evolvedbinary / elemental / 982

Committed 29 Apr 2025 08:34PM UTC coverage: 56.409% (+0.007%) from 56.402%

Build # 982

Build Type

push

circleci

Committed by

adamretter

Commit Message

[feature] Improve README.md badges

Run Details

28451 of 55847 branches covered (50.94%)

Branch coverage included in aggregate %.

77468 of 131924 relevant lines covered (58.72%)

0.59 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

45.07

/exist-core/src/main/java/org/exist/security/EffectiveSubject.java

/*
 * Elemental
 * Copyright (C) 2024, Evolved Binary Ltd
 *
 * admin@evolvedbinary.com
 * https://www.evolvedbinary.com | https://www.elemental.xyz
 *
 * Use of this software is governed by the Business Source License 1.1
 * included in the LICENSE file and at www.mariadb.com/bsl11.
 *
 * Change Date: 2028-04-27
 *
 * On the date above, in accordance with the Business Source License, use
 * of this software will be governed by the Apache License, Version 2.0.
 *
 * Additional Use Grant: Production use of the Licensed Work for a permitted
 * purpose. A Permitted Purpose is any purpose other than a Competing Use.
 * A Competing Use means making the Software available to others in a commercial
 * product or service that: substitutes for the Software; substitutes for any
 * other product or service we offer using the Software that exists as of the
 * date we make the Software available; or offers the same or substantially
 * similar functionality as the Software.
 *
 * NOTE: Parts of this file contain code from 'The eXist-db Authors'.
 *       The original license header is included below.
 *
 * =====================================================================
 *
 * eXist-db Open Source Native XML Database
 * Copyright (C) 2001 The eXist-db Authors
 *
 * info@exist-db.org
 * http://www.exist-db.org
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */
package org.exist.security;

import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;

import it.unimi.dsi.fastutil.ints.IntOpenHashSet;
import org.exist.config.Configuration;
import org.exist.config.ConfigurationException;
import org.exist.security.internal.RealmImpl;
import org.exist.security.realm.Realm;
import org.exist.storage.DBBroker;

/**
 * Represents an Effective User
 * 
 * This is used during setUid and setGid operations
 * to replace the Subject used by DBBroker
 * with a subject which is potentially a composite
 * of a user and/or group
 * 
 * @author <a href="mailto:adam@existsolutions.com">Adam Retter</a>
 */
public class EffectiveSubject implements Subject {
    private final Account account;
    private final Group group;
    
    public EffectiveSubject(final Account account) {
        this(account, null);
    }
    
    public EffectiveSubject(final Account account, final Group group) {
        this.account = account;
        this.group = group;
    }
    
    @Override
    public String getRealmId() {
        return account.getRealmId();
    }
    
    @Override
    public Realm getRealm() {
        return account.getRealm();
    }
    
    @Override
    public int getId() {
        return account.getId(); //TODO is this correct or need own reserved id?
    }
    
    @Override
    public String getUsername() {
        return account.getUsername();
    }
    
    @Override
    public String getName() {
        return account.getName();
    }
    
    @Override
    public boolean authenticate(final Object credentials) {
        return false;
    }

    //<editor-fold desc="account status">
    @Override
    public boolean isAuthenticated() {
        return false;
    }

    @Override
    public boolean isExternallyAuthenticated() {
        return false;
    }
    
    @Override
    public boolean isAccountNonExpired() {
        return account.isAccountNonExpired();
    }

    @Override
    public boolean isAccountNonLocked() {
        return account.isAccountNonLocked();
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return account.isCredentialsNonExpired();
    }

    @Override
    public boolean isEnabled() {
        return account.isEnabled();
    }
    
    @Override
    public void setEnabled(final boolean enabled) {
        throw new UnsupportedOperationException("You cannot change the Enabled status of the Effective User.");
    }
    //</editor-fold>

    @Override
    public String getSessionId() {
        throw new UnsupportedOperationException("The Effective User has no session!");
    }

    @Override
    public Session getSession() {
        throw new UnsupportedOperationException("The Effective User has no session!");
    }

    //<editor-fold desc="group functions">
    @Override
    public String[] getGroups() {
        if(group != null) {
            final Set<String> groups = new HashSet<>(Arrays.asList(account.getGroups()));
            groups.add(group.getName());
            return groups.toArray(new String[0]);
        } else {
            return account.getGroups();
        }
    }

    @Override
    public int[] getGroupIds() {
        if(group != null) {
            final IntOpenHashSet groupIds = new IntOpenHashSet(account.getGroupIds());
            groupIds.add(group.getId());
            return groupIds.toIntArray();
        } else {
            return account.getGroupIds();
        }
    }

    @Override
    public boolean hasDbaRole() {
        if(group != null) {
            return account.hasDbaRole() || group.getId() == RealmImpl.DBA_GROUP_ID;
        } else {
            return account.hasDbaRole();
        }
    }

    @Override
    public String getPrimaryGroup() {
        return account.getPrimaryGroup();
    }

    @Override
    public Group getDefaultGroup() {
        return account.getDefaultGroup();
    }

    @Override
    public boolean hasGroup(final String group) {
        if(this.group != null) {
            return this.group.getName().equals(group);
        } else {
            return account.hasGroup(group);
        }
    }
    
    @Override
    public Group addGroup(final String name) throws PermissionDeniedException {
        throw new UnsupportedOperationException("You cannot add a group to the Effective User");
    }

    @Override
    public Group addGroup(final Group group) throws PermissionDeniedException {
        throw new UnsupportedOperationException("You cannot add a group to the Effective User");
    }

    @Override
    public void setPrimaryGroup(final Group group) throws PermissionDeniedException {
        throw new UnsupportedOperationException("You cannot add a group to the Effective User");
    }

    @Override
    public void setGroups(final String[] groups) {
        throw new UnsupportedOperationException("You cannot set the groups of the Effective User");
    }
    
    @Override
    public void remGroup(final String group) throws PermissionDeniedException {
        throw new UnsupportedOperationException("You cannot remove a group from the Effective User");
    }
    //</editor-fold>

    @Override
    public void setPassword(final String passwd) {
        throw new UnsupportedOperationException("The Effective User has no password!");
    }

    @Override
    public void setCredential(final Credential credential) {
        throw new UnsupportedOperationException("The Effective User has no credential!");
    }

    @Override
    public String getPassword() {
        throw new UnsupportedOperationException("The Effective User has no password!");
    }

    @Override
    public String getDigestPassword() {
        throw new UnsupportedOperationException("The Effective User has no password!");
    }

    @Override
    public void assertCanModifyAccount(final Account user) throws PermissionDeniedException {
        throw new PermissionDeniedException("The Effective User account cannot be modified");
    }

    @Override
    public int getUserMask() {
        return account.getUserMask();
    }

    @Override
    public void setUserMask(final int umask) {
        throw new UnsupportedOperationException("You cannot set the UserMask of the Effective User");
    }
    
    //<editor-fold desc="metadata">
    @Override
    public String getMetadataValue(final SchemaType schemaType) {
        return account.getMetadataValue(schemaType);
    }

    @Override
    public Set<SchemaType> getMetadataKeys() {
        return account.getMetadataKeys();
    }
    
    @Override
    public void setMetadataValue(final SchemaType schemaType, final String value) {
         throw new UnsupportedOperationException("You cannot modify the metadata of the Effective User");
    }

    @Override
    public void clearMetadata() {
        throw new UnsupportedOperationException("You cannot modify the metadata of the Effective User");
    }
    //</editor-fold>

    //<editor-fold desc="persistence">
    @Override
    public void save() throws ConfigurationException, PermissionDeniedException {
        throw new UnsupportedOperationException("You cannot perist the Effective User.");
    }

    @Override
    public void save(final DBBroker broker) throws ConfigurationException, PermissionDeniedException {
        throw new UnsupportedOperationException("You cannot perist the Effective User.");
    }
    
    @Override
    public boolean isConfigured() {
        return true; //the effective user does not need configuring
    }

    @Override
    public Configuration getConfiguration() {
        return null; //the effective user does not need configuring
    }
    //</editor-fold>
}

1	/*
2	* Elemental
3	* Copyright (C) 2024, Evolved Binary Ltd
4	*
5	* admin@evolvedbinary.com
6	* https://www.evolvedbinary.com \| https://www.elemental.xyz
7	*
8	* Use of this software is governed by the Business Source License 1.1
9	* included in the LICENSE file and at www.mariadb.com/bsl11.
10	*
11	* Change Date: 2028-04-27
12	*
13	* On the date above, in accordance with the Business Source License, use
14	* of this software will be governed by the Apache License, Version 2.0.
15	*
16	* Additional Use Grant: Production use of the Licensed Work for a permitted
17	* purpose. A Permitted Purpose is any purpose other than a Competing Use.
18	* A Competing Use means making the Software available to others in a commercial
19	* product or service that: substitutes for the Software; substitutes for any
20	* other product or service we offer using the Software that exists as of the
21	* date we make the Software available; or offers the same or substantially
22	* similar functionality as the Software.
23	*
24	* NOTE: Parts of this file contain code from 'The eXist-db Authors'.
25	* The original license header is included below.
26	*
27	* =====================================================================
28	*
29	* eXist-db Open Source Native XML Database
30	* Copyright (C) 2001 The eXist-db Authors
31	*
32	* info@exist-db.org
33	* http://www.exist-db.org
34	*
35	* This library is free software; you can redistribute it and/or
36	* modify it under the terms of the GNU Lesser General Public
37	* License as published by the Free Software Foundation; either
38	* version 2.1 of the License, or (at your option) any later version.
39	*
40	* This library is distributed in the hope that it will be useful,
41	* but WITHOUT ANY WARRANTY; without even the implied warranty of
42	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
43	* Lesser General Public License for more details.
44	*
45	* You should have received a copy of the GNU Lesser General Public
46	* License along with this library; if not, write to the Free Software
47	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
48	*/
49	package org.exist.security;
50
51	import java.util.Arrays;
52	import java.util.HashSet;
53	import java.util.Set;
54
55	import it.unimi.dsi.fastutil.ints.IntOpenHashSet;
56	import org.exist.config.Configuration;
57	import org.exist.config.ConfigurationException;
58	import org.exist.security.internal.RealmImpl;
59	import org.exist.security.realm.Realm;
60	import org.exist.storage.DBBroker;
61
62	/**
63	* Represents an Effective User
64	*
65	* This is used during setUid and setGid operations
66	* to replace the Subject used by DBBroker
67	* with a subject which is potentially a composite
68	* of a user and/or group
69	*
70	* @author <a href="mailto:adam@existsolutions.com">Adam Retter</a>
71	*/
72	public class EffectiveSubject implements Subject {
73	private final Account account;
74	private final Group group;
75
76	public EffectiveSubject(final Account account) {
77	this(account, null);	1✔
78	}	1✔
79
80	public EffectiveSubject(final Account account, final Group group) {	1✔
81	this.account = account;	1✔
82	this.group = group;	1✔
83	}	1✔
84
85	@Override
86	public String getRealmId() {
87	return account.getRealmId();	×
88	}
89
90	@Override
91	public Realm getRealm() {
92	return account.getRealm();	×
93	}
94
95	@Override
96	public int getId() {
97	return account.getId(); //TODO is this correct or need own reserved id?	1✔
98	}
99
100	@Override
101	public String getUsername() {
102	return account.getUsername();	×
103	}
104
105	@Override
106	public String getName() {
107	return account.getName();	1✔
108	}
109
110	@Override
111	public boolean authenticate(final Object credentials) {
112	return false;	×
113	}
114
115	//<editor-fold desc="account status">
116	@Override
117	public boolean isAuthenticated() {
118	return false;	×
119	}
120
121	@Override
122	public boolean isExternallyAuthenticated() {
123	return false;	×
124	}
125
126	@Override
127	public boolean isAccountNonExpired() {
128	return account.isAccountNonExpired();	×
129	}
130
131	@Override
132	public boolean isAccountNonLocked() {
133	return account.isAccountNonLocked();	×
134	}
135
136	@Override
137	public boolean isCredentialsNonExpired() {
138	return account.isCredentialsNonExpired();	×
139	}
140
141	@Override
142	public boolean isEnabled() {
143	return account.isEnabled();	×
144	}
145
146	@Override
147	public void setEnabled(final boolean enabled) {
148	throw new UnsupportedOperationException("You cannot change the Enabled status of the Effective User.");	×
149	}
150	//</editor-fold>
151
152	@Override
153	public String getSessionId() {
154	throw new UnsupportedOperationException("The Effective User has no session!");	×
155	}
156
157	@Override
158	public Session getSession() {
159	throw new UnsupportedOperationException("The Effective User has no session!");	×
160	}
161
162	//<editor-fold desc="group functions">
163	@Override
164	public String[] getGroups() {
165	if(group != null) {	1✔
166	final Set<String> groups = new HashSet<>(Arrays.asList(account.getGroups()));	1✔
167	groups.add(group.getName());	1✔
168	return groups.toArray(new String[0]);	1✔
169	} else {
170	return account.getGroups();	1✔
171	}
172	}
173
174	@Override
175	public int[] getGroupIds() {
176	if(group != null) {	1✔
177	final IntOpenHashSet groupIds = new IntOpenHashSet(account.getGroupIds());	1✔
178	groupIds.add(group.getId());	1✔
179	return groupIds.toIntArray();	1✔
180	} else {
181	return account.getGroupIds();	1✔
182	}
183	}
184
185	@Override
186	public boolean hasDbaRole() {
187	if(group != null) {	1✔
188	return account.hasDbaRole() \|\| group.getId() == RealmImpl.DBA_GROUP_ID;	1!
189	} else {
190	return account.hasDbaRole();	1✔
191	}
192	}
193
194	@Override
195	public String getPrimaryGroup() {
196	return account.getPrimaryGroup();	×
197	}
198
199	@Override
200	public Group getDefaultGroup() {
201	return account.getDefaultGroup();	1✔
202	}
203
204	@Override
205	public boolean hasGroup(final String group) {
206	if(this.group != null) {	×
207	return this.group.getName().equals(group);	×
208	} else {
209	return account.hasGroup(group);	×
210	}
211	}
212
213	@Override
214	public Group addGroup(final String name) throws PermissionDeniedException {
215	throw new UnsupportedOperationException("You cannot add a group to the Effective User");	×
216	}
217
218	@Override
219	public Group addGroup(final Group group) throws PermissionDeniedException {
220	throw new UnsupportedOperationException("You cannot add a group to the Effective User");	×
221	}
222
223	@Override
224	public void setPrimaryGroup(final Group group) throws PermissionDeniedException {
225	throw new UnsupportedOperationException("You cannot add a group to the Effective User");	×
226	}
227
228	@Override
229	public void setGroups(final String[] groups) {
230	throw new UnsupportedOperationException("You cannot set the groups of the Effective User");	×
231	}
232
233	@Override
234	public void remGroup(final String group) throws PermissionDeniedException {
235	throw new UnsupportedOperationException("You cannot remove a group from the Effective User");	×
236	}
237	//</editor-fold>
238
239	@Override
240	public void setPassword(final String passwd) {
241	throw new UnsupportedOperationException("The Effective User has no password!");	×
242	}
243
244	@Override
245	public void setCredential(final Credential credential) {
246	throw new UnsupportedOperationException("The Effective User has no credential!");	×
247	}
248
249	@Override
250	public String getPassword() {
251	throw new UnsupportedOperationException("The Effective User has no password!");	×
252	}
253
254	@Override
255	public String getDigestPassword() {
256	throw new UnsupportedOperationException("The Effective User has no password!");	×
257	}
258
259	@Override
260	public void assertCanModifyAccount(final Account user) throws PermissionDeniedException {
261	throw new PermissionDeniedException("The Effective User account cannot be modified");	×
262	}
263
264	@Override
265	public int getUserMask() {
266	return account.getUserMask();	1✔
267	}
268
269	@Override
270	public void setUserMask(final int umask) {
271	throw new UnsupportedOperationException("You cannot set the UserMask of the Effective User");	×
272	}
273
274	//<editor-fold desc="metadata">
275	@Override
276	public String getMetadataValue(final SchemaType schemaType) {
277	return account.getMetadataValue(schemaType);	×
278	}
279
280	@Override
281	public Set<SchemaType> getMetadataKeys() {
282	return account.getMetadataKeys();	×
283	}
284
285	@Override
286	public void setMetadataValue(final SchemaType schemaType, final String value) {
287	throw new UnsupportedOperationException("You cannot modify the metadata of the Effective User");	×
288	}
289
290	@Override
291	public void clearMetadata() {
292	throw new UnsupportedOperationException("You cannot modify the metadata of the Effective User");	×
293	}
294	//</editor-fold>
295
296	//<editor-fold desc="persistence">
297	@Override
298	public void save() throws ConfigurationException, PermissionDeniedException {
299	throw new UnsupportedOperationException("You cannot perist the Effective User.");	×
300	}
301
302	@Override
303	public void save(final DBBroker broker) throws ConfigurationException, PermissionDeniedException {
304	throw new UnsupportedOperationException("You cannot perist the Effective User.");	×
305	}
306
307	@Override
308	public boolean isConfigured() {
309	return true; //the effective user does not need configuring	×
310	}
311
312	@Override
313	public Configuration getConfiguration() {
314	return null; //the effective user does not need configuring	×
315	}
316	//</editor-fold>
317	}

evolvedbinary / elemental / 982

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous