Examples of org.exist.xmldb.UserManagementService

• org.exist.xmldb.UserManagementService
  An eXist-specific service which provides methods to manage users and permissions. @author Wolfgang Meier @author Modified by {Marco.Tampucci, Massimo.Martinelli} @isti.cnr.it @author Adam Retter

        final Collection copyOfSub = copyOfSource.getChildCollection("sub");
        assertNotNull(copyOfSub);
        assertEquals(1, copyOfSub.listResources().length);

        //collection should be owned by test3:guest, i.e. permissions were not preserved from the test1 users doc /db/securityTest3/source
        UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
        Permission permissions = ums.getPermissions(copyOfSource);
        assertEquals("test3", permissions.getOwner().getName());
        assertEquals("guest", permissions.getGroup().getName());

        //resource in collection should be owned by test3:guest, i.e. permissions were not preserved from the test1 users doc /db/securityTest3/source/source1.xml
        ums = (UserManagementService) copyOfSource.getService("UserManagementService", "1.0");
        final Resource resCopyOfSource1 = copyOfSource.getResource("source1.xml");
        permissions = ums.getPermissions(resCopyOfSource1);
        assertEquals("test3", permissions.getOwner().getName());
        assertEquals("guest", permissions.getGroup().getName());

        //resource in collection should be owned by test3:guest, i.e. permissions were not preserved from the test1 users doc /db/securityTest3/source/source2.xml
        final Resource resCopyOfSource2 = copyOfSource.getResource("source2.xml");
        permissions = ums.getPermissions(resCopyOfSource2);
        assertEquals("test3", permissions.getOwner().getName());
        assertEquals("guest", permissions.getGroup().getName());

        //sub-collection should be owned by test3:guest, i.e. permissions were not preserved from the test1 users doc /db/securityTest3/source/sub
        ums = (UserManagementService)copyOfSub.getService("UserManagementService", "1.0");
        permissions = ums.getPermissions(copyOfSub);
        assertEquals("test3", permissions.getOwner().getName());
        assertEquals("guest", permissions.getGroup().getName());

        //sub-collection/resource should be owned by test3:guest, i.e. permissions were not preserved from the test1 users doc /db/securityTest3/source/sub/sub1.xml
        final Resource resCopyOfSub1 = copyOfSub.getResource("sub1.xml");
        permissions = ums.getPermissions(resCopyOfSub1);
        assertEquals("test3", permissions.getOwner().getName());
        assertEquals("guest", permissions.getGroup().getName());
    }

        resSource.setContent("<test2/>");
        source.storeResource(resSource);

        //pre-create the destination and set writable by all
        final Collection dest = cms.createCollection("copy-of-source");
        UserManagementService ums = (UserManagementService) dest.getService("UserManagementService", "1.0");
        ums.chmod(0777);

        //pre-create a destination resource and set access for all
        Resource resDestSource1 = dest.createResource("source1.xml", XMLResource.RESOURCE_TYPE);
        resDestSource1.setContent("<old/>");
        dest.storeResource(resDestSource1);
        ums.chmod(resDestSource1, 0777);

        //as the 'test3' user copy the collection
        test = DatabaseManager.getCollection(baseUri + "/db/securityTest3", "test3", "test3");
        cms = (CollectionManagementServiceImpl) test.getService("CollectionManagementService", "1.0");
        cms.copy("/db/securityTest3/source", "/db/securityTest3", "copy-of-source");

        final Collection copyOfSource = test.getChildCollection("copy-of-source");
        assertNotNull(copyOfSource);
        assertEquals(2, copyOfSource.listResources().length);
        ums = (UserManagementService) copyOfSource.getService("UserManagementService", "1.0");

        //permissions should NOT have changed as the dest already existed!
        Permission permissions = ums.getPermissions(copyOfSource);
        assertEquals("test1", permissions.getOwner().getName());
        assertEquals("users", permissions.getGroup().getName());

        final Resource resCopyOfSource1 = copyOfSource.getResource("source1.xml");
        assertEquals("<test1/>", resCopyOfSource1.getContent().toString());

        //permissions should NOT have changed as the dest resource already existed!
        permissions = ums.getPermissions(resCopyOfSource1);
        assertEquals("test1", permissions.getOwner().getName());
        assertEquals("users", permissions.getGroup().getName());

        final Resource resCopyOfSource2 = copyOfSource.getResource("source2.xml");
        assertEquals("<test2/>", resCopyOfSource2.getContent().toString());

        //permissions SHOULD have changed as the dest resource is did NOT exist
        permissions = ums.getPermissions(resCopyOfSource2);
        assertEquals("test3", permissions.getOwner().getName());
        assertEquals("guest", permissions.getGroup().getName());
    }

        Resource xqueryResource = test.createResource("setuid.xquery", "BinaryResource");
        xqueryResource.setContent(xquery);
        test.storeResource(xqueryResource);

        //set the xquery to be owned by 'test1' and set it 'setuid', and set it 'rx' by 'users' group so 'test2' can execute it!
        UserManagementService ums = (UserManagementService)test.getService("UserManagementService", "1.0");
        xqueryResource = test.getResource("setuid.xquery");
        ums.chmod(xqueryResource, 04750);

        //create a collection for the XQuery to write into
        final CollectionManagementService cms = (CollectionManagementService)test.getService("CollectionManagementService", "1.0");
        final Collection colForSetUid = cms.createCollection("forSetUidWrite");

        //only allow the user 'test1' to write into the collection
        ums = (UserManagementService)colForSetUid.getService("UserManagementService", "1.0");
        ums.chmod(0700);

        //execute the XQuery as the 'test2' user... it should become 'setuid' of 'test1' and succeed.
        final Collection test2 = DatabaseManager.getCollection(baseUri + "/db/securityTest1", "test2", "test2");
        final XPathQueryServiceImpl queryService = (XPathQueryServiceImpl)test2.getService("XPathQueryService", "1.0");
        final ResourceSet result = queryService.executeStoredQuery("/db/securityTest1/setuid.xquery");

        Resource xqueryResource = test.createResource("not_setuid.xquery", "BinaryResource");
        xqueryResource.setContent(xquery);
        test.storeResource(xqueryResource);

        //set the xquery to be owned by 'test1' and do NOT set it 'setuid', and do set it 'rx' by 'users' group so 'test2' can execute it!
        UserManagementService ums = (UserManagementService)test.getService("UserManagementService", "1.0");
        xqueryResource = test.getResource("not_setuid.xquery");
        ums.chmod(xqueryResource, 00750); //NOT SETUID

        //create a collection for the XQuery to write into
        final CollectionManagementService cms = (CollectionManagementService)test.getService("CollectionManagementService", "1.0");
        final Collection colForSetUid = cms.createCollection("forSetUidWrite");

        //only allow the user 'test1' to write into the collection
        ums = (UserManagementService)colForSetUid.getService("UserManagementService", "1.0");
        ums.chmod(0700);

        //execute the XQuery as the 'test2' user... it should become 'setuid' of 'test1' and succeed.
        final Collection test2 = DatabaseManager.getCollection(baseUri + "/db/securityTest1", "test2", "test2");
        final XPathQueryServiceImpl queryService = (XPathQueryServiceImpl)test2.getService("XPathQueryService", "1.0");
        final ResourceSet result = queryService.executeStoredQuery("/db/securityTest1/not_setuid.xquery");

        Resource xqueryResource = test.createResource("setgid.xquery", "BinaryResource");
        xqueryResource.setContent(xquery);
        test.storeResource(xqueryResource);

        //set the xquery to be owned by 'test1':'users' and set it 'setgid', and set it 'rx' by ohers, so 'test3' can execute it!
        UserManagementService ums = (UserManagementService)test.getService("UserManagementService", "1.0");
        xqueryResource = test.getResource("setgid.xquery");
        ums.chown(xqueryResource, ums.getAccount("test1"), "users");
        ums.chmod(xqueryResource, 02705); //setgid

        //create a collection for the XQuery to write into
        final CollectionManagementService cms = (CollectionManagementService)test.getService("CollectionManagementService", "1.0");
        final Collection colForSetUid = cms.createCollection("forSetGidWrite");

        //only allow the group 'users' to write into the collection
        ums = (UserManagementService)colForSetUid.getService("UserManagementService", "1.0");
        ums.chmod(0570);

        //execute the XQuery as the 'test3' user... it should become 'setgid' of 'users' and succeed.
        final Collection test3 = DatabaseManager.getCollection(baseUri + "/db/securityTest2", "test3", "test3");
        final XPathQueryServiceImpl queryService = (XPathQueryServiceImpl)test3.getService("XPathQueryService", "1.0");
        final ResourceSet result = queryService.executeStoredQuery("/db/securityTest2/setgid.xquery");

        Resource xqueryResource = test.createResource("not_setgid.xquery", "BinaryResource");
        xqueryResource.setContent(xquery);
        test.storeResource(xqueryResource);

        //set the xquery to be owned by 'test1':'users' and set it 'setgid', and set it 'rx' by ohers, so 'test3' can execute it!
        UserManagementService ums = (UserManagementService)test.getService("UserManagementService", "1.0");
        xqueryResource = test.getResource("not_setgid.xquery");
        ums.chmod(xqueryResource, 00705); //NOT setgid

        //create a collection for the XQuery to write into
        final CollectionManagementService cms = (CollectionManagementService)test.getService("CollectionManagementService", "1.0");
        final Collection colForSetUid = cms.createCollection("forSetGidWrite");

        //only allow the group 'users' to write into the collection
        ums = (UserManagementService)colForSetUid.getService("UserManagementService", "1.0");
        ums.chmod(0070);

        //execute the XQuery as the 'test3' user... it should become 'setgid' of 'users' and succeed.
        final Collection test3 = DatabaseManager.getCollection(baseUri + "/db/securityTest2", "test3", "test3");
        final XPathQueryServiceImpl queryService = (XPathQueryServiceImpl)test3.getService("XPathQueryService", "1.0");
        final ResourceSet result = queryService.executeStoredQuery("/db/securityTest2/not_setgid.xquery");

        final Collection test = DatabaseManager.getCollection(baseUri + "/db/securityTest2", "test1", "test1");
        CollectionManagementService cms = (CollectionManagementService)test.getService("CollectionManagementService", "1.0");

        //create /db/securityTest2/parentCollection with owner "test1:users" and mode "rwxr--rwx"
        Collection parentCollection = cms.createCollection("parentCollection");
        UserManagementService ums = (UserManagementService)parentCollection.getService("UserManagementService", "1.0");
        ums.chmod("rwxr--rwx");

        //now create the sub-collection /db/securityTest2/parentCollection/subCollection1
        //as "user3:guest", it should have it's group set to the primary group of user3 i.e. 'guest'
        //as the collection is NOT setUid and it should NOT have the setGid bit set
        parentCollection = DatabaseManager.getCollection(baseUri + "/db/securityTest2/parentCollection", "test3", "test3");
        ums = (UserManagementService)parentCollection.getService("UserManagementService", "1.0");
        cms = (CollectionManagementService)parentCollection.getService("CollectionManagementService", "1.0");
        final Collection subCollection = cms.createCollection("subCollection1");

        final Permission permissions = ums.getPermissions(subCollection);
        assertEquals("guest", permissions.getGroup().getName());
        assertFalse(permissions.isSetGid());
    }

        final Collection test = DatabaseManager.getCollection(baseUri + "/db/securityTest2", "test1", "test1");
        CollectionManagementService cms = (CollectionManagementService)test.getService("CollectionManagementService", "1.0");

        //create /db/securityTest2/parentCollection with owner "test1:users" and mode "rwxrwsrwx"
        Collection parentCollection = cms.createCollection("parentCollection");
        UserManagementService ums = (UserManagementService)parentCollection.getService("UserManagementService", "1.0");
        ums.chmod("rwxrwsrwx");

        //now create the sub-collection /db/securityTest2/parentCollection/subCollection1
        //it should inherit the group ownership 'users' from the parent collection which is setGid
        //and it should inherit the setGid bit
        parentCollection = DatabaseManager.getCollection(baseUri + "/db/securityTest2/parentCollection", "test3", "test3");
        ums = (UserManagementService)parentCollection.getService("UserManagementService", "1.0");
        cms = (CollectionManagementService)parentCollection.getService("CollectionManagementService", "1.0");
        final Collection subCollection = cms.createCollection("subCollection1");

        final Permission permissions = ums.getPermissions(subCollection);
        assertEquals("users", permissions.getGroup().getName());
        assertTrue(permissions.isSetGid());
    }

        final Collection test = DatabaseManager.getCollection(baseUri + "/db/securityTest2", "test1", "test1");
        CollectionManagementService cms = (CollectionManagementService)test.getService("CollectionManagementService", "1.0");

        //create /db/securityTest2/parentCollection with owner "test1:users" and mode "rwxrwxrwx"
        Collection parentCollection = cms.createCollection("parentCollection");
        UserManagementService ums = (UserManagementService)parentCollection.getService("UserManagementService", "1.0");
        ums.chmod("rwxrwxrwx");

        //now create the sub-resource /db/securityTest2/parentCollection/test.xml
        //as "user3:guest", it should have it's group set to the primary group of user3 i.e. 'guest'
        //as the collection is NOT setGid, the file should NOT have the setGid bit set
        parentCollection = DatabaseManager.getCollection(baseUri + "/db/securityTest2/parentCollection", "test3", "test3");
        ums = (UserManagementService)parentCollection.getService("UserManagementService", "1.0");
        Resource resource = parentCollection.createResource("test.xml", XMLResource.RESOURCE_TYPE);
        resource.setContent("<test/>");
        parentCollection.storeResource(resource);

        final Permission permissions = ums.getPermissions(resource);
        assertEquals("guest", permissions.getGroup().getName());
        assertFalse(permissions.isSetGid());
    }

        final Collection test = DatabaseManager.getCollection(baseUri + "/db/securityTest2", "test1", "test1");
        CollectionManagementService cms = (CollectionManagementService)test.getService("CollectionManagementService", "1.0");

        //create /db/securityTest2/parentCollection with owner "test1:users" and mode "rwxrwsrwx"
        Collection parentCollection = cms.createCollection("parentCollection");
        UserManagementService ums = (UserManagementService)parentCollection.getService("UserManagementService", "1.0");
        ums.chmod("rwxrwsrwx");

        //now as "test3:guest" create the sub-resource /db/securityTest2/parentCollection/test.xml
        //it should inherit the group ownership 'users' from the parent which is setGid
        //but it should not inherit the setGid bit as it is a resource
        parentCollection = DatabaseManager.getCollection(baseUri + "/db/securityTest2/parentCollection", "test3", "test3");
        ums = (UserManagementService)parentCollection.getService("UserManagementService", "1.0");
        Resource resource = parentCollection.createResource("test.xml", XMLResource.RESOURCE_TYPE);
        resource.setContent("<test/>");
        parentCollection.storeResource(resource);

        final Permission permissions = ums.getPermissions(resource);
        assertEquals("users", permissions.getGroup().getName());
        assertFalse(permissions.isSetGid());
    }