Example 91 with App
use of org.structr.core.app.App in project structr by structr.
the class SnapshotCommand method purgeLocalSchema.
private void purgeLocalSchema() throws FrameworkException {
final App app = StructrApp.getInstance();
// isolate write output
try (final Tx tx = app.tx()) {
try {
final JsonSchema schema = StructrSchema.createEmptySchema();
StructrSchema.replaceDatabaseSchema(app, schema);
} catch (InvalidSchemaException iex) {
throw new FrameworkException(422, iex.getMessage());
}
tx.success();
} catch (URISyntaxException use) {
logger.warn("", use);
}
}
Also used :
StructrApp(org.structr.core.app.StructrApp)
App(org.structr.core.app.App)
InvalidSchemaException(org.structr.schema.json.InvalidSchemaException)
Tx(org.structr.core.graph.Tx)
FrameworkException(org.structr.common.error.FrameworkException)
JsonSchema(org.structr.schema.json.JsonSchema)
URISyntaxException(java.net.URISyntaxException)
Example 92 with App
use of org.structr.core.app.App in project structr by structr.
the class GetOrCreateFunction method apply.
@Override
public Object apply(final ActionContext ctx, final Object caller, final Object[] sources) throws FrameworkException {
try {
if (sources == null) {
throw new IllegalArgumentException();
}
final SecurityContext securityContext = ctx.getSecurityContext();
final ConfigurationProvider config = StructrApp.getConfiguration();
final App app = StructrApp.getInstance(securityContext);
final PropertyMap properties = new PropertyMap();
// the type to query for
Class type = null;
if (sources.length >= 1 && sources[0] != null) {
final String typeString = sources[0].toString();
type = config.getNodeEntityClass(typeString);
if (type == null) {
logger.warn("Error in get_or_create(): type \"{}\" not found.", typeString);
return ERROR_MESSAGE_TYPE_NOT_FOUND + typeString;
}
}
// exit gracefully instead of crashing..
if (type == null) {
logger.warn("Error in get_or_create(): no type specified. Parameters: {}", getParametersAsString(sources));
return ERROR_MESSAGE_NO_TYPE_SPECIFIED;
}
// experimental: disable result count, prevents instantiation
// of large collections just for counting all the objects..
securityContext.ignoreResultCount(true);
// extension for native javascript objects
if (sources.length == 2 && sources[1] instanceof Map) {
properties.putAll(PropertyMap.inputTypeToJavaType(securityContext, type, (Map) sources[1]));
} else {
final int parameter_count = sources.length;
if (parameter_count % 2 == 0) {
throw new FrameworkException(400, "Invalid number of parameters: " + parameter_count + ". Should be uneven: " + ERROR_MESSAGE_GET_OR_CREATE);
}
for (int c = 1; c < parameter_count; c += 2) {
if (sources[c] == null) {
throw new IllegalArgumentException();
}
final PropertyKey key = StructrApp.key(type, sources[c].toString());
if (key != null) {
final PropertyConverter inputConverter = key.inputConverter(securityContext);
Object value = sources[c + 1];
if (inputConverter != null) {
value = inputConverter.convert(value);
}
properties.put(key, value);
}
}
}
final GraphObject obj = app.nodeQuery(type).disableSorting().pageSize(1).and(properties).getFirst();
if (obj != null) {
// return existing object
return obj;
}
// create new object
return app.create(type, properties);
} catch (final IllegalArgumentException e) {
logParameterError(caller, sources, ctx.isJavaScriptContext());
return usage(ctx.isJavaScriptContext());
}
}
Also used :
StructrApp(org.structr.core.app.StructrApp)
App(org.structr.core.app.App)
FrameworkException(org.structr.common.error.FrameworkException)
ConfigurationProvider(org.structr.schema.ConfigurationProvider)
GraphObject(org.structr.core.GraphObject)
PropertyMap(org.structr.core.property.PropertyMap)
SecurityContext(org.structr.common.SecurityContext)
PropertyConverter(org.structr.core.converter.PropertyConverter)
GraphObject(org.structr.core.GraphObject)
PropertyMap(org.structr.core.property.PropertyMap)
Map(java.util.Map)
PropertyKey(org.structr.core.property.PropertyKey)
Example 93 with App
use of org.structr.core.app.App in project structr by structr.
the class AccessControlTest method testGroupMembershipVisibility.
@Test
public void testGroupMembershipVisibility() {
Principal user1 = null;
Principal user2 = null;
Group group = null;
try (final Tx tx = app.tx()) {
user1 = createTestNode(Principal.class, "user1");
user2 = createTestNode(Principal.class, "user2");
tx.success();
} catch (FrameworkException t) {
logger.warn("", t);
fail("Unexpected exception.");
}
final SecurityContext user1Context = SecurityContext.getInstance(user1, AccessMode.Backend);
final App user1App = StructrApp.getInstance(user1Context);
try (final Tx tx = user1App.tx()) {
group = user1App.create(Group.class, "group");
user1App.create(TestOne.class, "testone");
assertEquals("Invalid group owner", user1, group.getOwnerNode());
tx.success();
} catch (FrameworkException t) {
logger.warn("", t);
fail("Unexpected exception.");
}
try (final Tx tx = user1App.tx()) {
final TestOne test = user1App.nodeQuery(TestOne.class).getFirst();
assertNotNull(test);
test.grant(Permission.read, group);
tx.success();
} catch (FrameworkException t) {
logger.warn("", t);
fail("Unexpected exception.");
}
// ################################################################################################################
// user2 is not yet member of the group, so
// it should not be possible to access the object
final SecurityContext user2Context = SecurityContext.getInstance(user2, AccessMode.Backend);
final App user2App = StructrApp.getInstance(user2Context);
try (final Tx tx = user2App.tx()) {
final TestOne test = user2App.nodeQuery(TestOne.class).getFirst();
assertNull(test);
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
fail("Unexpected exception.");
}
try (final Tx tx = user1App.tx()) {
group.addMember(user2);
tx.success();
} catch (FrameworkException t) {
logger.warn("", t);
fail("Unexpected exception.");
}
try (final Tx tx = user2App.tx()) {
final TestOne test = user2App.nodeQuery(TestOne.class).getFirst();
assertNotNull("Group should be readable for members", test);
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
fail("Unexpected exception.");
}
try (final Tx tx = user2App.tx()) {
final TestOne test = user2App.nodeQuery(TestOne.class).getFirst();
assertNotNull("Group should be readable for members", test);
test.setProperty(TestOne.name, "newname");
tx.success();
fail("User should not be able to write an object that it doesn't own.");
} catch (FrameworkException fex) {
assertEquals("Invalid group permissions result", 403, fex.getStatus());
assertEquals("Invalid group permissions result", "Modification not permitted.", fex.getMessage());
}
try (final Tx tx = user1App.tx()) {
final TestOne test = app.nodeQuery(TestOne.class).getFirst();
assertNotNull("Group should be readable for members", test);
test.grant(Permission.write, group);
tx.success();
} catch (FrameworkException t) {
logger.warn("", t);
fail("Unexpected exception.");
}
try (final Tx tx = user2App.tx()) {
final TestOne test = user2App.nodeQuery(TestOne.class).getFirst();
assertNotNull("Group should be readable for members", test);
test.setProperty(TestOne.name, "newname");
tx.success();
} catch (FrameworkException fex) {
logger.warn("", fex);
fail("Unexpected exception.");
}
}
Also used :
StructrApp(org.structr.core.app.StructrApp)
App(org.structr.core.app.App)
Group(org.structr.core.entity.Group)
Tx(org.structr.core.graph.Tx)
FrameworkException(org.structr.common.error.FrameworkException)
TestOne(org.structr.core.entity.TestOne)
Principal(org.structr.core.entity.Principal)
Test(org.junit.Test)
Example 94 with App
use of org.structr.core.app.App in project structr by structr.
the class AccessControlTest method test01WriteAccess.
@Test
public void test01WriteAccess() {
// remove auto-generated resource access objects
clearResourceAccess();
try {
final Principal owner = createTestNode(Principal.class);
final Principal user = createTestNode(Principal.class);
// create new node
final TestOne t1 = createTestNode(TestOne.class, owner);
final SecurityContext ownerContext = SecurityContext.getInstance(owner, AccessMode.Frontend);
final SecurityContext userContext = SecurityContext.getInstance(user, AccessMode.Frontend);
final App ownerAppContext = StructrApp.getInstance(ownerContext);
final App userAppContext = StructrApp.getInstance(userContext);
// test with owner, expect success
try (final Tx tx = ownerAppContext.tx()) {
final TestOne t = StructrApp.getInstance(ownerContext).nodeQuery(TestOne.class).getFirst();
assertNotNull(t);
t.setProperty(TestOne.aString, "aString");
assertEquals("aString", t.getProperty(TestOne.aString));
tx.success();
}
// test with foreign user, expect failure, node should not be found
try (final Tx tx = userAppContext.tx()) {
// node should not be found
assertNull(StructrApp.getInstance(userContext).nodeQuery(TestOne.class).getFirst());
tx.success();
}
// test with foreign user, expect failure, node should not be found
try (final Tx tx = ownerAppContext.tx()) {
// make node visible to user
t1.grant(Permission.read, user);
tx.success();
}
// try to grant read permissions in user context, should fail because user doesn't have access control permission
try (final Tx tx = userAppContext.tx()) {
try {
final TestOne t = StructrApp.getInstance(userContext).nodeQuery(TestOne.class).getFirst();
t.grant(Permission.read, user);
fail("Non-owner should not be allowed to change permissions on object");
} catch (FrameworkException fex) {
// expect status 403 forbidden
assertEquals(fex.getStatus(), 403);
}
tx.success();
}
// try to grant read permissions in owner context, should succeed (?)
try (final Tx tx = ownerAppContext.tx()) {
// important lesson here: the context under which the node is constructed defines the security context
final TestOne t = StructrApp.getInstance(ownerContext).nodeQuery(TestOne.class).getFirst();
t.grant(Permission.accessControl, user);
tx.success();
}
// test with foreign user, expect failure
try (final Tx tx = userAppContext.tx()) {
final TestOne t = StructrApp.getInstance(userContext).nodeQuery(TestOne.class).getFirst();
// node should be found because it's public
assertNotNull(t);
// setProperty should fail because of missing write permissions
try {
t.setProperty(TestOne.aString, "aString");
fail("setProperty should not be allowed for non-owner on publicly visible nodes");
} catch (FrameworkException fex) {
// expect status 403 forbidden
assertEquals(fex.getStatus(), 403);
}
tx.success();
}
// grant write
try (final Tx tx = app.tx()) {
// make t1 visible to public users explicitely
t1.setProperty(GraphObject.visibleToPublicUsers, true);
tx.success();
}
} catch (FrameworkException ex) {
logger.warn("", ex);
fail("Unexpected exception");
}
}
Also used :
StructrApp(org.structr.core.app.StructrApp)
App(org.structr.core.app.App)
Tx(org.structr.core.graph.Tx)
FrameworkException(org.structr.common.error.FrameworkException)
TestOne(org.structr.core.entity.TestOne)
Principal(org.structr.core.entity.Principal)
Test(org.junit.Test)
Example 95 with App
use of org.structr.core.app.App in project structr by structr.
the class AccessControlTest method test08WriteAccess.
@Test
public void test08WriteAccess() {
// remove auto-generated resource access objects
clearResourceAccess();
try {
final Principal owner = createTestNode(Principal.class);
// create new node
createTestNode(TestOne.class, owner);
final SecurityContext userContext = SecurityContext.getInstance(owner, AccessMode.Frontend);
final App userApp = StructrApp.getInstance(userContext);
try (final Tx tx = userApp.tx()) {
final TestOne t = StructrApp.getInstance(userContext).nodeQuery(TestOne.class).getFirst();
assertNotNull(t);
t.setProperty(TestOne.aString, "aString");
assertEquals("aString", t.getProperty(TestOne.aString));
tx.success();
}
} catch (FrameworkException ex) {
logger.warn("", ex);
fail("Unexpected exception");
}
}
Also used :
StructrApp(org.structr.core.app.StructrApp)
App(org.structr.core.app.App)
Tx(org.structr.core.graph.Tx)
FrameworkException(org.structr.common.error.FrameworkException)
TestOne(org.structr.core.entity.TestOne)
Principal(org.structr.core.entity.Principal)
Test(org.junit.Test)
Aggregations
App (org.structr.core.app.App)296
StructrApp (org.structr.core.app.StructrApp)294
Tx (org.structr.core.graph.Tx)201
FrameworkException (org.structr.common.error.FrameworkException)176
LinkedList (java.util.LinkedList)60
SecurityContext (org.structr.common.SecurityContext)56
PropertyMap (org.structr.core.property.PropertyMap)41
Folder (org.structr.web.entity.Folder)38
GraphObject (org.structr.core.GraphObject)35
Principal (org.structr.core.entity.Principal)31
IOException (java.io.IOException)30
AbstractFile (org.structr.web.entity.AbstractFile)27
AbstractNode (org.structr.core.entity.AbstractNode)26
Test (org.junit.Test)24
NodeAttribute (org.structr.core.graph.NodeAttribute)24
File (org.structr.web.entity.File)23
NodeInterface (org.structr.core.graph.NodeInterface)22
SchemaNode (org.structr.core.entity.SchemaNode)19
PropertyKey (org.structr.core.property.PropertyKey)17
Map (java.util.Map)16
