use of org.structr.core.app.App in project structr by structr.
the class SnapshotCommand method purgeLocalSchema.
private void purgeLocalSchema() throws FrameworkException {
final App app = StructrApp.getInstance();
// isolate write output
try (final Tx tx = app.tx()) {
try {
final JsonSchema schema = StructrSchema.createEmptySchema();
StructrSchema.replaceDatabaseSchema(app, schema);
} catch (InvalidSchemaException iex) {
throw new FrameworkException(422, iex.getMessage());
}
tx.success();
} catch (URISyntaxException use) {
logger.warn("", use);
}
}
use of org.structr.core.app.App in project structr by structr.
the class GetOrCreateFunction method apply.
@Override
public Object apply(final ActionContext ctx, final Object caller, final Object[] sources) throws FrameworkException {
try {
if (sources == null) {
throw new IllegalArgumentException();
}
final SecurityContext securityContext = ctx.getSecurityContext();
final ConfigurationProvider config = StructrApp.getConfiguration();
final App app = StructrApp.getInstance(securityContext);
final PropertyMap properties = new PropertyMap();
// the type to query for
Class type = null;
if (sources.length >= 1 && sources[0] != null) {
final String typeString = sources[0].toString();
type = config.getNodeEntityClass(typeString);
if (type == null) {
logger.warn("Error in get_or_create(): type \"{}\" not found.", typeString);
return ERROR_MESSAGE_TYPE_NOT_FOUND + typeString;
}
}
// exit gracefully instead of crashing..
if (type == null) {
logger.warn("Error in get_or_create(): no type specified. Parameters: {}", getParametersAsString(sources));
return ERROR_MESSAGE_NO_TYPE_SPECIFIED;
}
// experimental: disable result count, prevents instantiation
// of large collections just for counting all the objects..
securityContext.ignoreResultCount(true);
// extension for native javascript objects
if (sources.length == 2 && sources[1] instanceof Map) {
properties.putAll(PropertyMap.inputTypeToJavaType(securityContext, type, (Map) sources[1]));
} else {
final int parameter_count = sources.length;
if (parameter_count % 2 == 0) {
throw new FrameworkException(400, "Invalid number of parameters: " + parameter_count + ". Should be uneven: " + ERROR_MESSAGE_GET_OR_CREATE);
}
for (int c = 1; c < parameter_count; c += 2) {
if (sources[c] == null) {
throw new IllegalArgumentException();
}
final PropertyKey key = StructrApp.key(type, sources[c].toString());
if (key != null) {
final PropertyConverter inputConverter = key.inputConverter(securityContext);
Object value = sources[c + 1];
if (inputConverter != null) {
value = inputConverter.convert(value);
}
properties.put(key, value);
}
}
}
final GraphObject obj = app.nodeQuery(type).disableSorting().pageSize(1).and(properties).getFirst();
if (obj != null) {
// return existing object
return obj;
}
// create new object
return app.create(type, properties);
} catch (final IllegalArgumentException e) {
logParameterError(caller, sources, ctx.isJavaScriptContext());
return usage(ctx.isJavaScriptContext());
}
}
use of org.structr.core.app.App in project structr by structr.
the class AccessControlTest method testGroupMembershipVisibility.
@Test
public void testGroupMembershipVisibility() {
Principal user1 = null;
Principal user2 = null;
Group group = null;
try (final Tx tx = app.tx()) {
user1 = createTestNode(Principal.class, "user1");
user2 = createTestNode(Principal.class, "user2");
tx.success();
} catch (FrameworkException t) {
logger.warn("", t);
fail("Unexpected exception.");
}
final SecurityContext user1Context = SecurityContext.getInstance(user1, AccessMode.Backend);
final App user1App = StructrApp.getInstance(user1Context);
try (final Tx tx = user1App.tx()) {
group = user1App.create(Group.class, "group");
user1App.create(TestOne.class, "testone");
assertEquals("Invalid group owner", user1, group.getOwnerNode());
tx.success();
} catch (FrameworkException t) {
logger.warn("", t);
fail("Unexpected exception.");
}
try (final Tx tx = user1App.tx()) {
final TestOne test = user1App.nodeQuery(TestOne.class).getFirst();
assertNotNull(test);
test.grant(Permission.read, group);
tx.success();
} catch (FrameworkException t) {
logger.warn("", t);
fail("Unexpected exception.");
}
// ################################################################################################################
// user2 is not yet member of the group, so
// it should not be possible to access the object
final SecurityContext user2Context = SecurityContext.getInstance(user2, AccessMode.Backend);
final App user2App = StructrApp.getInstance(user2Context);
try (final Tx tx = user2App.tx()) {
final TestOne test = user2App.nodeQuery(TestOne.class).getFirst();
assertNull(test);
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
fail("Unexpected exception.");
}
try (final Tx tx = user1App.tx()) {
group.addMember(user2);
tx.success();
} catch (FrameworkException t) {
logger.warn("", t);
fail("Unexpected exception.");
}
try (final Tx tx = user2App.tx()) {
final TestOne test = user2App.nodeQuery(TestOne.class).getFirst();
assertNotNull("Group should be readable for members", test);
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
fail("Unexpected exception.");
}
try (final Tx tx = user2App.tx()) {
final TestOne test = user2App.nodeQuery(TestOne.class).getFirst();
assertNotNull("Group should be readable for members", test);
test.setProperty(TestOne.name, "newname");
tx.success();
fail("User should not be able to write an object that it doesn't own.");
} catch (FrameworkException fex) {
assertEquals("Invalid group permissions result", 403, fex.getStatus());
assertEquals("Invalid group permissions result", "Modification not permitted.", fex.getMessage());
}
try (final Tx tx = user1App.tx()) {
final TestOne test = app.nodeQuery(TestOne.class).getFirst();
assertNotNull("Group should be readable for members", test);
test.grant(Permission.write, group);
tx.success();
} catch (FrameworkException t) {
logger.warn("", t);
fail("Unexpected exception.");
}
try (final Tx tx = user2App.tx()) {
final TestOne test = user2App.nodeQuery(TestOne.class).getFirst();
assertNotNull("Group should be readable for members", test);
test.setProperty(TestOne.name, "newname");
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
fail("Unexpected exception.");
}
}
use of org.structr.core.app.App in project structr by structr.
the class AccessControlTest method test01WriteAccess.
@Test
public void test01WriteAccess() {
// remove auto-generated resource access objects
clearResourceAccess();
try {
final Principal owner = createTestNode(Principal.class);
final Principal user = createTestNode(Principal.class);
// create new node
final TestOne t1 = createTestNode(TestOne.class, owner);
final SecurityContext ownerContext = SecurityContext.getInstance(owner, AccessMode.Frontend);
final SecurityContext userContext = SecurityContext.getInstance(user, AccessMode.Frontend);
final App ownerAppContext = StructrApp.getInstance(ownerContext);
final App userAppContext = StructrApp.getInstance(userContext);
// test with owner, expect success
try (final Tx tx = ownerAppContext.tx()) {
final TestOne t = StructrApp.getInstance(ownerContext).nodeQuery(TestOne.class).getFirst();
assertNotNull(t);
t.setProperty(TestOne.aString, "aString");
assertEquals("aString", t.getProperty(TestOne.aString));
tx.success();
}
// test with foreign user, expect failure, node should not be found
try (final Tx tx = userAppContext.tx()) {
// node should not be found
assertNull(StructrApp.getInstance(userContext).nodeQuery(TestOne.class).getFirst());
tx.success();
}
// test with foreign user, expect failure, node should not be found
try (final Tx tx = ownerAppContext.tx()) {
// make node visible to user
t1.grant(Permission.read, user);
tx.success();
}
// try to grant read permissions in user context, should fail because user doesn't have access control permission
try (final Tx tx = userAppContext.tx()) {
try {
final TestOne t = StructrApp.getInstance(userContext).nodeQuery(TestOne.class).getFirst();
t.grant(Permission.read, user);
fail("Non-owner should not be allowed to change permissions on object");
} catch (FrameworkException fex) {
// expect status 403 forbidden
assertEquals(fex.getStatus(), 403);
}
tx.success();
}
// try to grant read permissions in owner context, should succeed (?)
try (final Tx tx = ownerAppContext.tx()) {
// important lesson here: the context under which the node is constructed defines the security context
final TestOne t = StructrApp.getInstance(ownerContext).nodeQuery(TestOne.class).getFirst();
t.grant(Permission.accessControl, user);
tx.success();
}
// test with foreign user, expect failure
try (final Tx tx = userAppContext.tx()) {
final TestOne t = StructrApp.getInstance(userContext).nodeQuery(TestOne.class).getFirst();
// node should be found because it's public
assertNotNull(t);
// setProperty should fail because of missing write permissions
try {
t.setProperty(TestOne.aString, "aString");
fail("setProperty should not be allowed for non-owner on publicly visible nodes");
} catch (FrameworkException fex) {
// expect status 403 forbidden
assertEquals(fex.getStatus(), 403);
}
tx.success();
}
// grant write
try (final Tx tx = app.tx()) {
// make t1 visible to public users explicitely
t1.setProperty(GraphObject.visibleToPublicUsers, true);
tx.success();
}
} catch (FrameworkException ex) {
logger.warn("", ex);
fail("Unexpected exception");
}
}
use of org.structr.core.app.App in project structr by structr.
the class AccessControlTest method test08WriteAccess.
@Test
public void test08WriteAccess() {
// remove auto-generated resource access objects
clearResourceAccess();
try {
final Principal owner = createTestNode(Principal.class);
// create new node
createTestNode(TestOne.class, owner);
final SecurityContext userContext = SecurityContext.getInstance(owner, AccessMode.Frontend);
final App userApp = StructrApp.getInstance(userContext);
try (final Tx tx = userApp.tx()) {
final TestOne t = StructrApp.getInstance(userContext).nodeQuery(TestOne.class).getFirst();
assertNotNull(t);
t.setProperty(TestOne.aString, "aString");
assertEquals("aString", t.getProperty(TestOne.aString));
tx.success();
}
} catch (FrameworkException ex) {
logger.warn("", ex);
fail("Unexpected exception");
}
}
Aggregations