Examples with App org.structr.core.app.App used on opensource projects

Search in sources :

Example 96 with App

use of org.structr.core.app.App in project structr by structr.

the class AccessControlTest method test09PrivilegeEscalation.

@Test
public void test09PrivilegeEscalation() {
    // remove auto-generated resource access objects
    clearResourceAccess();
    try {
        final Class principalType = StructrApp.getConfiguration().getNodeEntityClass("Principal");
        Principal nonAdmin = (Principal) createTestNode(principalType);
        final PropertyKey<Boolean> isAdminKey = StructrApp.key(principalType, "isAdmin");
        final SecurityContext userContext = SecurityContext.getInstance(nonAdmin, AccessMode.Frontend);
        nonAdmin.setSecurityContext(userContext);
        App userApp = StructrApp.getInstance(userContext);
        try (final Tx tx = userApp.tx()) {
            assertFalse(nonAdmin.isAdmin());
            nonAdmin.setProperty(isAdminKey, true);
            fail("Privilege escalation using setProperty()-method! Non-admin may not set an admin flag!");
            tx.success();
        } catch (FrameworkException ex) {
            assertFalse("Privilege escalation using setProperty()-method! Non-admin may not set an admin flag!", nonAdmin.isAdmin());
        }
        try (final Tx tx = userApp.tx()) {
            assertFalse(nonAdmin.isAdmin());
            PropertyMap props = new PropertyMap();
            props.put(isAdminKey, true);
            nonAdmin.setProperties(userContext, props);
            fail("Privilege escalation using setProperties()-method! Non-admin may not set an admin flag!");
            tx.success();
        } catch (FrameworkException ex) {
            assertFalse("Privilege escalation using setProperties()-method! Non-admin may not set an admin flag!", nonAdmin.isAdmin());
        }
    } catch (FrameworkException ex) {
        fail("Unexpected Exception");
    }
}
Also used : StructrApp(org.structr.core.app.StructrApp) App(org.structr.core.app.App) PropertyMap(org.structr.core.property.PropertyMap) Tx(org.structr.core.graph.Tx) FrameworkException(org.structr.common.error.FrameworkException) Principal(org.structr.core.entity.Principal) Test(org.junit.Test)

Example 97 with App

use of org.structr.core.app.App in project structr by structr.

the class AccessControlTest method testGroupVisibilityForMembers.

@Test
public void testGroupVisibilityForMembers() {
    Principal user1 = null;
    Principal user2 = null;
    Group group = null;
    try (final Tx tx = app.tx()) {
        user1 = createTestNode(Principal.class, "user1");
        user2 = createTestNode(Principal.class, "user2");
        tx.success();
    } catch (FrameworkException t) {
        logger.warn("", t);
        fail("Unexpected exception.");
    }
    final SecurityContext user1Context = SecurityContext.getInstance(user1, AccessMode.Backend);
    final SecurityContext user2Context = SecurityContext.getInstance(user2, AccessMode.Backend);
    final App user1App = StructrApp.getInstance(user1Context);
    final App user2App = StructrApp.getInstance(user2Context);
    try (final Tx tx = user1App.tx()) {
        group = user1App.create(Group.class, "group");
        assertEquals("Invalid group owner", user1, group.getOwnerNode());
        // add user2 to group
        group.addMember(user2);
        tx.success();
    } catch (FrameworkException t) {
        logger.warn("", t);
        fail("Unexpected exception.");
    }
    try (final Tx tx = user2App.tx()) {
        final Group testGroup = user2App.nodeQuery(Group.class).andName("group").getFirst();
        assertNotNull("Group should be readable for members", testGroup);
        assertEquals("Group name should be readable for members", "group", testGroup.getName());
        tx.success();
    } catch (FrameworkException t) {
        logger.warn("", t);
        fail("Unexpected exception.");
    }
    try (final Tx tx = user2App.tx()) {
        final Group testGroup = user2App.nodeQuery(Group.class).andName("group").getFirst();
        assertNotNull("Group should be readable for members", testGroup);
        assertEquals("Group name should be readable for members", "group", testGroup.getName());
        testGroup.setProperty(Group.name, "dontchangeme");
        fail("Griup name should not be writable for members");
        tx.success();
    } catch (FrameworkException t) {
        assertEquals(403, t.getStatus());
        assertEquals("Modification not permitted.", t.getMessage());
    }
}
Also used : StructrApp(org.structr.core.app.StructrApp) App(org.structr.core.app.App) Group(org.structr.core.entity.Group) Tx(org.structr.core.graph.Tx) FrameworkException(org.structr.common.error.FrameworkException) Principal(org.structr.core.entity.Principal) Test(org.junit.Test)

Example 98 with App

use of org.structr.core.app.App in project structr by structr.

the class CustomPermissionQueriesTest method test01SimplePermissionResolutionRead.

@Test
public void test01SimplePermissionResolutionRead() {
    final Class<Principal> principalType = StructrApp.getConfiguration().getNodeEntityClass("Principal");
    Principal user1 = null;
    Class type1 = null;
    try (final Tx tx = app.tx()) {
        // create a test user
        user1 = app.create(principalType, "user1");
        final SchemaNode t1 = app.create(SchemaNode.class, "Type1");
        tx.success();
    } catch (FrameworkException fex) {
        fex.printStackTrace();
        fail("Unexpected exception");
    }
    Assert.assertNotNull("User should have been created", user1);
    try (final Tx tx = app.tx()) {
        type1 = StructrApp.getConfiguration().getNodeEntityClass("Type1");
        Assert.assertNotNull("Node type Type1 should exist.", type1);
        final NodeInterface instance1 = app.create(type1, "instance1OfType1");
        Assert.assertNotNull("Instance of type Type1 should exist", instance1);
        tx.success();
    } catch (FrameworkException fex) {
        fex.printStackTrace();
        fail("Unexpected exception");
    }
    // check access for user1 on instance1
    final App userApp = StructrApp.getInstance(SecurityContext.getInstance(user1, AccessMode.Backend));
    try (final Tx tx = userApp.tx()) {
        Assert.assertNull("User1 should NOT be able to find instance of type Type1", userApp.nodeQuery(type1).getFirst());
        tx.success();
    } catch (FrameworkException fex) {
        fex.printStackTrace();
        fail("Unexpected exception");
    }
    // set custom permission query on user
    try (final Tx tx = userApp.tx()) {
        // query returns always true if user exists
        user1.setProperty(StructrApp.key(Principal.class, "customPermissionQueryRead"), "MATCH (p:Principal {id: {principalUuid}}) RETURN p IS NOT NULL");
        tx.success();
    } catch (FrameworkException fex) {
        fex.printStackTrace();
        fail("Unexpected exception");
    }
    // check access for user1 on instance1
    try (final Tx tx = userApp.tx()) {
        Assert.assertNotNull("User1 should be able to find instance of type Type1", userApp.nodeQuery(type1).getFirst());
        tx.success();
    } catch (FrameworkException fex) {
        fex.printStackTrace();
        fail("Unexpected exception");
    }
    // set custom permission query on user
    try (final Tx tx = userApp.tx()) {
        // query returns always false if user exists
        user1.setProperty(StructrApp.key(Principal.class, "customPermissionQueryRead"), "MATCH (p:Principal {id: {principalUuid}}) RETURN p IS NULL");
        tx.success();
    } catch (FrameworkException fex) {
        fex.printStackTrace();
        fail("Unexpected exception");
    }
    // check access for user1 on instance1
    try (final Tx tx = userApp.tx()) {
        Assert.assertNull("User1 should NOT be able to find instance of type Type1", userApp.nodeQuery(type1).getFirst());
        tx.success();
    } catch (FrameworkException fex) {
        fex.printStackTrace();
        fail("Unexpected exception");
    }
}
Also used : StructrApp(org.structr.core.app.StructrApp) App(org.structr.core.app.App) SchemaNode(org.structr.core.entity.SchemaNode) Tx(org.structr.core.graph.Tx) FrameworkException(org.structr.common.error.FrameworkException) Principal(org.structr.core.entity.Principal) NodeInterface(org.structr.core.graph.NodeInterface) Test(org.junit.Test)

Example 99 with App

use of org.structr.core.app.App in project structr by structr.

the class LicensingTest method createTestNode.

protected <T extends AbstractNode> T createTestNode(final Class<T> type, final PropertyMap props, final Principal owner) throws FrameworkException {
    final App backendApp = StructrApp.getInstance(SecurityContext.getInstance(owner, AccessMode.Backend));
    try (final Tx tx = backendApp.tx()) {
        final T result = backendApp.create(type, props);
        tx.success();
        return result;
    }
}
Also used : StructrApp(org.structr.core.app.StructrApp) App(org.structr.core.app.App) Tx(org.structr.core.graph.Tx)

Example 100 with App

use of org.structr.core.app.App in project structr by structr.

the class ScriptingTest method testGrantViaScripting.

@Test
public void testGrantViaScripting() {
    Settings.LogSchemaOutput.setValue(true);
    // setup phase: create schema nodes
    try (final Tx tx = app.tx()) {
        // create two nodes and associate them with each other
        final SchemaNode sourceNode = createTestNode(SchemaNode.class, "Source");
        final SchemaMethod method = createTestNode(SchemaMethod.class, new NodeAttribute(AbstractNode.name, "doTest01"), new NodeAttribute(SchemaMethod.source, "{ var e = Structr.get('this'); e.grant(Structr.find('Principal')[0], 'read', 'write'); }"));
        sourceNode.setProperty(SchemaNode.schemaMethods, Arrays.asList(new SchemaMethod[] { method }));
        tx.success();
    } catch (FrameworkException fex) {
        fex.printStackTrace();
        fail("Unexpected exception.");
    }
    final ConfigurationProvider config = StructrApp.getConfiguration();
    final Class sourceType = config.getNodeEntityClass("Source");
    Principal testUser = null;
    // create test node as superuser
    try (final Tx tx = app.tx()) {
        app.create(sourceType);
        tx.success();
    } catch (FrameworkException fex) {
        logger.warn("", fex);
        fail("Unexpected exception.");
    }
    // create test user
    try (final Tx tx = app.tx()) {
        testUser = app.create(Principal.class, new NodeAttribute<>(Principal.name, "test"), new NodeAttribute<>(StructrApp.key(Principal.class, "password"), "test"));
        tx.success();
    } catch (FrameworkException fex) {
        logger.warn("", fex);
        fail("Unexpected exception.");
    }
    final App userApp = StructrApp.getInstance(SecurityContext.getInstance(testUser, AccessMode.Backend));
    // first test without grant, expect no test object to be found using the user context
    try (final Tx tx = userApp.tx()) {
        assertEquals("Invalid grant() scripting result", 0, userApp.nodeQuery(sourceType).getAsList().size());
        tx.success();
    } catch (FrameworkException fex) {
        logger.warn("", fex);
        fail("Unexpected exception.");
    }
    // grant read access to test user
    try (final Tx tx = app.tx()) {
        app.nodeQuery(sourceType).getFirst().invokeMethod("doTest01", Collections.EMPTY_MAP, true);
        tx.success();
    } catch (FrameworkException fex) {
        fex.printStackTrace();
        fail("Unexpected exception.");
    }
    // first test without grant, expect no test object to be found using the user context
    try (final Tx tx = userApp.tx()) {
        assertEquals("Invalid grant() scripting result", 1, userApp.nodeQuery(sourceType).getAsList().size());
        tx.success();
    } catch (FrameworkException fex) {
        logger.warn("", fex);
        fail("Unexpected exception.");
    }
}
Also used : App(org.structr.core.app.App) StructrApp(org.structr.core.app.StructrApp) SchemaNode(org.structr.core.entity.SchemaNode) NodeAttribute(org.structr.core.graph.NodeAttribute) Tx(org.structr.core.graph.Tx) SchemaMethod(org.structr.core.entity.SchemaMethod) FrameworkException(org.structr.common.error.FrameworkException) ConfigurationProvider(org.structr.schema.ConfigurationProvider) Principal(org.structr.core.entity.Principal) StructrTest(org.structr.common.StructrTest) Test(org.junit.Test)

Aggregations

App (org.structr.core.app.App)296 StructrApp (org.structr.core.app.StructrApp)294 Tx (org.structr.core.graph.Tx)201 FrameworkException (org.structr.common.error.FrameworkException)176 LinkedList (java.util.LinkedList)60 SecurityContext (org.structr.common.SecurityContext)56 PropertyMap (org.structr.core.property.PropertyMap)41 Folder (org.structr.web.entity.Folder)38 GraphObject (org.structr.core.GraphObject)35 Principal (org.structr.core.entity.Principal)31 IOException (java.io.IOException)30 AbstractFile (org.structr.web.entity.AbstractFile)27 AbstractNode (org.structr.core.entity.AbstractNode)26 Test (org.junit.Test)24 NodeAttribute (org.structr.core.graph.NodeAttribute)24 File (org.structr.web.entity.File)23 NodeInterface (org.structr.core.graph.NodeInterface)22 SchemaNode (org.structr.core.entity.SchemaNode)19 PropertyKey (org.structr.core.property.PropertyKey)17 Map (java.util.Map)16
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial