Example 51 with SecurityGroup
use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.
the class CatalogManager method deleteCatalogEntry.
/**
* delete a catalog entry and a potentially referenced substructure from db.
* Be aware of how to use this deletion, as all the referenced substructure is
* deleted.
*
* @param ce
*/
public void deleteCatalogEntry(CatalogEntry ce) {
final boolean debug = log.isDebug();
if (debug)
log.debug("deleteCatalogEntry start... ce=" + ce);
if (ce.getType() == CatalogEntry.TYPE_LEAF) {
// reload the detached catalog entry, delete it and then the owner group
ce = getCatalogEntryByKey(ce.getKey());
if (ce != null) {
SecurityGroup owner = ce.getOwnerGroup();
dbInstance.getCurrentEntityManager().remove(ce);
if (owner != null) {
log.debug("deleteCatalogEntry case_1: delete owner-group=" + owner);
securityManager.deleteSecurityGroup(owner);
}
}
} else {
List<SecurityGroup> secGroupsToBeDeleted = new ArrayList<SecurityGroup>();
// FIXME pb: the transaction must also include the deletion of the security
// groups. Why not using this method as a recursion and seperating the
// deletion of the ce and the groups by collecting the groups? IMHO there
// are not less db queries. This way the code is much less clear, e.g. the method
// deleteCatalogSubtree does not really delete the subtree, it leaves the
// security groups behind. I would preferre to have one delete method that
// deletes its children first by calling itself on the children and then deletes
// itself ant its security group. The nested transaction that occures is actually
// not a problem, the DB object can handel this.
deleteCatalogSubtree(ce, secGroupsToBeDeleted);
// after deleting all entries, delete all secGroups corresponding
for (Iterator<SecurityGroup> iter = secGroupsToBeDeleted.iterator(); iter.hasNext(); ) {
SecurityGroup grp = iter.next();
if (debug)
log.debug("deleteCatalogEntry case_2: delete groups of deleteCatalogSubtree grp=" + grp);
securityManager.deleteSecurityGroup(grp);
}
}
if (debug)
log.debug("deleteCatalogEntry END");
}
Also used :
ArrayList(java.util.ArrayList)
SecurityGroup(org.olat.basesecurity.SecurityGroup)
Example 52 with SecurityGroup
use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.
the class CatalogManager method deleteCatalogEntry.
public void deleteCatalogEntry(RepositoryEntryRef entry, CatalogEntry parent) {
CatalogEntry ce = getCatalogEntryBy(entry, parent);
if (ce != null) {
SecurityGroup owner = ce.getOwnerGroup();
dbInstance.getCurrentEntityManager().remove(ce);
if (owner != null) {
log.debug("deleteCatalogEntry case_1: delete owner-group=" + owner);
securityManager.deleteSecurityGroup(owner);
}
}
}
Also used :
CatalogEntry(org.olat.repository.CatalogEntry)
SecurityGroup(org.olat.basesecurity.SecurityGroup)
Example 53 with SecurityGroup
use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.
the class CatalogWebService method removeOwner.
/**
* Remove an owner of the local sub tree
* @response.representation.200.qname {http://www.example.com}userVO
* @response.representation.200.mediaType application/xml, application/json
* @response.representation.200.doc The catalog entry
* @response.representation.200.example {@link org.olat.user.restapi.Examples#SAMPLE_USERVOes}
* @response.representation.401.doc Not authorized
* @response.representation.404.doc The path could not be resolved to a valid catalog entry
* @param path The path
* @param identityKey The id of the user
* @param httpRquest The HTTP request
* @return The response
*/
@DELETE
@Path("{path:.*}/owners/{identityKey}")
public Response removeOwner(@PathParam("path") List<PathSegment> path, @PathParam("identityKey") Long identityKey, @Context HttpServletRequest httpRequest) {
Long key = getCatalogEntryKeyFromPath(path);
if (key == null) {
return Response.serverError().status(Status.NOT_ACCEPTABLE).build();
}
CatalogEntry ce = catalogManager.loadCatalogEntry(key);
if (ce == null) {
return Response.serverError().status(Status.NOT_FOUND).build();
}
if (!isAuthor(httpRequest) && !canAdminSubTree(ce, httpRequest)) {
return Response.serverError().status(Status.UNAUTHORIZED).build();
}
BaseSecurity securityManager = BaseSecurityManager.getInstance();
Identity identity = securityManager.loadIdentityByKey(identityKey, false);
if (identity == null) {
return Response.ok().build();
}
SecurityGroup sg = ce.getOwnerGroup();
if (sg == null) {
return Response.ok().build();
}
Identity id = getUserRequest(httpRequest).getIdentity();
LockResult lock = CoordinatorManager.getInstance().getCoordinator().getLocker().acquireLock(lockRes, id, LOCK_TOKEN);
if (!lock.isSuccess()) {
return getLockedResponse(lock, httpRequest);
}
try {
securityManager.removeIdentityFromSecurityGroup(identity, ce.getOwnerGroup());
} catch (Exception e) {
throw new WebApplicationException(e);
} finally {
CoordinatorManager.getInstance().getCoordinator().getLocker().releaseLock(lock);
}
return Response.ok().build();
}
Also used :
LockResult(org.olat.core.util.coordinate.LockResult)
WebApplicationException(javax.ws.rs.WebApplicationException)
CatalogEntry(org.olat.repository.CatalogEntry)
Identity(org.olat.core.id.Identity)
SecurityGroup(org.olat.basesecurity.SecurityGroup)
WebApplicationException(javax.ws.rs.WebApplicationException)
BaseSecurity(org.olat.basesecurity.BaseSecurity)
Path(javax.ws.rs.Path)
DELETE(javax.ws.rs.DELETE)
Example 54 with SecurityGroup
use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.
the class CatalogWebService method canAdminSubTree.
private boolean canAdminSubTree(CatalogEntry ce, HttpServletRequest httpRequest) {
if (isAdmin(httpRequest))
return true;
Identity identity = getUserRequest(httpRequest).getIdentity();
SecurityGroup owners = ce.getOwnerGroup();
if (owners != null && BaseSecurityManager.getInstance().isIdentityInSecurityGroup(identity, owners)) {
return true;
}
return false;
}
Also used :
Identity(org.olat.core.id.Identity)
SecurityGroup(org.olat.basesecurity.SecurityGroup)
Example 55 with SecurityGroup
use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.
the class CourseWebService method addAuthor.
/**
* Add an owner and author to the course
* @response.representation.200.doc The user is an author and owner of the course
* @response.representation.401.doc The roles of the authenticated user are not sufficient
* @response.representation.404.doc The course or the user not found
* @param identityKey The user identifier
* @param httpRequest The HTTP request
* @return It returns 200 if the user is added as owner and author of the course
*/
@PUT
@Path("authors/{identityKey}")
public Response addAuthor(@PathParam("identityKey") Long identityKey, @Context HttpServletRequest httpRequest) {
if (!isAuthorEditor(course, httpRequest) && !isInstitutionalResourceManager(httpRequest)) {
return Response.serverError().status(Status.UNAUTHORIZED).build();
}
BaseSecurity securityManager = BaseSecurityManager.getInstance();
Identity author = securityManager.loadIdentityByKey(identityKey, false);
if (author == null) {
return Response.serverError().status(Status.NOT_FOUND).build();
}
Identity identity = getIdentity(httpRequest);
SecurityGroup authorGroup = securityManager.findSecurityGroupByName(Constants.GROUP_AUTHORS);
boolean hasBeenAuthor = securityManager.isIdentityInSecurityGroup(author, authorGroup);
if (!hasBeenAuthor) {
// not an author already, add this identity to the security group "authors"
securityManager.addIdentityToSecurityGroup(author, authorGroup);
log.audit("User::" + identity.getName() + " added system role::" + Constants.GROUP_AUTHORS + " to user::" + author.getName() + " via addAuthor method in course REST API", null);
}
// add the author as owner of the course
RepositoryManager rm = RepositoryManager.getInstance();
RepositoryEntry repositoryEntry = course.getCourseEnvironment().getCourseGroupManager().getCourseEntry();
List<Identity> authors = Collections.singletonList(author);
IdentitiesAddEvent identitiesAddedEvent = new IdentitiesAddEvent(authors);
rm.addOwners(identity, identitiesAddedEvent, repositoryEntry, new MailPackage(false));
return Response.ok().build();
}
Also used :
MailPackage(org.olat.core.util.mail.MailPackage)
IdentitiesAddEvent(org.olat.admin.securitygroup.gui.IdentitiesAddEvent)
RepositoryManager(org.olat.repository.RepositoryManager)
RepositoryEntry(org.olat.repository.RepositoryEntry)
Identity(org.olat.core.id.Identity)
RestSecurityHelper.getIdentity(org.olat.restapi.security.RestSecurityHelper.getIdentity)
SecurityGroup(org.olat.basesecurity.SecurityGroup)
BaseSecurity(org.olat.basesecurity.BaseSecurity)
Path(javax.ws.rs.Path)
PUT(javax.ws.rs.PUT)
Aggregations
SecurityGroup (org.olat.basesecurity.SecurityGroup)142
Identity (org.olat.core.id.Identity)104
ArrayList (java.util.ArrayList)36
Test (org.junit.Test)24
BaseSecurity (org.olat.basesecurity.BaseSecurity)20
User (org.olat.core.id.User)20
CatalogEntry (org.olat.repository.CatalogEntry)18
RepositoryEntry (org.olat.repository.RepositoryEntry)16
Path (javax.ws.rs.Path)14
Date (java.util.Date)12
UserVO (org.olat.user.restapi.UserVO)10
URI (java.net.URI)8
Calendar (java.util.Calendar)8
HashMap (java.util.HashMap)8
HttpResponse (org.apache.http.HttpResponse)8
IdentitiesAddEvent (org.olat.admin.securitygroup.gui.IdentitiesAddEvent)8
UserPropertyHandler (org.olat.user.propertyhandlers.UserPropertyHandler)8
LDAPUser (org.olat.ldap.model.LDAPUser)7
HashSet (java.util.HashSet)6
NamingException (javax.naming.NamingException)6
