Examples with ManagedAcl org.opencastproject.authorization.xacml.manager.api.ManagedAcl used on opensource projects

Example 1 with ManagedAcl

use of org.opencastproject.authorization.xacml.manager.api.ManagedAcl in project opencast by opencast.

the class AclScanner method addAcl.

/**
 * Add an ACL based upon an XACML file to all the organizations.
 *
 * @param artifact
 *          The File representing the XACML File.
 * @throws IOException
 * @throws JAXBException
 */
private void addAcl(File artifact) throws IOException, XACMLParsingException {
    List<Organization> organizations = organizationDirectoryService.getOrganizations();
    logger.debug("Adding Acl {}", artifact.getAbsolutePath());
    String fileName = FilenameUtils.removeExtension(artifact.getName());
    AccessControlList acl = parseToAcl(artifact);
    Option<ManagedAcl> managedAcl = Option.<ManagedAcl>none();
    // Add the Acl to all the organizations
    for (Organization org : organizations) {
        securityService.setOrganization(org);
        // If there are already (not-default) Acl defined for this organization, we skip this one.
        boolean skip = false;
        for (ManagedAcl a : getAclService(org).getAcls()) {
            if (managedAcls.get(generateAclId(a.getName(), org)) == null) {
                logger.debug("The Acl {} will be not added to the organisation {} as it already contains other not-default Acls.", fileName, org.getName());
                skip = true;
                continue;
            }
        }
        if (!skip) {
            managedAcl = getAclService(org).createAcl(acl, fileName);
            if (managedAcl.isSome()) {
                managedAcls.put(generateAclId(fileName, org), managedAcl.get().getId());
                logger.debug("Acl from '{}' has been added for the organisation {}", fileName, org.getName());
            } else {
                logger.debug("Acl from '{}' has already been added to the organisation {}.", fileName, org.getName());
            }
        }
    }
}

Example 2 with ManagedAcl

use of org.opencastproject.authorization.xacml.manager.api.ManagedAcl in project opencast by opencast.

the class AbstractAclServiceRestEndpoint method createAcl.

@POST
@Path("/acl")
@Produces(MediaType.APPLICATION_JSON)
@RestQuery(name = "createacl", description = "Create an ACL", returnDescription = "Create an ACL", restParameters = { @RestParameter(name = "name", isRequired = true, description = "The ACL name", type = STRING), @RestParameter(name = "acl", isRequired = true, description = "The access control list", type = STRING) }, reponses = { @RestResponse(responseCode = SC_OK, description = "The ACL has successfully been added"), @RestResponse(responseCode = SC_CONFLICT, description = "An ACL with the same name already exists"), @RestResponse(responseCode = SC_BAD_REQUEST, description = "Unable to parse the ACL"), @RestResponse(responseCode = SC_INTERNAL_SERVER_ERROR, description = "Error during adding the ACL") })
public String createAcl(@FormParam("name") String name, @FormParam("acl") String accessControlList) {
    final AccessControlList acl = parseAcl.apply(accessControlList);
    final Option<ManagedAcl> managedAcl = aclService().createAcl(acl, name);
    if (managedAcl.isNone()) {
        logger.info("An ACL with the same name '{}' already exists", name);
        throw new WebApplicationException(Response.Status.CONFLICT);
    }
    return JsonConv.full(managedAcl.get()).toJson();
}

Example 3 with ManagedAcl

use of org.opencastproject.authorization.xacml.manager.api.ManagedAcl in project opencast by opencast.

the class AbstractAclServiceRestEndpoint method getActiveAclForEpisode.

private Either<AccessControlList, Tuple<ManagedAcl, AclScope>> getActiveAclForEpisode(AclService aclService, String episodeId) {
    final AQueryBuilder q = getAssetManager().createQuery();
    final ASelectQuery sq = q.select(q.snapshot()).where(q.mediaPackageId(episodeId).and(q.version().isLatest()));
    for (Snapshot snapshot : enrich(sq.run()).getSnapshots().head()) {
        // get active ACL of found media package
        final Tuple<AccessControlList, AclScope> activeAcl = getAuthorizationService().getActiveAcl(snapshot.getMediaPackage());
        // find corresponding managed ACL
        for (ManagedAcl macl : matchAcls(aclService, activeAcl.getA())) {
            return right(tuple(macl, activeAcl.getB()));
        }
        return left(activeAcl.getA());
    }
    // episode does not exist
    logger.warn("Episode {} cannot be found in Archive", episodeId);
    return left(EMPTY_ACL);
}

Example 4 with ManagedAcl

use of org.opencastproject.authorization.xacml.manager.api.ManagedAcl in project opencast by opencast.

the class AclServiceImpl method updateAcl.

@Override
public boolean updateAcl(ManagedAcl acl) {
    Option<ManagedAcl> oldName = getAcl(acl.getId());
    boolean updateAcl = aclDb.updateAcl(acl);
    if (updateAcl) {
        if (oldName.isSome() && !(oldName.get().getName().equals(acl.getName()))) {
            AclItem aclItem = AclItem.update(oldName.get().getName(), acl.getName());
            messageSender.sendObjectMessage(AclItem.ACL_QUEUE, MessageSender.DestinationType.Queue, aclItem);
        }
    }
    return updateAcl;
}

Example 5 with ManagedAcl

use of org.opencastproject.authorization.xacml.manager.api.ManagedAcl in project opencast by opencast.

the class AclScannerTest method testRemoveMissingFile.

@Test
public void testRemoveMissingFile() throws Exception {
    File file1 = new File(AclScannerTest.class.getResource("/xacml_correct.xml").toURI());
    File file2 = new File(AclScannerTest.class.getResource("/xacml_correct2.xml").toURI());
    ManagedAcl acl = new ManagedAclImpl(1L, "TestAcl", "org", new AccessControlList());
    Option<ManagedAcl> managedAcl = Option.some(acl);
    EasyMock.expect(aclDb.createAcl(anyObject(Organization.class), anyObject(AccessControlList.class), anyString())).andReturn(managedAcl).times(3);
    EasyMock.expect(aclDb.getAcls(anyObject(Organization.class))).andReturn(new ArrayList<ManagedAcl>()).times(3);
    EasyMock.replay(aclDb);
    aclScanner.install(file1);
    aclScanner.uninstall(file2);
    EasyMock.verify(aclDb);
}