use of org.exist.storage.DBBroker in project exist by eXist-db.
the class GroupManagementFunctionRemoveGroupTest method deleteUsersSharingPersonalPrimaryGroup.
@Test
public void deleteUsersSharingPersonalPrimaryGroup() throws PermissionDeniedException, EXistException {
final BrokerPool pool = existWebServer.getBrokerPool();
final SecurityManager sm = pool.getSecurityManager();
// create two users which share a primary group
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
final Group otherGroup1 = createGroup(broker, sm, OTHER_GROUP1_NAME);
Account user1 = createUser(broker, sm, USER1_NAME, USER1_PWD);
addUserToGroup(sm, user1, otherGroup1);
setPrimaryGroup(sm, user1, otherGroup1);
final Account user2 = createUser(broker, sm, USER2_NAME, USER2_PWD);
addUserToGroup(sm, user2, otherGroup1);
setPrimaryGroup(sm, user2, otherGroup1);
transaction.commit();
}
// check that the users are as we expect
String primaryGroup = null;
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
final Account user1 = sm.getAccount(USER1_NAME);
primaryGroup = user1.getPrimaryGroup();
assertEquals(OTHER_GROUP1_NAME, primaryGroup);
final String[] user1Groups = user1.getGroups();
assertArrayEquals(new String[] { OTHER_GROUP1_NAME, USER1_NAME }, user1Groups);
for (final String user1Group : user1Groups) {
assertNotNull(sm.getGroup(user1Group));
}
final Account user2 = sm.getAccount(USER2_NAME);
assertEquals(OTHER_GROUP1_NAME, user2.getPrimaryGroup());
final String[] user2Groups = user2.getGroups();
assertArrayEquals(new String[] { OTHER_GROUP1_NAME, USER2_NAME }, user2Groups);
for (final String user2Group : user2Groups) {
assertNotNull(sm.getGroup(user2Group));
}
transaction.commit();
}
// attempt to remove the primary group of the first user
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
try {
sm.deleteGroup(primaryGroup);
fail("Should have received: PermissionDeniedException: Account 'user1' still has 'otherGroup1' as their primary group!");
} catch (final PermissionDeniedException e) {
// expected
}
transaction.commit();
}
// delete the first user
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
removeUser(sm, USER1_NAME);
transaction.commit();
}
// attempt to remove the primary group of the second user
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
try {
sm.deleteGroup(primaryGroup);
fail("Should have received: PermissionDeniedException: Account 'user2' still has 'otherGroup1' as their primary group!");
} catch (final PermissionDeniedException e) {
// expected
}
transaction.commit();
}
// delete the second user
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
removeUser(sm, USER2_NAME);
transaction.commit();
}
// no users have the group as primary group, so now should be able to delete the group
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
sm.deleteGroup(primaryGroup);
transaction.commit();
}
}
use of org.exist.storage.DBBroker in project exist by eXist-db.
the class GroupManagementFunctionRemoveGroupTest method deleteUsersPersonalPrimaryGroup.
@Test(expected = PermissionDeniedException.class)
public void deleteUsersPersonalPrimaryGroup() throws PermissionDeniedException, EXistException {
final BrokerPool pool = existWebServer.getBrokerPool();
final SecurityManager sm = pool.getSecurityManager();
// create user with personal group as primary group
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
createUser(broker, sm, USER1_NAME, USER1_PWD);
transaction.commit();
}
// check that the user is as we expect
String user1PrimaryGroup = null;
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
final Account user1 = sm.getAccount(USER1_NAME);
user1PrimaryGroup = user1.getPrimaryGroup();
assertEquals(USER1_NAME, user1PrimaryGroup);
assertArrayEquals(new String[] { USER1_NAME }, user1.getGroups());
transaction.commit();
}
// attempt to remove the primary group of the user
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
sm.deleteGroup(user1PrimaryGroup);
fail("Should have received: PermissionDeniedException: Account 'user1' still has 'user1' as their primary group!");
transaction.commit();
}
}
use of org.exist.storage.DBBroker in project exist by eXist-db.
the class PermissionsFunctionChownTest method teardown.
@After
public void teardown() throws EXistException, PermissionDeniedException, IOException, TriggerException, LockException {
final BrokerPool pool = existWebServer.getBrokerPool();
try (final DBBroker broker = pool.get(Optional.of(pool.getSecurityManager().getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
removeDocument(broker, transaction, TestConstants.TEST_COLLECTION_URI.append(USER1_DOC1));
removeCollection(broker, transaction, TestConstants.TEST_COLLECTION_URI.append(USER1_COL2));
removeCollection(broker, transaction, TestConstants.TEST_COLLECTION_URI.append(USER1_COL1));
transaction.commit();
}
}
use of org.exist.storage.DBBroker in project exist by eXist-db.
the class PermissionsFunctionChownTest method prepareDb.
@BeforeClass
public static void prepareDb() throws EXistException, PermissionDeniedException, IOException, TriggerException {
final BrokerPool pool = existWebServer.getBrokerPool();
final SecurityManager sm = pool.getSecurityManager();
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
final Collection collection = broker.getOrCreateCollection(transaction, TestConstants.TEST_COLLECTION_URI);
PermissionFactory.chmod(broker, collection, Optional.of(511), Optional.empty());
broker.saveCollection(transaction, collection);
createUser(broker, sm, USER1_NAME, USER1_PWD);
createUser(broker, sm, USER2_NAME, USER2_PWD);
createUser(broker, sm, USERRM_NAME, USERRM_PWD);
final Group otherGroup = new GroupAider(OTHER_GROUP_NAME);
sm.addGroup(broker, otherGroup);
final Account user1 = sm.getAccount(USER1_NAME);
user1.addGroup(OTHER_GROUP_NAME);
sm.updateAccount(user1);
final Account user2 = sm.getAccount(USER2_NAME);
user2.addGroup(OTHER_GROUP_NAME);
sm.updateAccount(user2);
transaction.commit();
}
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
removeUser(sm, USERRM_NAME);
transaction.commit();
}
}
use of org.exist.storage.DBBroker in project exist by eXist-db.
the class PermissionsFunctionChownTest method changeOwner.
private void changeOwner(final Subject execAsUser, final boolean restricted, final XmldbURI uri, final String newOwnerGroup, final String expectedOwnerGroup) throws EXistException, PermissionDeniedException, XPathException {
final BrokerPool pool = existWebServer.getBrokerPool();
final boolean prevRestricted = setPosixChownRestricted(restricted);
final String query = "import module namespace sm = 'http://exist-db.org/xquery/securitymanager';\n" + "sm:chown(xs:anyURI('" + uri.getRawCollectionPath() + "'), '" + newOwnerGroup + "'),\n" + "sm:get-permissions(xs:anyURI('" + uri.getRawCollectionPath() + "'))/sm:permission/(string(@owner), string(@group))";
try (final DBBroker broker = pool.get(Optional.of(execAsUser))) {
final XQuery xquery = existWebServer.getBrokerPool().getXQueryService();
final Sequence result = xquery.execute(broker, query, null);
assertEquals(2, result.getItemCount());
final String[] expectedOwnerGroupParts = expectedOwnerGroup.split(":");
assertEquals(expectedOwnerGroupParts[0], result.itemAt(0).getStringValue());
if (expectedOwnerGroupParts.length == 2) {
assertEquals(expectedOwnerGroupParts[1], result.itemAt(1).getStringValue());
}
} finally {
setPosixChownRestricted(prevRestricted);
}
}
Aggregations