Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow different group (other then tei) for generated application #221

Open
daliboris opened this issue Apr 5, 2024 · 0 comments
Open

Allow different group (other then tei) for generated application #221

daliboris opened this issue Apr 5, 2024 · 0 comments

Comments

@daliboris
Copy link
Contributor

The application generated by TEI Publisher relies on the fact that its owner or (logged) user is a member of the tei security group (in eXist.db). This can be a security issue for multiple applications running on the same server.

I suggest to extend the application generation dialog where you can define not only the username and password, but also the eXist-db database group (which should be created if it doesn't exist).

I tried find in the source code whre the tei group, or related settings occurs. Here are my findings:

  • the login domain in the config.xqm file: declare variable $config:login-domain := "org.exist.tei-simple";
  • all <pb-login> elements with @group='tei', like
    • <pb-restricted group="tei"> in the documents.html, or odd-editor.html files
    • <pb-login id="login" group="tei" login-label="Login" role="button"/> in the menu-drawer.html
  • restriction in the OpenAPI definitions (modules/lib/api.json). like
      "/api/upload": {
	"post": {
	   "summary": "Upload a number of files to the top-level data collection of the app",
	    "tags": ["collection"],
	    "operationId": "capi:upload",
	    "x-constraints": {
	        "groups": ["tei"]
	    },
  • the deploy:expand-repo-descriptor() function in the modules/lib/api/generate.xql file
declare function deploy:expand-repo-descriptor($meta as element(repo:meta), $json as map(*)) {
    <meta xmlns="http://exist-db.org/xquery/repo">
        <description>{$json?title}</description>
        { $meta/(repo:author|repo:status|repo:license|repo:copyright|repo:type|repo:prepare|repo:finish) }
        <target>{$json?abbrev}</target>
        <permissions user="{$json?owner}" password="{$json?password}"
            group="tei" mode="rw-r--r--"/>
    </meta>
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant