Examples of org.exist.security.PermissionDeniedException

• org.exist.security.PermissionDeniedException
  Description of the Class @author Wolfgang Meier @since 24. Juni 2002

        }
    }

    public void removeBinaryResource(final Txn transaction, final DBBroker broker, final XmldbURI uri) throws PermissionDeniedException, LockException, TriggerException {
        if(!getPermissionsNoLock().validate(broker.getSubject(), Permission.WRITE)) {
            throw new PermissionDeniedException("Permission denied to write collection: " + path);
        }

        try {
            getLock().acquire(Lock.READ_LOCK);
            final DocumentImpl doc = getDocument(broker, uri);

            if(doc.isLockedForWrite()) {
                throw new PermissionDeniedException("Document " + doc.getFileURI() + " is locked for write");
            }

            removeBinaryResource(transaction, broker, doc);
        } finally {
            getLock().release(Lock.READ_LOCK);

        }
    }

    public void removeBinaryResource(final Txn transaction, final DBBroker broker, final DocumentImpl doc) throws PermissionDeniedException, LockException, TriggerException {
        if(!getPermissionsNoLock().validate(broker.getSubject(), Permission.WRITE)) {
            throw new PermissionDeniedException("Permission denied to write collection: " + path);
        }

        if(doc == null) {
            return;  //TODO should throw an exception!!! Otherwise we dont know if the document was removed
        }

        try {
            broker.getBrokerPool().getProcessMonitor().startJob(ProcessMonitor.ACTION_REMOVE_BINARY, doc.getFileURI());
            getLock().acquire(Lock.WRITE_LOCK);

            if(doc.getResourceType() != DocumentImpl.BINARY_FILE) {
                throw new PermissionDeniedException("document " + doc.getFileURI() + " is not a binary object");
            }

            if(doc.isLockedForWrite()) {
                throw new PermissionDeniedException("Document " + doc.getFileURI() + " is locked for write");
            }

            doc.getUpdateLock().acquire(Lock.WRITE_LOCK);

            DocumentTriggers trigger = new DocumentTriggers(broker, null, this, isTriggersEnabled() ? getConfiguration(broker) : null);

            trigger.beforeDeleteDocument(broker, transaction, doc);

            try {
               broker.removeBinaryResource(transaction, (BinaryDocument) doc);
            } catch (final IOException ex) {
               throw new PermissionDeniedException("Cannot delete file: " + doc.getURI().toString() + ": " + ex.getMessage(), ex);
            }

            documents.remove(doc.getFileURI().getRawCollectionPath());

            trigger.afterDeleteDocument(broker, transaction, doc.getURI());

     * @throws LockException
     */
    public void store(final Txn transaction, final DBBroker broker, final IndexInfo info, final Node node, boolean privileged) throws EXistException, PermissionDeniedException, TriggerException, SAXException, LockException {

        if(!getPermissionsNoLock().validate(broker.getSubject(), Permission.WRITE)) {
            throw new PermissionDeniedException("Permission denied to write collection: " + path);
        }

        storeXMLInternal(transaction, broker, info, privileged, new StoreBlock() {
            @Override
            public void run() throws EXistException, SAXException {

        checkConfigurationDocument(transaction, broker, docUri);

        final Database db = broker.getBrokerPool();

        if (db.isReadOnly()) {
            throw new PermissionDeniedException("Database is read-only");
        }

        DocumentImpl oldDoc = null;
        boolean oldDocLocked = false;
        try {

     */
    private void checkPermissionsForAddDocument(final DBBroker broker, final DocumentImpl oldDoc) throws LockException, PermissionDeniedException {

        // do we have execute permission on the collection?
        if(!getPermissionsNoLock().validate(broker.getSubject(), Permission.EXECUTE)) {
            throw new PermissionDeniedException("Execute permission is not granted on the Collection.");
        }

        if(oldDoc != null) {

            /* update document */

            LOG.debug("Found old doc " + oldDoc.getDocId());

            // check if the document is locked by another user
            final Account lockUser = oldDoc.getUserLock();
            if(lockUser != null && !lockUser.equals(broker.getSubject())) {
                throw new PermissionDeniedException("The document is locked by user '" + lockUser.getName() + "'.");
            }

            // do we have write permission on the old document or are we the owner of the old document?
            if (!((oldDoc.getPermissions().getOwner().getId() == broker.getSubject().getId()) || (oldDoc.getPermissions().validate(broker.getSubject(), Permission.WRITE)))) {
                throw new PermissionDeniedException("A resource with the same name already exists in the target collection '" + path + "', and you do not have write access on that resource.");
            }
        } else {

            /* create document */

            if(!getPermissionsNoLock().validate(broker.getSubject(), Permission.WRITE)) {
                throw new PermissionDeniedException("Write permission is not granted on the Collection.");
            }
        }
    }

    // Streaming
    public BinaryDocument addBinaryResource(final Txn transaction, final DBBroker broker, final BinaryDocument blob, final InputStream is, final String mimeType, final long size, final Date created, final Date modified) throws EXistException, PermissionDeniedException, LockException, TriggerException, IOException {
        final Database db = broker.getBrokerPool();
        if (db.isReadOnly()) {
            throw new PermissionDeniedException("Database is read-only");
        }
        final XmldbURI docUri = blob.getFileURI();
        //TODO : move later, i.e. after the collection lock is acquired ?
        final DocumentImpl oldDoc = getDocument(broker, docUri);
        try {

      Constructor<? extends MetaData> ctor = backend.getConstructor(Database.class);
      md = ctor.newInstance(manager.getDatabase());
    } catch (Exception e) {
      e.printStackTrace();
      throw new PermissionDeniedException(e);
    }

    inst = this;

    Database db = manager.getDatabase();

     *  Add a new sub-collection to the collection.
     *
     */
    public void addCollection(final DBBroker broker, final Collection child, final boolean isNew) throws PermissionDeniedException {
        if(!getPermissionsNoLock().validate(broker.getSubject(), Permission.WRITE)) {
            throw new PermissionDeniedException("Permission to write to Collection denied for " + this.getURI());
        }

        final XmldbURI childName = child.getURI().lastSegment();
        if(!subCollections.contains(childName)) {
            subCollections.add(childName);

        }
    }

    public boolean hasChildCollection(final DBBroker broker, final XmldbURI path) throws PermissionDeniedException {
        if(!getPermissionsNoLock().validate(broker.getSubject(), Permission.READ)) {
            throw new PermissionDeniedException("Permission denied to read collection: " + path);
        }
        return subCollections.contains(path);
    }

        }
    }

    public List<CollectionEntry> getEntries(final DBBroker broker) throws PermissionDeniedException {
        if(!getPermissionsNoLock().validate(broker.getSubject(), Permission.READ)) {
            throw new PermissionDeniedException("Permission denied to read collection: " + path);
        }
        final List<CollectionEntry> list = new ArrayList<CollectionEntry>();
        final Iterator<XmldbURI> subCollectionIterator = subCollections.iterator();
        while(subCollectionIterator.hasNext()) {
            final XmldbURI subCollectionURI = subCollectionIterator.next();