Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

[bugfix] Only a DBA should be able to retrieve a backup

  • Loading branch information...
commit 295527844076af536e797475b715d3fa59f4a4e4 1 parent 339c656
@adamretter adamretter authored
View
4 src/org/exist/backup/xquery/ListBackups.java
@@ -69,6 +69,10 @@ public ListBackups( XQueryContext context )
public Sequence eval( Sequence[] args, Sequence contextSequence ) throws XPathException
{
+ if(!context.getEffectiveUser().hasDbaRole()) {
+ throw new XPathException("You must be a DBA to list available backups");
+ }
+
final String exportDir = args[0].getStringValue();
File dir = new File( exportDir );
View
4 src/org/exist/backup/xquery/RetrieveBackup.java
@@ -63,6 +63,10 @@ public RetrieveBackup( XQueryContext context )
public Sequence eval( Sequence[] args, Sequence contextSequence ) throws XPathException
{
+ if(!context.getEffectiveUser().hasDbaRole()) {
+ throw new XPathException("You must be a DBA to retrieve a backup");
+ }
+
final String exportDir = args[0].getStringValue();
File dir = new File( exportDir );

6 comments on commit 2955278

@dizzzz
Owner

Hmm, this change is incompatible with the dashboard application:

exerr:ERROR You must be a DBA to retrieve a backup [at line 68, column 36, source: /db/apps/dashboard/plugins/backup/backup.xql]
In function:
backup:retrieve() [68:36:/db/apps/dashboard/plugins/backup/backup.xql]

@adamretter
Owner

Why is it incompatible? Surely you just have to be logged into the Dashboard as a user in the DBA group and it works fine?

@dizzzz
Owner
@adamretter
Owner

Who are you logged in as? And is that user a member of the DBA group? You can see exactly in my commit that that is all I changed. So I really doubt you are logged in as DBA...

@dizzzz
Owner

did you try the sequence yourself, or is it still a 'theory' for you? I see the code change, but after this it stopped working.

Ok step by step then:

  • open browser to dashboard
  • login as admin
  • open backup application
  • select backup in ui
  • click download button
  • issue appears

Again: Wolfgang confirmed the issue.

@dizzzz
Owner

I am now very surprised: on a clean database there is no problem, just like the code suggests.
interesting.....

Please sign in to comment.
Something went wrong with that request. Please try again.