Example 16 with SecurityGroup
use of org.olat.basesecurity.SecurityGroup in project OpenOLAT by OpenOLAT.
the class CourseWebService method addAuthor.
/**
* Add an owner and author to the course
* @response.representation.200.doc The user is an author and owner of the course
* @response.representation.401.doc The roles of the authenticated user are not sufficient
* @response.representation.404.doc The course or the user not found
* @param identityKey The user identifier
* @param httpRequest The HTTP request
* @return It returns 200 if the user is added as owner and author of the course
*/
@PUT
@Path("authors/{identityKey}")
public Response addAuthor(@PathParam("identityKey") Long identityKey, @Context HttpServletRequest httpRequest) {
if (!isAuthorEditor(course, httpRequest) && !isInstitutionalResourceManager(httpRequest)) {
return Response.serverError().status(Status.UNAUTHORIZED).build();
}
BaseSecurity securityManager = BaseSecurityManager.getInstance();
Identity author = securityManager.loadIdentityByKey(identityKey, false);
if (author == null) {
return Response.serverError().status(Status.NOT_FOUND).build();
}
Identity identity = getIdentity(httpRequest);
SecurityGroup authorGroup = securityManager.findSecurityGroupByName(Constants.GROUP_AUTHORS);
boolean hasBeenAuthor = securityManager.isIdentityInSecurityGroup(author, authorGroup);
if (!hasBeenAuthor) {
// not an author already, add this identity to the security group "authors"
securityManager.addIdentityToSecurityGroup(author, authorGroup);
log.audit("User::" + identity.getName() + " added system role::" + Constants.GROUP_AUTHORS + " to user::" + author.getName() + " via addAuthor method in course REST API", null);
}
// add the author as owner of the course
RepositoryManager rm = RepositoryManager.getInstance();
RepositoryEntry repositoryEntry = course.getCourseEnvironment().getCourseGroupManager().getCourseEntry();
List<Identity> authors = Collections.singletonList(author);
IdentitiesAddEvent identitiesAddedEvent = new IdentitiesAddEvent(authors);
rm.addOwners(identity, identitiesAddedEvent, repositoryEntry, new MailPackage(false));
return Response.ok().build();
}
Also used :
MailPackage(org.olat.core.util.mail.MailPackage)
IdentitiesAddEvent(org.olat.admin.securitygroup.gui.IdentitiesAddEvent)
RepositoryManager(org.olat.repository.RepositoryManager)
RepositoryEntry(org.olat.repository.RepositoryEntry)
Identity(org.olat.core.id.Identity)
RestSecurityHelper.getIdentity(org.olat.restapi.security.RestSecurityHelper.getIdentity)
SecurityGroup(org.olat.basesecurity.SecurityGroup)
BaseSecurity(org.olat.basesecurity.BaseSecurity)
Path(javax.ws.rs.Path)
PUT(javax.ws.rs.PUT)
Example 17 with SecurityGroup
use of org.olat.basesecurity.SecurityGroup in project OpenOLAT by OpenOLAT.
the class CatalogWebService method getOwner.
/**
* Retrieves data of an owner of the local sub tree
* @response.representation.200.qname {http://www.example.com}userVO
* @response.representation.200.mediaType application/xml, application/json
* @response.representation.200.doc The catalog entry
* @response.representation.200.example {@link org.olat.user.restapi.Examples#SAMPLE_USERVOes}
* @response.representation.401.doc Not authorized
* @response.representation.404.doc The path could not be resolved to a valid catalog entry
* @param path The path
* @Param identityKey The id of the user
* @param httpRquest The HTTP request
* @return The response
*/
@GET
@Path("{path:.*}/owners/{identityKey}")
public Response getOwner(@PathParam("path") List<PathSegment> path, @PathParam("identityKey") Long identityKey, @Context HttpServletRequest httpRequest) {
Long key = getCatalogEntryKeyFromPath(path);
if (key == null) {
return Response.serverError().status(Status.NOT_ACCEPTABLE).build();
}
CatalogEntry ce = catalogManager.loadCatalogEntry(key);
if (ce == null) {
return Response.serverError().status(Status.NOT_FOUND).build();
}
if (!isAuthor(httpRequest) && !canAdminSubTree(ce, httpRequest)) {
return Response.serverError().status(Status.UNAUTHORIZED).build();
}
SecurityGroup sg = ce.getOwnerGroup();
if (sg == null) {
return Response.serverError().status(Status.NOT_FOUND).build();
}
List<Identity> ids = BaseSecurityManager.getInstance().getIdentitiesOfSecurityGroup(sg);
UserVO vo = null;
for (Identity id : ids) {
if (id.getKey().equals(identityKey)) {
vo = UserVOFactory.get(id);
break;
}
}
if (vo == null) {
return Response.serverError().status(Status.NOT_FOUND).build();
}
return Response.ok(vo).build();
}
Also used :
UserVO(org.olat.user.restapi.UserVO)
CatalogEntry(org.olat.repository.CatalogEntry)
SecurityGroup(org.olat.basesecurity.SecurityGroup)
Identity(org.olat.core.id.Identity)
Path(javax.ws.rs.Path)
GET(javax.ws.rs.GET)
Example 18 with SecurityGroup
use of org.olat.basesecurity.SecurityGroup in project OpenOLAT by OpenOLAT.
the class CatalogWebService method addOwner.
/**
* Add an owner of the local sub tree
* @response.representation.200.qname {http://www.example.com}userVO
* @response.representation.200.mediaType application/xml, application/json
* @response.representation.200.doc The catalog entry
* @response.representation.200.example {@link org.olat.user.restapi.Examples#SAMPLE_USERVOes}
* @response.representation.401.doc Not authorized
* @response.representation.404.doc The path could not be resolved to a valid catalog entry
* @param path The path
* @param identityKey The id of the user
* @param httpRquest The HTTP request
* @return The response
*/
@PUT
@Path("{path:.*}/owners/{identityKey}")
public Response addOwner(@PathParam("path") List<PathSegment> path, @PathParam("identityKey") Long identityKey, @Context HttpServletRequest httpRequest) {
Long key = getCatalogEntryKeyFromPath(path);
if (key == null) {
return Response.serverError().status(Status.NOT_ACCEPTABLE).build();
}
CatalogEntry ce = catalogManager.loadCatalogEntry(key);
if (ce == null) {
return Response.serverError().status(Status.NOT_FOUND).build();
}
if (!isAuthor(httpRequest) && !canAdminSubTree(ce, httpRequest)) {
return Response.serverError().status(Status.UNAUTHORIZED).build();
}
BaseSecurity securityManager = BaseSecurityManager.getInstance();
Identity identity = securityManager.loadIdentityByKey(identityKey, false);
if (identity == null) {
return Response.serverError().status(Status.NOT_FOUND).build();
}
Identity id = getUserRequest(httpRequest).getIdentity();
LockResult lock = CoordinatorManager.getInstance().getCoordinator().getLocker().acquireLock(lockRes, id, LOCK_TOKEN);
if (!lock.isSuccess()) {
return getLockedResponse(lock, httpRequest);
}
try {
SecurityGroup sg = ce.getOwnerGroup();
if (sg == null) {
ce.setOwnerGroup(securityManager.createAndPersistSecurityGroup());
DBFactory.getInstance().intermediateCommit();
}
securityManager.addIdentityToSecurityGroup(identity, ce.getOwnerGroup());
} catch (Exception e) {
throw new WebApplicationException(e);
} finally {
CoordinatorManager.getInstance().getCoordinator().getLocker().releaseLock(lock);
}
return Response.ok().build();
}
Also used :
LockResult(org.olat.core.util.coordinate.LockResult)
WebApplicationException(javax.ws.rs.WebApplicationException)
CatalogEntry(org.olat.repository.CatalogEntry)
Identity(org.olat.core.id.Identity)
SecurityGroup(org.olat.basesecurity.SecurityGroup)
WebApplicationException(javax.ws.rs.WebApplicationException)
BaseSecurity(org.olat.basesecurity.BaseSecurity)
Path(javax.ws.rs.Path)
PUT(javax.ws.rs.PUT)
Example 19 with SecurityGroup
use of org.olat.basesecurity.SecurityGroup in project OpenOLAT by OpenOLAT.
the class CatalogWebService method canAdminSubTree.
private boolean canAdminSubTree(CatalogEntry ce, HttpServletRequest httpRequest) {
if (isAdmin(httpRequest))
return true;
Identity identity = getUserRequest(httpRequest).getIdentity();
SecurityGroup owners = ce.getOwnerGroup();
if (owners != null && BaseSecurityManager.getInstance().isIdentityInSecurityGroup(identity, owners)) {
return true;
}
return false;
}
Also used :
Identity(org.olat.core.id.Identity)
SecurityGroup(org.olat.basesecurity.SecurityGroup)
Example 20 with SecurityGroup
use of org.olat.basesecurity.SecurityGroup in project OpenOLAT by OpenOLAT.
the class CatalogWebService method removeOwner.
/**
* Remove an owner of the local sub tree
* @response.representation.200.qname {http://www.example.com}userVO
* @response.representation.200.mediaType application/xml, application/json
* @response.representation.200.doc The catalog entry
* @response.representation.200.example {@link org.olat.user.restapi.Examples#SAMPLE_USERVOes}
* @response.representation.401.doc Not authorized
* @response.representation.404.doc The path could not be resolved to a valid catalog entry
* @param path The path
* @param identityKey The id of the user
* @param httpRquest The HTTP request
* @return The response
*/
@DELETE
@Path("{path:.*}/owners/{identityKey}")
public Response removeOwner(@PathParam("path") List<PathSegment> path, @PathParam("identityKey") Long identityKey, @Context HttpServletRequest httpRequest) {
Long key = getCatalogEntryKeyFromPath(path);
if (key == null) {
return Response.serverError().status(Status.NOT_ACCEPTABLE).build();
}
CatalogEntry ce = catalogManager.loadCatalogEntry(key);
if (ce == null) {
return Response.serverError().status(Status.NOT_FOUND).build();
}
if (!isAuthor(httpRequest) && !canAdminSubTree(ce, httpRequest)) {
return Response.serverError().status(Status.UNAUTHORIZED).build();
}
BaseSecurity securityManager = BaseSecurityManager.getInstance();
Identity identity = securityManager.loadIdentityByKey(identityKey, false);
if (identity == null) {
return Response.ok().build();
}
SecurityGroup sg = ce.getOwnerGroup();
if (sg == null) {
return Response.ok().build();
}
Identity id = getUserRequest(httpRequest).getIdentity();
LockResult lock = CoordinatorManager.getInstance().getCoordinator().getLocker().acquireLock(lockRes, id, LOCK_TOKEN);
if (!lock.isSuccess()) {
return getLockedResponse(lock, httpRequest);
}
try {
securityManager.removeIdentityFromSecurityGroup(identity, ce.getOwnerGroup());
} catch (Exception e) {
throw new WebApplicationException(e);
} finally {
CoordinatorManager.getInstance().getCoordinator().getLocker().releaseLock(lock);
}
return Response.ok().build();
}
Also used :
LockResult(org.olat.core.util.coordinate.LockResult)
WebApplicationException(javax.ws.rs.WebApplicationException)
CatalogEntry(org.olat.repository.CatalogEntry)
Identity(org.olat.core.id.Identity)
SecurityGroup(org.olat.basesecurity.SecurityGroup)
WebApplicationException(javax.ws.rs.WebApplicationException)
BaseSecurity(org.olat.basesecurity.BaseSecurity)
Path(javax.ws.rs.Path)
DELETE(javax.ws.rs.DELETE)
Aggregations
SecurityGroup (org.olat.basesecurity.SecurityGroup)142
Identity (org.olat.core.id.Identity)104
ArrayList (java.util.ArrayList)36
Test (org.junit.Test)24
BaseSecurity (org.olat.basesecurity.BaseSecurity)20
User (org.olat.core.id.User)20
CatalogEntry (org.olat.repository.CatalogEntry)18
RepositoryEntry (org.olat.repository.RepositoryEntry)16
Path (javax.ws.rs.Path)14
Date (java.util.Date)12
UserVO (org.olat.user.restapi.UserVO)10
URI (java.net.URI)8
Calendar (java.util.Calendar)8
HashMap (java.util.HashMap)8
HttpResponse (org.apache.http.HttpResponse)8
IdentitiesAddEvent (org.olat.admin.securitygroup.gui.IdentitiesAddEvent)8
UserPropertyHandler (org.olat.user.propertyhandlers.UserPropertyHandler)8
LDAPUser (org.olat.ldap.model.LDAPUser)7
HashSet (java.util.HashSet)6
NamingException (javax.naming.NamingException)6
