Examples with Resource org.xmldb.api.base.Resource used on opensource projects

Example 26 with Resource

use of org.xmldb.api.base.Resource in project exist by eXist-db.

the class XMLDBSecurityTest method cannotCreateBinaryResourceWithoutWritePermissionOnParentCollection.

@Test(expected = XMLDBException.class)
public void cannotCreateBinaryResourceWithoutWritePermissionOnParentCollection() throws XMLDBException {
    Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    ums.chmod("--x------");
    test.close();
    test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    final Resource resource = test.createResource("other.bin", BinaryResource.RESOURCE_TYPE);
    resource.setContent("binary".getBytes());
    test.storeResource(resource);
}

Example 27 with Resource

use of org.xmldb.api.base.Resource in project exist by eXist-db.

the class XMLDBSecurityTest method ownerChownUidResource.

/**
 * Owner can NOT change the owner uid of a resource
 *
 * As the user 'test1' attempt to change the
 * ownership uid of /db/securityTest1/test.xml
 * to 'test2' user
 */
@Test(expected = XMLDBException.class)
public void ownerChownUidResource() throws XMLDBException {
    final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    final Resource resource = test.getResource("test.xml");
    final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    // attempt to change uid ownership of /db/securityTest1/test.xml to the test2 user
    final Account test2 = ums.getAccount("test2");
    ums.chown(resource, test2);
}

Example 28 with Resource

use of org.xmldb.api.base.Resource in project exist by eXist-db.

the class XMLDBSecurityTest method groupCreateResource.

@Test
public void groupCreateResource() throws XMLDBException {
    final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test2", "test2");
    Resource resource = test.createResource("createdByTest2.xml", XMLResource.RESOURCE_TYPE);
    resource.setContent("<testMe/>");
    test.storeResource(resource);
    resource = test.getResource("createdByTest2.xml");
    assertNotNull(resource);
    assertEquals("<testMe/>", resource.getContent().toString());
}

Example 29 with Resource

use of org.xmldb.api.base.Resource in project exist by eXist-db.

the class XMLDBSecurityTest method groupNonMemberChownGidResource.

/**
 * Group Member can NOT change owner gid of a resource
 * to a group of which we are NOT a member
 *
 * As the user 'test2' (who is in the group users)
 * attempt to change ownership gid of /db/securityTest1/test.xml
 * to the group 'guest' (of which they are NOT a member)
 */
@Test(expected = XMLDBException.class)
public void groupNonMemberChownGidResource() throws XMLDBException {
    final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test2", "test2");
    final Resource resource = test.getResource("test.xml");
    final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    // attempt to take gid ownership of /db/securityTest1/test.xml
    ums.chgrp(resource, "guest");
}

Example 30 with Resource

use of org.xmldb.api.base.Resource in project exist by eXist-db.

the class XMLDBSecurityTest method copyCollectionWithResources_withSubCollectionWithResource_doesNotPreservePermissions.

/**
 * As the 'test1' user, creates the collection and resource:
 *
 *  test1:users /db/securityTest3/source
 *  test1:users /db/securityTest3/source/source1.xml
 *  test1:users /db/securityTest3/source/source2.xml
 *  test1:users /db/securityTest3/source/sub
 *  test1:users /db/securityTest3/source/sub/sub1.xml
 *
 * As the 'test3' user, copy the collection:
 *
 *  /db/securityTest3/source
 *      -> /db/securityTest3/copy-of-source
 */
@Test
public void copyCollectionWithResources_withSubCollectionWithResource_doesNotPreservePermissions() throws XMLDBException {
    Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest3", "test1", "test1");
    EXistCollectionManagementService cms = (EXistCollectionManagementService) test.getService("CollectionManagementService", "1.0");
    // create collection owned by "test1", and group "users" in /db/securityTest3
    Collection source = cms.createCollection("source");
    // create resource owned by "test1", and group "users" in /db/securityTest3/source
    Resource resSource = source.createResource("source1.xml", XMLResource.RESOURCE_TYPE);
    resSource.setContent("<test/>");
    source.storeResource(resSource);
    resSource = source.createResource("source2.xml", XMLResource.RESOURCE_TYPE);
    resSource.setContent("<test/>");
    source.storeResource(resSource);
    // create sub-collection "sub" owned by "test1", and group "users" in /db/securityTest3/source
    CollectionManagementService cms1 = (EXistCollectionManagementService) source.getService("CollectionManagementService", "1.0");
    Collection sub = cms1.createCollection("sub");
    // create resource owned by "test1", and group "users" in /db/securityTest3/source/sub1
    Resource resSub = sub.createResource("sub1.xml", XMLResource.RESOURCE_TYPE);
    resSub.setContent("<test-sub/>");
    sub.storeResource(resSub);
    // as the 'test3' user copy the collection
    test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest3", "test3", "test3");
    cms = (EXistCollectionManagementService) test.getService("CollectionManagementService", "1.0");
    cms.copy("/db/securityTest3/source", "/db/securityTest3", "copy-of-source");
    final Collection copyOfSource = test.getChildCollection("copy-of-source");
    assertNotNull(copyOfSource);
    assertEquals(2, copyOfSource.listResources().length);
    final Collection copyOfSub = copyOfSource.getChildCollection("sub");
    assertNotNull(copyOfSub);
    assertEquals(1, copyOfSub.listResources().length);
    // collection should be owned by test3:guest, i.e. permissions were not preserved from the test1 users doc /db/securityTest3/source
    UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    Permission permissions = ums.getPermissions(copyOfSource);
    assertEquals("test3", permissions.getOwner().getName());
    assertEquals("guest", permissions.getGroup().getName());
    // resource in collection should be owned by test3:guest, i.e. permissions were not preserved from the test1 users doc /db/securityTest3/source/source1.xml
    ums = (UserManagementService) copyOfSource.getService("UserManagementService", "1.0");
    final Resource resCopyOfSource1 = copyOfSource.getResource("source1.xml");
    permissions = ums.getPermissions(resCopyOfSource1);
    assertEquals("test3", permissions.getOwner().getName());
    assertEquals("guest", permissions.getGroup().getName());
    // resource in collection should be owned by test3:guest, i.e. permissions were not preserved from the test1 users doc /db/securityTest3/source/source2.xml
    final Resource resCopyOfSource2 = copyOfSource.getResource("source2.xml");
    permissions = ums.getPermissions(resCopyOfSource2);
    assertEquals("test3", permissions.getOwner().getName());
    assertEquals("guest", permissions.getGroup().getName());
    // sub-collection should be owned by test3:guest, i.e. permissions were not preserved from the test1 users doc /db/securityTest3/source/sub
    ums = (UserManagementService) copyOfSub.getService("UserManagementService", "1.0");
    permissions = ums.getPermissions(copyOfSub);
    assertEquals("test3", permissions.getOwner().getName());
    assertEquals("guest", permissions.getGroup().getName());
    // sub-collection/resource should be owned by test3:guest, i.e. permissions were not preserved from the test1 users doc /db/securityTest3/source/sub/sub1.xml
    final Resource resCopyOfSub1 = copyOfSub.getResource("sub1.xml");
    permissions = ums.getPermissions(resCopyOfSub1);
    assertEquals("test3", permissions.getOwner().getName());
    assertEquals("guest", permissions.getGroup().getName());
}