use of org.xmldb.api.base.Resource in project exist by eXist-db.
the class XMLDBSecurityTest method cannotCreateBinaryResourceWithoutWritePermissionOnParentCollection.
@Test(expected = XMLDBException.class)
public void cannotCreateBinaryResourceWithoutWritePermissionOnParentCollection() throws XMLDBException {
Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
ums.chmod("--x------");
test.close();
test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
final Resource resource = test.createResource("other.bin", BinaryResource.RESOURCE_TYPE);
resource.setContent("binary".getBytes());
test.storeResource(resource);
}
use of org.xmldb.api.base.Resource in project exist by eXist-db.
the class XMLDBSecurityTest method ownerChownUidResource.
/**
* Owner can NOT change the owner uid of a resource
*
* As the user 'test1' attempt to change the
* ownership uid of /db/securityTest1/test.xml
* to 'test2' user
*/
@Test(expected = XMLDBException.class)
public void ownerChownUidResource() throws XMLDBException {
final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
final Resource resource = test.getResource("test.xml");
final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
// attempt to change uid ownership of /db/securityTest1/test.xml to the test2 user
final Account test2 = ums.getAccount("test2");
ums.chown(resource, test2);
}
use of org.xmldb.api.base.Resource in project exist by eXist-db.
the class XMLDBSecurityTest method groupCreateResource.
@Test
public void groupCreateResource() throws XMLDBException {
final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test2", "test2");
Resource resource = test.createResource("createdByTest2.xml", XMLResource.RESOURCE_TYPE);
resource.setContent("<testMe/>");
test.storeResource(resource);
resource = test.getResource("createdByTest2.xml");
assertNotNull(resource);
assertEquals("<testMe/>", resource.getContent().toString());
}
use of org.xmldb.api.base.Resource in project exist by eXist-db.
the class XMLDBSecurityTest method groupNonMemberChownGidResource.
/**
* Group Member can NOT change owner gid of a resource
* to a group of which we are NOT a member
*
* As the user 'test2' (who is in the group users)
* attempt to change ownership gid of /db/securityTest1/test.xml
* to the group 'guest' (of which they are NOT a member)
*/
@Test(expected = XMLDBException.class)
public void groupNonMemberChownGidResource() throws XMLDBException {
final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test2", "test2");
final Resource resource = test.getResource("test.xml");
final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
// attempt to take gid ownership of /db/securityTest1/test.xml
ums.chgrp(resource, "guest");
}
use of org.xmldb.api.base.Resource in project exist by eXist-db.
the class XMLDBSecurityTest method copyCollectionWithResources_withSubCollectionWithResource_doesNotPreservePermissions.
/**
* As the 'test1' user, creates the collection and resource:
*
* test1:users /db/securityTest3/source
* test1:users /db/securityTest3/source/source1.xml
* test1:users /db/securityTest3/source/source2.xml
* test1:users /db/securityTest3/source/sub
* test1:users /db/securityTest3/source/sub/sub1.xml
*
* As the 'test3' user, copy the collection:
*
* /db/securityTest3/source
* -> /db/securityTest3/copy-of-source
*/
@Test
public void copyCollectionWithResources_withSubCollectionWithResource_doesNotPreservePermissions() throws XMLDBException {
Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest3", "test1", "test1");
EXistCollectionManagementService cms = (EXistCollectionManagementService) test.getService("CollectionManagementService", "1.0");
// create collection owned by "test1", and group "users" in /db/securityTest3
Collection source = cms.createCollection("source");
// create resource owned by "test1", and group "users" in /db/securityTest3/source
Resource resSource = source.createResource("source1.xml", XMLResource.RESOURCE_TYPE);
resSource.setContent("<test/>");
source.storeResource(resSource);
resSource = source.createResource("source2.xml", XMLResource.RESOURCE_TYPE);
resSource.setContent("<test/>");
source.storeResource(resSource);
// create sub-collection "sub" owned by "test1", and group "users" in /db/securityTest3/source
CollectionManagementService cms1 = (EXistCollectionManagementService) source.getService("CollectionManagementService", "1.0");
Collection sub = cms1.createCollection("sub");
// create resource owned by "test1", and group "users" in /db/securityTest3/source/sub1
Resource resSub = sub.createResource("sub1.xml", XMLResource.RESOURCE_TYPE);
resSub.setContent("<test-sub/>");
sub.storeResource(resSub);
// as the 'test3' user copy the collection
test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest3", "test3", "test3");
cms = (EXistCollectionManagementService) test.getService("CollectionManagementService", "1.0");
cms.copy("/db/securityTest3/source", "/db/securityTest3", "copy-of-source");
final Collection copyOfSource = test.getChildCollection("copy-of-source");
assertNotNull(copyOfSource);
assertEquals(2, copyOfSource.listResources().length);
final Collection copyOfSub = copyOfSource.getChildCollection("sub");
assertNotNull(copyOfSub);
assertEquals(1, copyOfSub.listResources().length);
// collection should be owned by test3:guest, i.e. permissions were not preserved from the test1 users doc /db/securityTest3/source
UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
Permission permissions = ums.getPermissions(copyOfSource);
assertEquals("test3", permissions.getOwner().getName());
assertEquals("guest", permissions.getGroup().getName());
// resource in collection should be owned by test3:guest, i.e. permissions were not preserved from the test1 users doc /db/securityTest3/source/source1.xml
ums = (UserManagementService) copyOfSource.getService("UserManagementService", "1.0");
final Resource resCopyOfSource1 = copyOfSource.getResource("source1.xml");
permissions = ums.getPermissions(resCopyOfSource1);
assertEquals("test3", permissions.getOwner().getName());
assertEquals("guest", permissions.getGroup().getName());
// resource in collection should be owned by test3:guest, i.e. permissions were not preserved from the test1 users doc /db/securityTest3/source/source2.xml
final Resource resCopyOfSource2 = copyOfSource.getResource("source2.xml");
permissions = ums.getPermissions(resCopyOfSource2);
assertEquals("test3", permissions.getOwner().getName());
assertEquals("guest", permissions.getGroup().getName());
// sub-collection should be owned by test3:guest, i.e. permissions were not preserved from the test1 users doc /db/securityTest3/source/sub
ums = (UserManagementService) copyOfSub.getService("UserManagementService", "1.0");
permissions = ums.getPermissions(copyOfSub);
assertEquals("test3", permissions.getOwner().getName());
assertEquals("guest", permissions.getGroup().getName());
// sub-collection/resource should be owned by test3:guest, i.e. permissions were not preserved from the test1 users doc /db/securityTest3/source/sub/sub1.xml
final Resource resCopyOfSub1 = copyOfSub.getResource("sub1.xml");
permissions = ums.getPermissions(resCopyOfSub1);
assertEquals("test3", permissions.getOwner().getName());
assertEquals("guest", permissions.getGroup().getName());
}
Aggregations