/*
* eXist Open Source Native XML Database
* Copyright (C) 2001-07 The eXist Project
* http://exist-db.org
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
* $Id$
*/
package org.exist.collections;
import org.exist.EXistException;
import org.exist.collections.triggers.TriggerException;
import org.exist.dom.persistent.DocumentImpl;
import org.exist.security.AuthenticationException;
import org.exist.security.Permission;
import org.exist.security.PermissionDeniedException;
import org.exist.storage.BrokerPool;
import org.exist.storage.DBBroker;
import org.exist.storage.lock.Lock.LockMode;
import org.exist.storage.serializers.Serializer;
import org.exist.storage.txn.TransactionManager;
import org.exist.storage.txn.Txn;
import org.exist.test.ExistEmbeddedServer;
import org.exist.test.TestConstants;
import org.exist.util.DatabaseConfigurationException;
import org.exist.util.LockException;
import org.exist.xmldb.XPathQueryServiceImpl;
import org.exist.xmldb.XmldbURI;
import org.junit.*;
import static org.junit.Assert.*;
import org.xml.sax.SAXException;
import org.xmldb.api.DatabaseManager;
import org.xmldb.api.base.Database;
import org.xmldb.api.base.ResourceSet;
import org.xmldb.api.base.XMLDBException;
import org.xmldb.api.modules.CollectionManagementService;
import java.io.IOException;
import java.util.Optional;
/**
* Creates 3 collections, /db/test/test2, /db/test/test2/test3 and /db/test/test2/test4
* and stores one document into each. Collection /db/test/test2/test3 is only writable for
* the admin user. The test {@link #failingRemoveCollection()} tries to remove this collection
* using the "guest" user account. eXist should detect the missing permissions and properly
* abort the transaction.
*/
public class CollectionRemovalTest {
private final static String DATA =
"<document>" +
" <chapter>" +
" <title>Chapter 1</title>" +
" </chapter>" +
"</document>";
private final static String QUERY1 = "/document/chapter";
private final static String QUERY2 = "//chapter[title = 'Chapter 1']";
@ClassRule
public static final ExistEmbeddedServer existEmbeddedServer = new ExistEmbeddedServer(true, false);
@Test
public void failingRemoveCollection()
throws XMLDBException, PermissionDeniedException, SAXException, EXistException, IOException, AuthenticationException {
doQuery(3);
retrieveDoc(TestConstants.TEST_COLLECTION_URI3);
boolean caughtPermissionDenied = false;
try {
removeCollection(
org.exist.security.SecurityManager.GUEST_USER,
org.exist.security.SecurityManager.GUEST_USER,
TestConstants.TEST_COLLECTION_URI2);
} catch(final PermissionDeniedException e) {
caughtPermissionDenied = true;
}
if(!caughtPermissionDenied) {
fail("Guest user should not have been able to remove the collection");
}
retrieveDoc(TestConstants.TEST_COLLECTION_URI3);
retrieveDoc(TestConstants.TEST_COLLECTION_URI2);
doQuery(3);
}
@Test
public void removeCollection()
throws XMLDBException, PermissionDeniedException, SAXException, EXistException, IOException, AuthenticationException {
doQuery(3);
retrieveDoc(TestConstants.TEST_COLLECTION_URI3);
removeCollection(
org.exist.security.SecurityManager.DBA_USER,
"",
TestConstants.TEST_COLLECTION_URI2);
doQuery(0);
}
private void removeCollection(final String user, final String password, final XmldbURI uri)
throws AuthenticationException, EXistException, PermissionDeniedException, IOException, TriggerException {
Collection test = null;
final BrokerPool pool = existEmbeddedServer.getBrokerPool();
final TransactionManager transact = pool.getTransactionManager();
try(final DBBroker broker = pool.get(Optional.of(pool.getSecurityManager().authenticate(user, password)));
final Txn transaction = transact.beginTransaction()) {
test = broker.openCollection(uri, LockMode.WRITE_LOCK);
broker.removeCollection(transaction, test);
transact.commit(transaction);
} finally {
if (test != null) {
test.release(LockMode.WRITE_LOCK);
}
}
}
private void retrieveDoc(final XmldbURI uri) throws EXistException, PermissionDeniedException, SAXException {
final BrokerPool pool = existEmbeddedServer.getBrokerPool();
try(final DBBroker broker = pool.get(Optional.of(pool.getSecurityManager().getSystemSubject()))) {
Collection test = null;
try {
test = broker.openCollection(uri, LockMode.WRITE_LOCK);
assertNotNull(test);
DocumentImpl doc = test.getDocument(broker, XmldbURI.createInternal("document.xml"));
assertNotNull(doc);
Serializer serializer = broker.getSerializer();
serializer.reset();
String xml = serializer.serialize(doc);
} finally {
if (test != null) {
test.release(LockMode.WRITE_LOCK);
}
}
}
}
private void doQuery(final int expected) throws XMLDBException {
final org.xmldb.api.base.Collection testCollection =
DatabaseManager.getCollection("xmldb:exist://" + TestConstants.TEST_COLLECTION_URI.toString(), "admin", "");
if (testCollection == null) {
return;
}
final XPathQueryServiceImpl service = (XPathQueryServiceImpl)
testCollection.getService("XQueryService", "1.0");
ResourceSet result = service.query(QUERY1);
assertEquals(expected, result.getSize());
result = service.query(QUERY2);
assertEquals(expected, result.getSize());
}
@BeforeClass
public static void startDB() throws DatabaseConfigurationException, EXistException, ClassNotFoundException, IllegalAccessException, InstantiationException, XMLDBException {
// initialize XML:DB driver
final Class<?> cl = Class.forName("org.exist.xmldb.DatabaseImpl");
final Database database = (Database) cl.newInstance();
DatabaseManager.registerDatabase(database);
}
@Before
public void initDB() throws EXistException, DatabaseConfigurationException, PermissionDeniedException, IOException, SAXException, LockException, ClassNotFoundException, IllegalAccessException, InstantiationException, XMLDBException {
final BrokerPool pool = existEmbeddedServer.getBrokerPool();
final TransactionManager transact = pool.getTransactionManager();
try(final DBBroker broker = pool.get(Optional.of(pool.getSecurityManager().getSystemSubject()));
final Txn transaction = transact.beginTransaction()) {
Collection root = broker.getOrCreateCollection(transaction,
TestConstants.TEST_COLLECTION_URI);
assertNotNull(root);
Permission perms = root.getPermissions();
// collection is world-writable
perms.setMode(0744);
broker.saveCollection(transaction, root);
Collection test = broker.getOrCreateCollection(transaction, TestConstants.TEST_COLLECTION_URI2);
assertNotNull(test);
perms = test.getPermissions();
// collection is world-writable
perms.setMode(0744);
broker.saveCollection(transaction, test);
IndexInfo info = test.validateXMLResource(transaction, broker,
XmldbURI.create("document.xml"), DATA);
assertNotNull(info);
test.store(transaction, broker, info, DATA);
Collection childCol1 = broker.getOrCreateCollection(transaction,
TestConstants.TEST_COLLECTION_URI2.append("test4"));
assertNotNull(childCol1);
perms = childCol1.getPermissions();
// collection only accessible to user
perms.setMode(0744);
broker.saveCollection(transaction, childCol1);
info = childCol1.validateXMLResource(transaction, broker,
XmldbURI.create("document.xml"), DATA);
assertNotNull(info);
childCol1.store(transaction, broker, info, DATA);
Collection childCol = broker.getOrCreateCollection(transaction,
TestConstants.TEST_COLLECTION_URI3);
assertNotNull(childCol);
perms = childCol.getPermissions();
// collection only accessible to user
perms.setMode(0700);
broker.saveCollection(transaction, childCol);
info = childCol.validateXMLResource(transaction, broker,
XmldbURI.create("document.xml"), DATA);
assertNotNull(info);
childCol.store(transaction, broker, info, DATA);
transact.commit(transaction);
}
}
@After
public void clearDB() throws XMLDBException {
final org.xmldb.api.base.Collection root =
DatabaseManager.getCollection("xmldb:exist://" + TestConstants.TEST_COLLECTION_URI.toString(), "admin", "");
final CollectionManagementService service = (CollectionManagementService) root.getService("CollectionManagementService", "1.0");
service.removeCollection(".");
}
}