use of org.exist.xmldb.UserManagementService in project exist by eXist-db.
the class XMLDBSecurityTest method canExecuteXQueryWithOnlyExecutePermissionOnParentCollection.
@Test
public void canExecuteXQueryWithOnlyExecutePermissionOnParentCollection() throws XMLDBException {
Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
final String xquery = "<xquery>{ 1 + 1 }</xquery>";
Resource xqueryResource = test.createResource("test.xquery", BinaryResource.RESOURCE_TYPE);
xqueryResource.setContent(xquery);
test.storeResource(xqueryResource);
ums.chmod("--x------");
// set execute bit on xquery (its off by default!)
ums.chmod(xqueryResource, "rwx------");
test.close();
test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
xqueryResource = test.getResource("test.xquery");
assertEquals(xquery, new String((byte[]) xqueryResource.getContent()));
// execute the stored XQuery
final EXistXPathQueryService queryService = (EXistXPathQueryService) test.getService("XPathQueryService", "1.0");
final ResourceSet result = queryService.executeStoredQuery("/db/securityTest1/test.xquery");
assertEquals("<xquery>2</xquery>", result.getResource(0).getContent());
}
use of org.exist.xmldb.UserManagementService in project exist by eXist-db.
the class XMLDBSecurityTest method ownerAndGroupMemberChownGidCollection.
/**
* Owner can change the owner gid of a collection
* to a group of which they are a member
*
* As the user 'test1' (who is the owner and
* who is in the group 'extusers')
* attempt to change ownership gid of /db/securityTest1
* to the group 'extusers'
*/
@Test
public void ownerAndGroupMemberChownGidCollection() throws XMLDBException {
final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
// attempt to take gid ownership of /db/securityTest1
ums.chgrp("extusers");
final Permission perms = ums.getPermissions(test);
assertEquals("extusers", perms.getGroup().getName());
}
use of org.exist.xmldb.UserManagementService in project exist by eXist-db.
the class XMLDBSecurityTest method copyCollectionWithResources_destResourceExists_destResourceIsNotWritable.
/**
* As the 'test1' user, creates the collection and resource:
*
* test1:users /db/securityTest3/source
* test1:users /db/securityTest3/source/source1.xml
* test1:users /db/securityTest3/source/source2.xml
*
* We then also create the Collection
* test1:users /db/securityTest3/copy-of-source (0777)
* so that the destination (for the copy we are about
* to do) already exists and is writable.
* We then create the resource
* test1:users /db/securityTest/copy-of-source/source1.xml
* and set it so that it is not accessible by anyone
* apart from 'test1' user...
*
* As the 'test3' user, copy the collection:
*
* /db/securityTest3/source
* -> /db/securityTest3/copy-of-source
*
* The test should prove that during a copy, existing
* documents in the dest are replaced as long as the
* dest collection has write permission and that the
* permissions on the dest resource must also be writable
*/
@Test(expected = XMLDBException.class)
public void copyCollectionWithResources_destResourceExists_destResourceIsNotWritable() throws XMLDBException {
Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest3", "test1", "test1");
EXistCollectionManagementService cms = (EXistCollectionManagementService) test.getService("CollectionManagementService", "1.0");
// create collection owned by "test1", and group "users" in /db/securityTest3
Collection source = cms.createCollection("source");
// create resource owned by "test1", and group "users" in /db/securityTest3/source
Resource resSource = source.createResource("source1.xml", XMLResource.RESOURCE_TYPE);
resSource.setContent("<test1/>");
source.storeResource(resSource);
resSource = source.createResource("source2.xml", XMLResource.RESOURCE_TYPE);
resSource.setContent("<test2/>");
source.storeResource(resSource);
// pre-create the destination and set writable by all
final Collection dest = cms.createCollection("copy-of-source");
UserManagementService ums = (UserManagementService) dest.getService("UserManagementService", "1.0");
ums.chmod(0777);
// pre-create a destination resource and set no access to group and others
Resource resDestSource1 = dest.createResource("source1.xml", XMLResource.RESOURCE_TYPE);
resDestSource1.setContent("<old/>");
dest.storeResource(resDestSource1);
ums.chmod(resDestSource1, 0700);
// as the 'test3' user copy the collection
test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest3", "test3", "test3");
cms = (EXistCollectionManagementService) test.getService("CollectionManagementService", "1.0");
cms.copy("/db/securityTest3/source", "/db/securityTest3", "copy-of-source");
final Collection copyOfSource = test.getChildCollection("copy-of-source");
assertNotNull(copyOfSource);
assertEquals(2, copyOfSource.listResources().length);
final Resource resCopyOfSource1 = copyOfSource.getResource("source1.xml");
assertEquals("<test1/>", resCopyOfSource1.getContent().toString());
final Resource resCopyOfSource2 = copyOfSource.getResource("source2.xml");
assertEquals("<test2/>", resCopyOfSource2.getContent().toString());
// TODO check perms are/areNot preserved? on the replaced resource
}
use of org.exist.xmldb.UserManagementService in project exist by eXist-db.
the class XMLDBSecurityTest method ownerChownGidCollection.
/**
* Owner can NOT change the owner gid of a collection
* to a group of which they are not a member
*
* As the user 'test1' attempt to change the
* ownership gid of /db/securityTest1
* to 'guest' group
*/
@Test(expected = XMLDBException.class)
public void ownerChownGidCollection() throws XMLDBException {
final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
// attempt to change gid ownership of /db/securityTest1 to the guest group
ums.chgrp("guest");
}
use of org.exist.xmldb.UserManagementService in project exist by eXist-db.
the class XMLDBSecurityTest method dbaChownGidCollection.
/**
* DBA can change the owner gid of a collection
*
* As the user 'admin' (who is a DBA) attempt to change the
* ownership gid of /db/securityTest1
* to 'guest' group
*/
@Test
public void dbaChownGidCollection() throws XMLDBException {
final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "admin", "");
final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
// attempt to change uid ownership of /db/securityTest1 to the guest group
ums.chgrp("guest");
}
Aggregations