 'http://exist-db.org/xquery/securitymanager';\n" + "sm:chown(xs:anyURI('" + uri.getRawCollectionPath() + "'), '" + newOwnerGroup + "'),\n" + "sm:get-permissions(xs:anyURI('" + uri.getRawCollectionPath() + "'))/sm:permission/(string(@owner), string(@group))";
    try (final DBBroker broker = pool.get(Optional.of(execAsUser))) {
        final XQuery xquery = existWebServer.getBrokerPool().getXQueryService();
        final Sequence result = xquery.execute(broker, query, null);
        assertEquals(2, result.getItemCount());
        final String[] expectedOwnerGroupParts = expectedOwnerGroup.split(":");
        assertEquals(expectedOwnerGroupParts[0], result.itemAt(0).getStringValue());
        if (expectedOwnerGroupParts.length == 2) {
            assertEquals(expectedOwnerGroupParts[1], result.itemAt(1).getStringValue());
        }
    } finally {
        setPosixChownRestricted(prevRestricted);
    }
}
Also used : DBBroker(org.exist.storage.DBBroker) XQuery(org.exist.xquery.XQuery) Sequence(org.exist.xquery.value.Sequence) BrokerPool(org.exist.storage.BrokerPool)

Aggregations

DBBroker (org.exist.storage.DBBroker)468 BrokerPool (org.exist.storage.BrokerPool)304 Txn (org.exist.storage.txn.Txn)219 Sequence (org.exist.xquery.value.Sequence)185 Test (org.junit.Test)170 XQuery (org.exist.xquery.XQuery)108 Collection (org.exist.collections.Collection)93 TransactionManager (org.exist.storage.txn.TransactionManager)70 EXistException (org.exist.EXistException)66 StringInputSource (org.exist.util.StringInputSource)66 PermissionDeniedException (org.exist.security.PermissionDeniedException)44 Source (org.exist.source.Source)42 StringSource (org.exist.source.StringSource)41 XmldbURI (org.exist.xmldb.XmldbURI)41 CompiledXQuery (org.exist.xquery.CompiledXQuery)39 IOException (java.io.IOException)38 QName (org.exist.dom.QName)37 LockedDocument (org.exist.dom.persistent.LockedDocument)36 Database (org.exist.Database)35 XPathException (org.exist.xquery.XPathException)30